Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 14 of 14
  1. #1
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts

    PHP/MySQL Edit help

    Hello, I posted a little while ago for some help on a project type thing I am working on. Currently i am working on a page that a user is going to have to login to so that they can change/update there information. Here is the code I have so far that I had did using a tutorial i went through. I'm just having a little confusion. I edited it a bit to use my SQL connection information. Currently I have all the database connection in a seperate php file so that I can just include it into files that need it. Anyway I am having trouble getting this page to pull the mysql data based on the user_id number in the URL. Here is the code I have. I am goin crazy tryin to figure this one out. Thanks

    PHP Code:

    <html>
    <body>

    <?php

    require_once('./config.php');

    $db mysql_connect($dblocation$dbname$dbpw) or die (mysql_error ("Cannot Link"));
    mysql_select_db ($dbname$db) or die (mysql_error ("Cannot Select DB"));

    $id $_GET['user_id'];

    if (
    $submit) {

      
    // here if no ID then adding else we're editing

      
    if ($id) {

        
    $sql "UPDATE artistinfo SET realname='$realname',birthday='$birthday',hometown='$hometown',soundclick='$soundclick',myspace='$myspace',email='$email',bio='$bio' WHERE user_id=$id";

      } else {

        
    $sql "INSERT INTO artistinfo (realname,birthday,hometown,soundclick,myspace,email,bio) VALUES ('$realname','$birthday','$hometown','$soundclickname','$myspace','$email','$bio')";

      }

      
    // run SQL against the DB

      
    $result mysql_query($sql);

      echo 
    "Record updated/edited!<p>";

    } elseif (
    $delete) {

        
    // delete a record

        
    $sql "DELETE FROM employees WHERE id=$id";    

        
    $result mysql_query($sql);

        echo 
    "$sql Record deleted!<p>";

    } else {

      
    // this part happens if we don't press submit

      
    if (!$id) {

        
    // print the list if there is not editing

        
    $result mysql_query("SELECT * FROM artistinfo",$db);

        while (
    $myrow mysql_fetch_array($result)) {

          
    printf("<a href=\"%s?id=%s\">%s %s</a> \n"$PHP_SELF$myrow["user_id"], $myrow["realname"], $myrow["hometown"]);

          
    printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>"$PHP_SELF$myrow["user_id"]);

        }

      }

      
    ?>

      <form method="post" action="<?php echo $PHP_SELF?>">

      <?php



      
    if ($id) {

        
    // editing so select a record

        
    $sql "SELECT * FROM artistinfo WHERE user_id=$id";

        
    $result mysql_query($sql);

        
    $myrow mysql_fetch_array($result);

        
    $realname $myrow["realname"];
        
    $birthday $myrow["birthday"];
        
    $hometown $myrow["hometown"];
        
    $soundclick $myrow["soundclick"];
        
    $myspace $myrow["myspace"];
        
    $email $myrow["email"];
        
    $bio $myrow["bio"];

        
    // print the id for editing



        
    ?>

        <input type=hidden name="id" value="<?php echo $id ?>">

        <?php

      
    }



      
    ?>

      Real Name:<input type="Text" name="first" value="<?php echo $realname ?>"><br>

      Birthday:<input type="Text" name="last" value="<?php echo $birthday ?>"><br>

      Hometown:<input type="Text" name="address" value="<?php echo $hometown ?>"><br>

      Soundclick:<input type="Text" name="position" value="<?php echo $soundclick ?>"><br>

      Myspace:<input type="Text" name="position" value="<?php echo $myspace ?>"><br>
      
      Email:<input type="Text" name="position" value="<?php echo $email ?>"><br>
      
      Bio:
      <textarea name="position" rows="5"><?php echo $bio ?></textarea>
      <br>
      
      <input type="Submit" name="submit" value="Update Information">

      </form>



    <?php



    }



    ?>



    </body>

    </html>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Can you be more specific on the error messages you are receiving (if any)? If no error message, can you be more specific on output?
    I'm guessing off hand that you have a register_globals problem, your $id has been extracted from the _GET but I don't see where a lot of the others are coming from ($submit, $delete, etc).

    Another big one is that your form method is via POST, which means the _GET superglobal will not (or is likely to not) contain the information you are looking for. You need to be searching in the _POST superglobal for the data you need. _REQUEST is another option, but don't use it unless you know how to control it better than the PHP defaults.
    Get back to us with more specific information please, or let us know if the above helps you solve the problem!

    Edit
    If those hrefs you are putting in there work, than the register_globals is not a problem (though you should not rely on them). Oh, and don't use the _SERVER['PHP_SELF'] directive either, it has a XSS flaw to it, instead either overwrite it or define using _SERVER['SCRIPT_NAME'] and the applicable _SERVER['QUERY_STRING'] values (or manipulation through your _GETs)
    register_globals of any kind are bad, do not trust them or rely on them. Look into receiving values for your database and cleaning them out (generally the db objects have a clean method of some sorts) if from user input (anything that can be put into a request method). For more information on this, check either the php.net site or search google for 'SQL Injection'
    Last edited by Fou-Lu; 01-02-2008 at 04:25 AM.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #3
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok so I keep playing with it and I have gotten further. I found my first mistake was the fact that I was calling tables that weren't there. Now I just can't get them to update. Here is the code I now have.

    PHP Code:
    <html>
    <body>

    <?php

    require_once('./config.php');

    $db mysql_connect($dblocation$dbname$dbpw) or die (mysql_error ("Cannot Link"));
    mysql_select_db ($dbname$db) or die (mysql_error ("Cannot Select DB"));

    if (
    $submit) {

      
    // here if no ID then adding else we're editing

      
    if ($id) {

        
    $sql "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_hometown',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_email',artist_bio='$artist_bio' WHERE user_id=$id";

      } else {

        
    $sql "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artist_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace','$artist_email','$artist_bio')";

      }

      
    // run SQL against the DB

      
    $result mysql_query($sql);

      echo 
    "Record updated/edited!<p>";

    } elseif (
    $delete) {

        
    // delete a record

        
    $sql "DELETE FROM artistinfo WHERE user_id=$id";    

        
    $result mysql_query($sql);

        echo 
    "$sql Record deleted!<p>";

    } else {

      
    // this part happens if we don't press submit

      
    if (!$id) {

        
    // print the list if there is not editing

        
    $result mysql_query("SELECT * FROM artistinfo",$db);

        while (
    $myrow mysql_fetch_array($result)) {

          
    printf("<a href=\"%s?id=%s\">%s %s</a> \n"$PHP_SELF$myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

          
    printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>"$PHP_SELF$myrow["user_id"]);

        }

      }

      
    ?>
      
       <P>

      <a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
    <form method="post" action="<?php echo $PHP_SELF?>">

      <p>
        <?php



      
    if ($id) {

        
    // editing so select a record

        
    $sql "SELECT * FROM artistinfo WHERE user_id=$id";

        
    $result mysql_query($sql);

        
    $myrow mysql_fetch_array($result);

        
    $artist_realname $myrow["artist_realname"];
        
    $artist_birthday $myrow["artist_birthday"];
        
    $artist_hometown $myrow["artist_hometown"];
        
    $artist_soundclick $myrow["artist_soundclick"];
        
    $artist_myspace $myrow["artist_myspace"];
        
    $artist_email $myrow["artist_email"];
        
    $artist_bio $myrow["artist_bio"];

        
    // print the id for editing

        
    ?>

        <input type=hidden name="id" value="<?php echo $id ?>">

        <?php

      
    }



      
    ?>

      Real Name:
      <input type="Text" name="first" value="<?php echo $artist_realname ?>">
      <br>

      Birthday:
      <input type="Text" name="last" value="<?php echo $artist_birthday ?>">
      <br>

      Hometown:
      <input type="Text" name="address" value="<?php echo $artist_hometown ?>">
      <br>

      Soundclick:
      <input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
      <br>

      Myspace:
      <input type="Text" name="position" value="<?php echo $artist_myspace ?>">
      <br>
      
      Email:
      <input type="Text" name="position" value="<?php echo $artist_email ?>">
      <br>
      
      Bio:
      <textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
      <br>
      
      <input type="Submit" name="submit" value="Update Information">
      </p>
      </form>



    <?php



    }



    ?>



    </body>

    </html>
    Last edited by DJDex; 01-02-2008 at 05:46 AM.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Yep, keep playing around with it.
    Don't forget, the $id = $_GET['id'] has to become $id = $_POST['id'], I'm guessing the id is coming from the form submission correct?
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • #5
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ahhh ok let me try that because at first I was trying to get the ID from the URL but I can see now thats not the method I need to do.

  • #6
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok I dont think I need that at all. in the tutorial the ID isnt called how I am calling it and it seems I dont need to. However the way I am doing it now its agian not puling the information from the DB

  • #7
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, so yea I guess the information that would help is the table names which are

    user_id
    artist_realname
    artist_birthday
    artist_hometown
    artist_soundclickname
    artist_myspace
    artist_email
    artist_bio

    The user_id is of course how I relate all of my tables so I can match them up. Anyway ur help is greatly appreciated. This is driving me crazy lol.

  • #8
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    just an update, this file first does loop through my DB first and grabs some basic data and display it. So There for I am pretty sure I am not having the issue with the database connection. It's just not pulling the information when the id is in the URL. Here is my updated code

    PHP Code:


    <html>
    <body>

    <?php

    require_once('./config.php');

    $db mysql_connect($dblocation$dbname$dbpw) or die (mysql_error ("Cannot Link"));
    mysql_select_db ($dbname$db) or die (mysql_error ("Cannot Select DB"));

    if (
    $submit) {

      
    // here if no ID then adding else we're editing

      
    if ($id) {

        
    $sql "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_hometown',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_email',artist_bio='$artist_bio' WHERE user_id=$id";

      } else {

        
    $sql "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artist_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace','$artist_email','$artist_bio')";

      }

      
    // run SQL against the DB

      
    $result mysql_query($sql);

      echo 
    "Record updated/edited!<p>";

    } elseif (
    $delete) {

        
    // delete a record

        
    $sql "DELETE FROM artistinfo WHERE user_id=$id";    

        
    $result mysql_query($sql);

        echo 
    "$sql Record deleted!<p>";

    } else {

      
    // this part happens if we don't press submit

      
    if (!$id) {

        
    // print the list if there is not editing

        
    $result mysql_query("SELECT * FROM artistinfo",$db);

        while (
    $myrow mysql_fetch_array($result)) {

          
    printf("<a href=\"%s?id=%s\">%s %s</a> \n"$PHP_SELF$myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

          
    printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>"$PHP_SELF$myrow["user_id"]);

        }

      }

      
    ?>
      
       <P>

      <a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
    <form method="post" action="<?php echo $PHP_SELF?>">

      <p>
        <?php



      
    if ($id) {

        
    // editing so select a record

        
    $sql "SELECT * FROM artistinfo WHERE user_id=$id";

        
    $result mysql_query($sql);

        
    $myrow mysql_fetch_array($result);
        
        
    $id $myrow["user_id"];
        
    $artist_realname $myrow["artist_realname"];
        
    $artist_birthday $myrow["artist_birthday"];
        
    $artist_hometown $myrow["artist_hometown"];
        
    $artist_soundclick $myrow["artist_soundclick"];
        
    $artist_myspace $myrow["artist_myspace"];
        
    $artist_email $myrow["artist_email"];
        
    $artist_bio $myrow["artist_bio"];

        
    // print the id for editing

        
    ?>

        <input type=hidden name="id" value="<?php echo $id ?>">

        <?php

      
    }



      
    ?>

      Real Name:
      <input type="Text" name="first" value="<?php echo $artist_realname ?>">
      <br>

      Birthday:
      <input type="Text" name="last" value="<?php echo $artist_birthday ?>">
      <br>

      Hometown:
      <input type="Text" name="address" value="<?php echo $artist_hometown ?>">
      <br>

      Soundclick:
      <input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
      <br>

      Myspace:
      <input type="Text" name="position" value="<?php echo $artist_myspace ?>">
      <br>
      
      Email:
      <input type="Text" name="position" value="<?php echo $artist_email ?>">
      <br>
      
      Bio:
      <textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
      <br>
      
      <input type="Submit" name="submit" value="Update Information">
      </p>
      </form>



    <?php



    }



    ?>



    </body>

    </html>
    I'm sure it has to be something real little and stupid. When the script pulls the info from the DB it should be a link. Then when you click the name it pulls its supposed to bring up the rest of the mysql information into the form so that I can update it. However its not pulling into the form and I just can't get why lol. Thanks for the help again.

  • #9
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    It will really help you now and in the future if you get into the good habit of error checking your SQL queries. Your code just assumes they work, and that may not always be the case-- in fact, I can pretty much guarantee you will have a broken query once or twice in your lifetime. That may not be the root of your immediate problem, but error checking is critical.

    PHP Code:
    $query "SELECT blah";
    $result mysql_query($query);
    //check for error
    if (!$result) {
        die (
    "SQL error encountered. Query was: $query<br />Error was: ".mysql_error());

    As for your immediate problem, It appears the variable $id is only assigned a value inside an "if" statement that only evaluates to "true" if $id is true. It just doesn't look like sound logic at first glance. You should be using the isset() function in my opinion.

    Also, your code should not be relying on register_globals being set to "on", as the PHP default nowadays is to have it "off" and someday it will be removed altogether.

  • #10
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What would be a better way to go about editing my SQL database then. This code is obviously not working correctly. I appreciate the help.

  • #11
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    Start by following the advice already given and then get back to us if you're still stuck.

