Page 1 of 1

Update Database

Posted: Fri Oct 28, 2005 10:49 am
by elecktricity
Well I got this basicialy it updates the profile, this page dosnt seem to be working... im not sure why... it validates some of the data and if it all works then its 'suppose' to update your profile on the site. All the data turns out fine, but it just wont update.

profile.php

Code: Select all

<?PHP
echo '<html>';
echo '<head>';
echo '<title>Edit User Profile</title>';
echo '</head>'; 
include ('header.php');
if (empty($_COOKIE[user])) {
echo '<table width=\'627\' height=\'120\' cellpadding=\'0\' cellspacing=\'0\' border=\'0\' bgcolor=\'#4F4E4E\' class=\'cat\'>';
echo '<tr>';
echo '<td background=\'images/09.gif\' height=\'25\' class=\'title\'>Error:</td>';
echo '</tr>';
echo '<tr>';
echo '<td valign=\'top\' >';
echo 'You must be signed in to view this page.';
echo '</td>';
echo '</tr>';
echo '</table>';
}
else {
$dbh=mysql_connect ("localhost", "root", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database"); 
$query = sprintf("SELECT * FROM users WHERE username='$_COOKIE[user]' && password='$_COOKIE[pass]'",
   mysql_real_escape_string(users));
$numba = 0;
$result = mysql_query($query);

if (!$result) {
   $message  = 'Invalid query: ' . mysql_error() . "\n";
   $message .= 'Whole query: ' . $query;
   die($message);
}
$numbe = '0';
while ($row = mysql_fetch_assoc($result)) {
$puser = $row['username'];
$pemail = $row['email'];
$paim = $row['aim'];
$pmsn = $row['msn'];
$pyahoo = $row['yahoo'];
$picq = $row['icq'];
$pwebsite = $row['website'];
$pintrists = $row['intrists'];
$pjoined = $row['joindate'];
$numbe++;
}
echo '<form action=\'profile2.php\' method=\'post\'>';
echo '<table align=\'center\' width=\'627\' cellpadding=\'2\' cellspacing=\'0\' border=\'0\' class=\'cat\' bgcolor=\'#4F4E4E\'>';
echo '<tr>';
echo '<td background=\'images/09.gif\' height=\'25\' class=\'title\' bgcolor=\'#424242\'>Update Profile:</td>';
echo '<td background=\'images/09.gif\' height=\'25\' class=\'title\' bgcolor=\'#424242\'></td>';
echo '</tr>';
echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'bgcolor=\'#424242\'><strong>Name:</strong></td>';
echo '<td width=\'49%\' class=\'profile2\'bgcolor=\'#424242\'><font class=\'text\'>';
echo $puser;
echo '</font></td>';
echo '</tr>';

echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'><strong>Current Password:*</strong></td>';
echo '<td class=\'profile2\' width=\'49%\'><input class=\'text\' type=\'password\' name=\'currentpwd\' maxlength=\'20\' ></td>';
echo '</tr>';

echo '<tr>';
echo '<td class=\'profile\' width=\'49%\' bgcolor=\'#424242\'><strong>New Password:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\' bgcolor=\'#424242\'><input class=\'text\' type=\'password\' name=\'pwd1\' maxlength=\'20\' ></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'><strong>Repeat Password:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\'><input type=\'password\' class=\'text\' name=\'pwd2\' maxlength=\'20\' ></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\' bgcolor=\'#424242\'><strong>Email:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\' bgcolor=\'#424242\'><input class=\'text\' type=\'text\' name=\'uemail\' maxlength=\'30\'  value=\'';
echo $pemail;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'><strong>AIM Address:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\'><input type=\'text\' class=\'text\' name=\'uaim\' maxlength=\'30\'  value=\'';
echo $paim;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\' bgcolor=\'#424242\'><strong>MSN Address:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\' bgcolor=\'#424242\'><input class=\'text\' type=\'text\' name=\'umsn\' maxlength=\'30\'  value=\'';
echo $pmsn;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'><strong>Yahoo Address:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\'><input type=\'text\' class=\'text\' name=\'uyahoo\' maxlength=\'30\'  value=\'';
echo $pyahoo;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\' bgcolor=\'#424242\'><strong>ICQ Number:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\' bgcolor=\'#424242\'><input class=\'text\' type=\'text\' name=\'uicq\' maxlength=\'30\'  value=\'';
echo $picq;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\'><strong>Website:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\'><input class=\'text\' type=\'text\' name=\'usite\' maxlength=\'30\'  value=\'';
echo $pwebsite;
echo '\'></td>';
echo '</tr>';


echo '<tr>';
echo '<td class=\'profile\' width=\'49%\' bgcolor=\'#424242\'><strong>Intrists:</strong></td>';
echo '<td class=\'profile2\' width=\'49%\' bgcolor=\'#424242\'><textarea name=\'uintrists\' style=\'width: 300px\'  rows=\'6\' cols=\'30\' class=\'text\' maxlength=\'500\'>';
echo $pintrists;
echo '</textarea></td>';
echo '</tr>';
echo '</table>';

