Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Feb 2010
    Posts
    30
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Just a quick question -- can read from db but not write.

    Hi.

    I'm new here and came acroos this as i'm a little stuck with my project.

    I'm making a running trainer user php, mysql.
    I have sorted logins and sessions and it can read from a database.


    However my add/edit/delete user form will only display and delete users.

    I have scanned it several times and can't find the problem, it is proably blindingly obvious, so I would appreciate is some people could have a look.

    PHP Code:
    <?php
    require("includes/sesh.inc");
    require(
    "includes/header.inc");
    require(
    "includes/db.inc");



    if (isset(
    $_GET['add']))
    //if the user has chosen to add someone to the database
    {
    echo 
    "<h1>Add user</h1>";
    $f $_POST['fname'];
    $s $_POST['sname'];
    $u $_POST['uname'];
    $p $_POST['pass'];
    $l $_POST['alevel'];
    $a $_POST['age'];
    $g $_POST['gend'];
    $r $_POST['rabil'];
    $t $_POST['rtrain'];

    $query "INSERT INTO userdetails (userid, firstname, surname, username, password, accesslevel, age, gender, runnerability, racetrainingfor) VALUES (NULL, '$f', '$s','$u','$p',$l,$a,'$g',$r,'$t')";
    mysql_query($query);
    echo 
    "<p>User added. <a href='user.php'>Add/Edit People</a></p>";
    }

    elseif(isset(
    $_GET['del']))
    {
    //if the user has chosen to delete a record ask them to confirm
    echo "<h1>Confirm Delete User</h1>";
    $therecord $_GET['del'];
    echo 
    "<form action='user.php?confirm=yes' method='post'>Are you sure you want to delete user ".$therecord."?. It will be irreversible <br>";
    echo 
    "<input type='hidden' name='todel' value='".$therecord."'><input type='submit' name='yes' value ='Yes'> || <input type='submit' name='no' value ='No'></form>";
    }

    elseif(isset(
    $_GET['confirm']) && isset($_POST['yes']))
    {
    echo 
    "<h1>Deleting The User</h1>";
    //the user has confirmed that they want to delete a record
    $d $_POST['todel'];
    $query "DELETE FROM userdetails WHERE userid=$d";
    mysql_query($query);
    echo 
    "<p>User deleted. <a href='user.php'>Add/Edit Users</a></p>";
    }

    elseif(isset(
    $_GET['edit']))
    {
    // if the user has chosen to edit a record
    $peeps $_GET['edit'];
    $query "SELECT * FROM userdetails WHERE userid=$peeps";
    $result =mysql_query($query);
    $row mysql_fetch_array($result);
    extract($row);
    echo 
    "<h1>Edit User</h1>";
    //display a form for adding a User
    echo "<form action='user.php?add=yes' method='post'>
    <p>Firstname: <input type='text' name='fname'><br>
    Surname:  <input type='text' name='sname'><br>
    Username:  <input type='text' name='uname'><br>
    Password:  <input type='text' name='pass'><br>
    Access Level:  <input type='text' name='alevel'><br>
    Age:  <input type='int' name='age'><br>
    Gender:  <input type='text' name='gen'><br>
    Runner Ability:  <input type='int' name='rabil'><br>
    Race Training For:  <input type='text' name='rtrain'><br>
    <input type='submit' value='Add User'></p>
    </form>"
    ;
    }

    elseif(isset(
    $_GET['update']))
    {
    // if the user has selected to update the details of a record
    $i $_POST['uid'];
    $f $_POST['fname'];
    $s $_POST['sname'];
    $u $_POST['uname'];
    $p $_POST['pass'];
    $l $_POST['alevel'];
    $a $_POST['age'];
    $g $_POST['gend'];
    $r $_POST['rabil'];
    $t $_POST['rtrain'];
    $query "UPDATE userdetails SET firstname='$f', surname='$s', username='$u', password='$p', accesslevel=$l, age=$a, gender='$g', runnerability=$r,  racetrainingfor='$t' WHERE userid=$i";
    mysql_query($query);
    echo 
    "<h1>Update User</h1><p><a href='user.php'>Add/Edit People</a></p>";
    }

    else {
    //default view
    echo "<h1>Add/Edit User</h1>";
    //display a form for adding a User
    echo "<form action='user.php?add=yes' method='post'>
    <p>Firstname: <input type='text' name='fname'><br>
    Surname:  <input type='text' name='sname'><br>
    Username:  <input type='text' name='uname'><br>
    Password:  <input type='text' name='pass'><br>
    Access Level:  <input type='text' name='alevel'><br>
    Age:  <input type='int' name='age'><br>
    Gender:  <input type='text' name='gen'><br>
    Runner Ability:  <input type='int' name='rabil'><br>
    Race Training For:  <input type='text' name='rtrain'><br>
    <input type='submit' value='Add User'></p>
    </form>"
    ;
    //display full list of people in the database with option to edit or delete
    $query "SELECT * FROM userdetails";
    $result mysql_query($query);
    echo 
    "<table border='box'><tr><th>Firstname</th><th>Surname</th><th>Username</th><th>Access Level</th><th>Age</th><th>Gender</th><th>Runner Ability</th><th>Race Training For</th><th>Edit</th></tr>";
    while (
    $row mysql_fetch_array($result))
    {
    extract($row);
    echo 
    "<tr><td>".$firstname."</td><td>".$surname."</td><td>".$username."</td><td>".$accesslevel."</td><td>".$age."</td><td>".$gender."</td><td>".$runnerability."</td><td>".$racetrainingfor."</td><td><a href='user.php?edit=".$userid."'>Edit</a> || <a href='user.php?del=".$userid."'>Delete</a></td></tr>";
    //<td><a href='user.php?edit=".$userid."'>Edit</a> || <a href="user.php?del=".$userid."'>Delete</a></td></tr>";
    }
    echo 
    "</table>";
    }

    require(
    "includes/menu.inc");
    require(
    "includes/footer.inc");
    ?>
    Thanks, Jama

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    However my add/edit/delete user form will only display and delete users.
    You don't have any error checks in your queries.
    Change all your query statements like
    Code:
    $query = "UPDATE userdetails SET firstname='$f', surname='$s', username='$u', password='$p', accesslevel=$l, age=$a, gender='$g', runnerability=$r,  racetrainingfor='$t' WHERE userid=$i";
    mysql_query($query) or die(mysql_error(). '<br/>query:'. $query );
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • Users who have thanked abduraooft for this post:

    DJJama (02-24-2010)

  • #3
    New Coder
    Join Date
    Feb 2010
    Posts
    30
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Thank you.

    Doing this showed up that there was an error with my user id.
    After some searching found i did not have auto-increment on.

    Jama

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,865
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    Quote Originally Posted by DJJama View Post
    Doing this showed up that there was an error with my user id.
    After some searching found i did not have auto-increment on.

    Jama
    Good job

    btw, your code is susceptible to sql injections, read http://php.net/manual/en/security.da...-injection.php
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •