2 Replies - 262 Views - Last Post: 22 April 2013 - 08:47 PM Rate Topic: -----

#1 patk570  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 43
  • Joined: 13-February 13

Update statement not updating

Posted 22 April 2013 - 08:12 PM

Hello everyone,

I am trying to workout a code issue, I have 3 Pages, the first one is just my info from the db that is echoed. The second one is the actual update page where they can change certain info, but not the username. and the third is the actual update script. But that seems to be not working, I am sorry this is taking so long to get to the point. Here is my code from updateinfo.php:
  <div>
  <form action="confirmupdates.php" method="post">
<table width="435" border="0" cellpadding="5" cellspacing="5">
<tr><th colspan="2">My Info:</th></tr>
<tr><td>Full Name:</td><td><input type="text" id="name" name="name" value="<?php echo $details['name'] ?>" /></td></tr>
<tr><td>Username:</td><td valign="middle" ><input  type="text" name="username" value="<?php echo $details['username'] ?>" disabled="disabled" /><font color="#FF0000" size="-2"> Cannot be changed</font></td></tr>
<tr><td>Email:</td><td><input type="text" id="email" name="email" value="<?php echo $details['email'] ?>" /></td></tr>
<tr><td>Password</td><td><a href='change-pwd.php'>Change password</a></td></tr>
<tr><td>Phone Number:</td><td><input type="text" id="phone_number" value="<?php echo $details['phone_number'] ?>" name="phone_number" /></td></tr>
<tr><td>Address:</td><td><textarea name="address" id="address" cols="30" rows="5"><?php echo $details['address'] ?></textarea></td></tr>
<tr><td align="right" colspan="2"><input type="Submit" name="Submit" value="Update My Info" /></td></tr>
</table>
</form>
    </div>


Here is my confirminfo.php:
<?php
include 'include/myacctconfig.php';

	$id = $_SESSION['id_user'];
	$name = $_GET['name'];
	$email = $_GET['email'];
	$phone = $_GET['phone_number'];
	$address = $_GET['address'];
	
	echo $id;
	echo "<br />";
	echo $name;
	echo "<br />";
	echo $email;
	echo "<br />";
	echo $phone;
	echo "<br />";
	echo $address;
	echo "<br />";
	
// update data in mysql database
$sql = "UPDATE fgusers3 SET name = '$name', email = '$email', phone_number = '$phone', address = '$address' WHERE id_user = '$id' LIMIT 1";
$result=mysql_query($sql);

// if successfully updated.
if($result){
echo "You have sucessfully updated your information ";
}

else {
echo "ERROR " . mysql_error();
}

?>


also, i do have a small debugging thing on there to echo the variables that are passed but nothing is being passed for some reason. I am not sure what is going on there.

Any suggestions would be great!

Thanks,

Patrick

Is This A Good Question/Topic? 0
  • +

Replies To: Update statement not updating

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Update statement not updating

Posted 22 April 2013 - 08:26 PM

Moved to the PHP forum.


The HTML specifies method="post" for the <form>, but your PHP code is trying to access them using $_GET. That's why they aren't showing up in your code.

Also, you have three major issues in the update script:

  • You are assuming the user input is passed without checking. Use isset, empty, or the filter_input functions to check that the data is there before trying to use it.

  • Your code is wide open to SQL Injection. Any amateur script kiddie could completely destroy your user database in five minutes if you put this code live.

  • You are using the old MySQL API functions. Those are outdated and shouldn't be used for new code. Use MySQLI or PDO instead. Among other things, they have prepared statements, which effectively eliminate the SQL Injection problem.

Was This Post Helpful? 0
  • +
  • -

#3 patk570  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 43
  • Joined: 13-February 13

Re: Update statement not updating

Posted 22 April 2013 - 08:47 PM



function escape($value){
   return mysql_real_escape_string($value);
}




I used this function in the there. I do have escaped strings avail, just didn't put it in there for testing. Now I have the code working and it was very simple, thanks for your help on that. It not works beautifully!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1