echo '<table align=\'center\' width=\'627\' cellpadding=\'2\' cellspacing=\'0\' border=\'0\' class=\'profile\' bgcolor=\'#4F4E4E\'>';
echo '<tr>';
echo '<td align=\'center\' background=\'images/09.gif\' height=\'25\' class=\'title\'><input class=\'text\' type=\'submit\' value=\'Update Your Profile\'></td>';
echo '</tr>';
echo '</table>';
echo '</form>';
}
include ('footer.php');
?>

profile2.php

Code: Select all

<?PHP
echo '<html>';
echo '<head>';
echo '<title>Edit User Profile</title>';
echo '</head>';
include ('header.php');
$currentpwd = $_POST['currentpwd']; 
$pwd1 = $_POST['pwd1']; 
$pwd2 = $_POST['pwd2']; 
$uemail = $_POST['uemail']; 
$uaim = $_POST['uaim']; 
$umsn = $_POST['umsn']; 
$uyahoo = $_POST['uyahoo']; 
$uicq = $_POST['uicq']; 
$usite = $_POST['usite']; 
$uintrists = $_POST['uintrists ']; 
echo '<center>';
if (empty($_COOKIE[user])) {
echo '<table width=\'627\' height=\'120\' cellpadding=\'0\' cellspacing=\'0\' border=\'0\' bgcolor=\'#4F4E4E\' class=\'cat\'>';
echo '<tr>';
echo '<td background=\'images/09.gif\' height=\'25\' class=\'title\'>Error:</td>';
echo '</tr>';
echo '<tr>';
echo '<td valign=\'top\' class=\'text\'>';
echo 'You must be signed in to view this page.';
echo '</td>';
echo '</tr>';
echo '</table>';
}
else {
echo '<table width=\'627\' height=\'120\' cellpadding=\'0\' cellspacing=\'0\' border=\'0\' bgcolor=\'#4F4E4E\' class=\'cat\'>';
echo '<tr>';
echo '<td background=\'images/09.gif\' height=\'25\' class=\'title\'>Update Profile:</td>';
echo '</tr>';
echo '<tr>';
echo '<td valign=\'top\' class=\'text\'>';

//start validate and update
$dbh=mysql_connect ("localhost", "root", "password") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("database"); 
$query = sprintf("SELECT * FROM users WHERE username='$_COOKIE[user]' && password='$_POST[currentpwd]'",
   mysql_real_escape_string(users));
$numba = 0;
$result = mysql_query($query);

if (!$result) {
   $message  = 'Invalid query: ' . mysql_error() . "\n";
   $message .= 'Whole query: ' . $query;
   die($message);
}
$countit = '0';
$errors = '0';
while ($row = mysql_fetch_assoc($result)) {
$countit++;
//checks if passwords equal
	if($pwd1 == $pwd2) {
	echo '';
	}
	else {
	echo 'Passwords did not match<br>';
	$errors++;
	}
//validate email in right format
	list($userName, $mailDomain) = split("@", $uemail);
	if (checkdnsrr($mailDomain, "MX")) {
	echo '';
	}
	else {
	echo 'Email is not in the valid format<br>';
	$errors++;
	}
}
if ($countit == '0') {
echo 'Sorry the username and password did not match.<br>';
$errors++;
}
if ($errors == '0') {
$dbquery = mysql_query("UPDATE users SET password='$upwd', email='$uemail', aim='$uaim', msn='$umsn', yahoo='$uyahoo', icq='$uicq', website='$uweb', intrists='$uintrists'. 'WHERE username= '$_COOKIE[user]' && password='$currentpwd'");
echo 'Success: You have updated your profile.';
}
elseif ($errors == '1') {
echo 'Sorry you had a error.';
}
else {
echo 'Sorry you had ';
echo $errors;
echo ' errors.';
}

//end validate and update

echo '</td>';
echo '</tr>';
echo '</table>';
}
include ('footer.php');
?>
EDIT: I forgot to put in the first page

Posted: Sat Oct 29, 2005 12:40 am
by elecktricity
come on somebody knows whats going on...

Posted: Sat Oct 29, 2005 2:04 am
by mickd
just a few small things i noticed

Code: Select all

if (empty($_COOKIE[user])) {
user should be in quotes '

also i never used sprintf before but are you sure you are using it right?

Code: Select all

$query = sprintf("SELECT * FROM users WHERE username='$_COOKIE[user]' && password='$_COOKIE[pass]'", 
   mysql_real_escape_string(users));
that doesnt appear to be how the manual uses it

sprintf

EDIT:

Code: Select all

$dbquery = mysql_query("UPDATE users SET password='$upwd', email='$uemail', aim='$uaim', msn='$umsn', yahoo='$uyahoo', icq='$uicq', website='$uweb', intrists='$uintrists'. 'WHERE username= '$_COOKIE[user]' && password='$currentpwd'");
whats the . ' after intrists='$uintrists'?

Posted: Sat Oct 29, 2005 10:45 am
by John Cartwright

Code: Select all

$query = sprintf("SELECT * FROM users WHERE username='$_COOKIE[user]' && password='$_COOKIE[pass]'",
   mysql_real_escape_string(users));
More specifically should be

Code: Select all

mysql_real_escape_string($users));
Secondly, wherein is $users coming from?

And as mentioned erlier, your not using even sprintf correctly, read the documentation.
And quote your indices!

Posted: Sat Oct 29, 2005 1:50 pm
by elecktricity
Thanks for the help worked through my errors, it works great now.