Code: Select all
<?php
$db = mysql_connect("localhost", "USER", "PASSWORD");
mysql_select_db("DATABASE",$db);
if ($id) {
if ($submit) {
$sql = "UPDATE alumni SET firstname='$firstname', lastname='$lastname', maidenname='$maidentname', classyear='$classyear', city='$city', state='$state', country='$country',
position='$position', employer='$employer', phone='$phone', email='$email', aim='$aim', icq='$icq', yahoo='$yahoo', website='$website', fund='$fund', donate='$donate' WHERE id=$id";
$result = mysql_query($sql);
echo "Thank you! Information updated.\n";
} else {
// query the DB
$sql = "SELECT * FROM alumni WHERE id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>
<p>Last Updated: <?php echo $myrow["lastupdated"] ?></p>
<form method="post" action="<?PHP echo $PHP_SELF?>">
<input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
First Name: <input type="Text" name="firstname" value="<?php echo $myrow["firstname"] ?>"><br>
Last Name: <input type="Text" name="lastname" value="<?php echo $myrow["lastname"] ?>"><br>
Maiden Name: <input type="Text" name="maidentname" value="<?php echo $myrow["maidenname"] ?>"><br>
Class: <input type="Text" name="classyear" value="<?php echo $myrow["classyear"] ?>"><br>
City: <input type="Text" name="city" value="<?php echo $myrow["city"] ?>"><br>
State: <input type="Text" name="state" value="<?php echo $myrow["state"] ?>"><br>
Country: <input type="Text" name="country" value="<?php echo $myrow["country"] ?>"><br>
Position: <input type="Text" name="position" value="<?php echo $myrow["position"] ?>"><br>
Employer: <input type="Text" name="employer" value="<?php echo $myrow["employer"] ?>"><br>
Phone: <input type="Text" name="phone" value="<?php echo $myrow["phone"] ?>"><br>
E-mail: <input type="Text" name="email" value="<?php echo $myrow["email"] ?>"><br>
AIM: <input type="Text" name="aim" value="<?php echo $myrow["aim"] ?>"><br>
ICQ: <input type="Text" name="icq" value="<?php echo $myrow["icq"] ?>"><br>
Yahoo: <input type="Text" name="yahoo" value="<?php echo $myrow["yahoo"] ?>"><br>
Website: <input type="Text" name="website" value="<?php echo $myrow["website"] ?>"><br>
<input type="Submit" name="submit" value="Process Information">
<?php
}
} else {
// display list of alumni
$result = mysql_query("SELECT * FROM alumni ORDER BY lastname",$db);
while ($myrow = mysql_fetch_array($result)) {
printf("<a href=\"%s?id=%s\">%s %s</a><br>\n", $PHP_SELF, $myrow["id"], $myrow["lastname"], $myrow["firstname"]);
}
echo "<p>If new entry, <a href=\"new.php\">click here</a>\n";
}
?>So is it in any way possible to use a cookie to specify which one user's data (row) can be updated by this code? In my situation, anybody coming to this form should already be logged in as a user on my website (unrelated to this database), and should have a cookie that includes their username. If I add another field to each database row that contains that user's website username, is there a way that I can modify this code above (or make new code) to somehow say "since this person is already logged in as 'joe-schmoe', here's the HTML to let them edit only their own database information (the data in the row that already contains 'joe-shmoe' listed as their website username)."???