  • #12
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I went ahead and added the error check. I still get no errors. The script is running at www.deathentertainment.com/test/edit.php

    As far as you talking about registered globals do you mean the id=1 in the URL? If so what would be a better way. This page is only going to be used for when a user logs into the system it will pull up only there information based on there user id and allow them to edit. Is my approach wrong since currently i am reading the DB before I go and edit the record or no?

  • #13
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    "Register globals" is a PHP mistake (it is disabled by default now) that automatically assigns form post variables to variables of the same name. For example, your form has a "submit" button named "submit", and your code assumes that "register globals" is turned on because it refers to the variable $submit without assigning anything to that variable. Better would be to check the variable $_POST['submit'], which is guaranteed to work. Same thing with $id. Looking at your insert and update queries, you refer to variables that aren't going to be set anywhere no matter what-- $artist_realname? Where is that given a value?

  • #14
    New Coder
    Join Date
    Jan 2007
    Posts
    22
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok so I've tried declaring the variables but I believe that I have it in the wrong spot.

    PHP Code:
    <html>
    <body>

    <?php

    require_once('./config.php');

    $db mysql_connect($dblocation$dbname$dbpw) or die (mysql_error ("Cannot Link"));
    mysql_select_db ($dbname$db) or die (mysql_error ("Cannot Select DB"));


    if (
    $submit) {

      
    // here if no ID then adding else we're 
    $id $_POST['id'];

      if (
    $id) {

    $artist_realname $_POST['artist_realname'];
    $artist_birthday $_POST['artist_birthday'];
    $artist_hometown $_POST['artist_hometown'];
    $artist_soundclick $_POST['artist_soundclick'];
    $artist_myspace $_POST['artist_myspace'];
    $artist_email $_POST['artist_email'];
    $artist_bio $_POST['artist_bio'];

        
    $sql "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_hometown',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_email',artist_bio='$artist_bio' WHERE user_id=$id";

      } else {

        
    $sql "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artist_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace','$artist_email','$artist_bio')";

      }

      
    // run SQL against the DB

      
    $result mysql_query($sql);
      if (!
    $result) {
        die (
    "SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
    }  

      echo 
    "Record updated/edited!<p>";

    } elseif (
    $delete) {

        
    // delete a record

        
    $sql "DELETE FROM artistinfo WHERE user_id=$id";    

        
    $result mysql_query($sql);
        if (!
    $result) {
        die (
    "SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
    }  

        echo 
    "$sql Record deleted!<p>";

    } else {

      
    // this part happens if we don't press submit

      
    if (!$id) {

        
    // print the list if there is not editing

        
    $result mysql_query("SELECT * FROM artistinfo",$db);
        if (!
    $result) {
        die (
    "SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
    }  

        while (
    $myrow mysql_fetch_array($result)) {

          
    printf("<a href=\"%s?id=%s\">%s %s</a> \n"$PHP_SELF$myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

          
    printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>"$PHP_SELF$myrow["user_id"]);

        }

      }

      
    ?>
      
       <P>

      <a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
    <form method="post" action="<?php echo $PHP_SELF?>">

      <p>
        <?php



      
    if ($id) {

        
    // editing so select a record

        
    $sql "SELECT * FROM artistinfo WHERE user_id=$id";

        
    $result mysql_query($sql);
        if (!
    $result) {
        die (
    "SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
    }  

        
    $myrow mysql_fetch_array($result);
        
        
    $id $myrow["user_id"];
        
    $artist_realname $myrow["artist_realname"];
        
    $artist_birthday $myrow["artist_birthday"];
        
    $artist_hometown $myrow["artist_hometown"];
        
    $artist_soundclick $myrow["artist_soundclick"];
        
    $artist_myspace $myrow["artist_myspace"];
        
    $artist_email $myrow["artist_email"];
        
    $artist_bio $myrow["artist_bio"];

        
    // print the id for editing

        
    ?>

        <input type=hidden name="user_id" value="<?php echo $id ?>">

        <?php

      
    }



      
    ?>

      Real Name:
      <input type="Text" name="first" value="<?php echo $artist_realname ?>">
      <br>

      Birthday:
      <input type="Text" name="last" value="<?php echo $artist_birthday ?>">
      <br>

      Hometown:
      <input type="Text" name="address" value="<?php echo $artist_hometown ?>">
      <br>

      Soundclick:
      <input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
      <br>

      Myspace:
      <input type="Text" name="position" value="<?php echo $artist_myspace ?>">
      <br>
      
      Email:
      <input type="Text" name="position" value="<?php echo $artist_email ?>">
      <br>
      
      Bio:
      <textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
      <br>
      
      <input type="Submit" name="submit" value="Update Information">
      </p>
      </form>



    <?php



    }



    ?>



    </body>

    </html>


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •