...

View Full Version : PHP/MySQL Edit help



DJDex
01-01-2008, 10:43 PM
Hello, I posted a little while ago for some help on a project type thing I am working on. Currently i am working on a page that a user is going to have to login to so that they can change/update there information. Here is the code I have so far that I had did using a tutorial i went through. I'm just having a little confusion. I edited it a bit to use my SQL connection information. Currently I have all the database connection in a seperate php file so that I can just include it into files that need it. Anyway I am having trouble getting this page to pull the mysql data based on the user_id number in the URL. Here is the code I have. I am goin crazy tryin to figure this one out. Thanks




<html>
<body>

<?php

require_once('./config.php');

$db = mysql_connect($dblocation, $dbname, $dbpw) or die (mysql_error ("Cannot Link"));
mysql_select_db ($dbname, $db) or die (mysql_error ("Cannot Select DB"));

$id = $_GET['user_id'];

if ($submit) {

// here if no ID then adding else we're editing

if ($id) {

$sql = "UPDATE artistinfo SET realname='$realname',birthday='$birthday',hometown='$hometown',soundclick='$soundclick',myspace='$my space',email='$email',bio='$bio' WHERE user_id=$id";

} else {

$sql = "INSERT INTO artistinfo (realname,birthday,hometown,soundclick,myspace,email,bio) VALUES ('$realname','$birthday','$hometown','$soundclickname','$myspace','$email','$bio')";

}

// run SQL against the DB

$result = mysql_query($sql);

echo "Record updated/edited!<p>";

} elseif ($delete) {

// delete a record

$sql = "DELETE FROM employees WHERE id=$id";

$result = mysql_query($sql);

echo "$sql Record deleted!<p>";

} else {

// this part happens if we don't press submit

if (!$id) {

// print the list if there is not editing

$result = mysql_query("SELECT * FROM artistinfo",$db);

while ($myrow = mysql_fetch_array($result)) {

printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF, $myrow["user_id"], $myrow["realname"], $myrow["hometown"]);

printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>", $PHP_SELF, $myrow["user_id"]);

}

}

?>

<form method="post" action="<?php echo $PHP_SELF?>">

<?php



if ($id) {

// editing so select a record

$sql = "SELECT * FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$realname = $myrow["realname"];
$birthday = $myrow["birthday"];
$hometown = $myrow["hometown"];
$soundclick = $myrow["soundclick"];
$myspace = $myrow["myspace"];
$email = $myrow["email"];
$bio = $myrow["bio"];

// print the id for editing



?>

<input type=hidden name="id" value="<?php echo $id ?>">

<?php

}



?>

Real Name:<input type="Text" name="first" value="<?php echo $realname ?>"><br>

Birthday:<input type="Text" name="last" value="<?php echo $birthday ?>"><br>

Hometown:<input type="Text" name="address" value="<?php echo $hometown ?>"><br>

Soundclick:<input type="Text" name="position" value="<?php echo $soundclick ?>"><br>

Myspace:<input type="Text" name="position" value="<?php echo $myspace ?>"><br>

Email:<input type="Text" name="position" value="<?php echo $email ?>"><br>

Bio:
<textarea name="position" rows="5"><?php echo $bio ?></textarea>
<br>

<input type="Submit" name="submit" value="Update Information">

</form>



<?php



}



?>



</body>

</html>

Fou-Lu
01-02-2008, 03:20 AM
Can you be more specific on the error messages you are receiving (if any)? If no error message, can you be more specific on output?
I'm guessing off hand that you have a register_globals problem, your $id has been extracted from the _GET but I don't see where a lot of the others are coming from ($submit, $delete, etc).

Another big one is that your form method is via POST, which means the _GET superglobal will not (or is likely to not) contain the information you are looking for. You need to be searching in the _POST superglobal for the data you need. _REQUEST is another option, but don't use it unless you know how to control it better than the PHP defaults.
Get back to us with more specific information please, or let us know if the above helps you solve the problem!

Edit
If those hrefs you are putting in there work, than the register_globals is not a problem (though you should not rely on them). Oh, and don't use the _SERVER['PHP_SELF'] directive either, it has a XSS flaw to it, instead either overwrite it or define using _SERVER['SCRIPT_NAME'] and the applicable _SERVER['QUERY_STRING'] values (or manipulation through your _GETs)
register_globals of any kind are bad, do not trust them or rely on them. Look into receiving values for your database and cleaning them out (generally the db objects have a clean method of some sorts) if from user input (anything that can be put into a request method). For more information on this, check either the php.net site or search google for 'SQL Injection'

DJDex
01-02-2008, 03:32 AM
Ok so I keep playing with it and I have gotten further. I found my first mistake was the fact that I was calling tables that weren't there. Now I just can't get them to update. Here is the code I now have.



<html>
<body>

<?php

require_once('./config.php');

$db = mysql_connect($dblocation, $dbname, $dbpw) or die (mysql_error ("Cannot Link"));
mysql_select_db ($dbname, $db) or die (mysql_error ("Cannot Select DB"));

if ($submit) {

// here if no ID then adding else we're editing

if ($id) {

$sql = "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_homet own',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_e mail',artist_bio='$artist_bio' WHERE user_id=$id";

} else {

$sql = "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artis t_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace' ,'$artist_email','$artist_bio')";

}

// run SQL against the DB

$result = mysql_query($sql);

echo "Record updated/edited!<p>";

} elseif ($delete) {

// delete a record

$sql = "DELETE FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);

echo "$sql Record deleted!<p>";

} else {

// this part happens if we don't press submit

if (!$id) {

// print the list if there is not editing

$result = mysql_query("SELECT * FROM artistinfo",$db);

while ($myrow = mysql_fetch_array($result)) {

printf("<a href=\"&#37;s?id=%s\">%s %s</a> \n", $PHP_SELF, $myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>", $PHP_SELF, $myrow["user_id"]);

}

}

?>

<P>

<a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
<form method="post" action="<?php echo $PHP_SELF?>">

<p>
<?php



if ($id) {

// editing so select a record

$sql = "SELECT * FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$artist_realname = $myrow["artist_realname"];
$artist_birthday = $myrow["artist_birthday"];
$artist_hometown = $myrow["artist_hometown"];
$artist_soundclick = $myrow["artist_soundclick"];
$artist_myspace = $myrow["artist_myspace"];
$artist_email = $myrow["artist_email"];
$artist_bio = $myrow["artist_bio"];

// print the id for editing

?>

<input type=hidden name="id" value="<?php echo $id ?>">

<?php

}



?>

Real Name:
<input type="Text" name="first" value="<?php echo $artist_realname ?>">
<br>

Birthday:
<input type="Text" name="last" value="<?php echo $artist_birthday ?>">
<br>

Hometown:
<input type="Text" name="address" value="<?php echo $artist_hometown ?>">
<br>

Soundclick:
<input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
<br>

Myspace:
<input type="Text" name="position" value="<?php echo $artist_myspace ?>">
<br>

Email:
<input type="Text" name="position" value="<?php echo $artist_email ?>">
<br>

Bio:
<textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
<br>

<input type="Submit" name="submit" value="Update Information">
</p>
</form>



<?php



}



?>



</body>

</html>

Fou-Lu
01-02-2008, 03:34 AM
Yep, keep playing around with it.
Don't forget, the $id = $_GET['id'] has to become $id = $_POST['id'], I'm guessing the id is coming from the form submission correct?

DJDex
01-02-2008, 03:43 AM
ahhh ok let me try that because at first I was trying to get the ID from the URL but I can see now thats not the method I need to do.

DJDex
01-02-2008, 03:55 AM
Ok I dont think I need that at all. in the tutorial the ID isnt called how I am calling it and it seems I dont need to. However the way I am doing it now its agian not puling the information from the DB

DJDex
01-02-2008, 04:26 AM
Ok, so yea I guess the information that would help is the table names which are

user_id
artist_realname
artist_birthday
artist_hometown
artist_soundclickname
artist_myspace
artist_email
artist_bio

The user_id is of course how I relate all of my tables so I can match them up. Anyway ur help is greatly appreciated. This is driving me crazy lol.

DJDex
01-02-2008, 11:41 AM
just an update, this file first does loop through my DB first and grabs some basic data and display it. So There for I am pretty sure I am not having the issue with the database connection. It's just not pulling the information when the id is in the URL. Here is my updated code





<html>
<body>

<?php

require_once('./config.php');

$db = mysql_connect($dblocation, $dbname, $dbpw) or die (mysql_error ("Cannot Link"));
mysql_select_db ($dbname, $db) or die (mysql_error ("Cannot Select DB"));

if ($submit) {

// here if no ID then adding else we're editing

if ($id) {

$sql = "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_homet own',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_e mail',artist_bio='$artist_bio' WHERE user_id=$id";

} else {

$sql = "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artis t_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace' ,'$artist_email','$artist_bio')";

}

// run SQL against the DB

$result = mysql_query($sql);

echo "Record updated/edited!<p>";

} elseif ($delete) {

// delete a record

$sql = "DELETE FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);

echo "$sql Record deleted!<p>";

} else {

// this part happens if we don't press submit

if (!$id) {

// print the list if there is not editing

$result = mysql_query("SELECT * FROM artistinfo",$db);

while ($myrow = mysql_fetch_array($result)) {

printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF, $myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>", $PHP_SELF, $myrow["user_id"]);

}

}

?>

<P>

<a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
<form method="post" action="<?php echo $PHP_SELF?>">

<p>
<?php



if ($id) {

// editing so select a record

$sql = "SELECT * FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$id = $myrow["user_id"];
$artist_realname = $myrow["artist_realname"];
$artist_birthday = $myrow["artist_birthday"];
$artist_hometown = $myrow["artist_hometown"];
$artist_soundclick = $myrow["artist_soundclick"];
$artist_myspace = $myrow["artist_myspace"];
$artist_email = $myrow["artist_email"];
$artist_bio = $myrow["artist_bio"];

// print the id for editing

?>

<input type=hidden name="id" value="<?php echo $id ?>">

<?php

}



?>

Real Name:
<input type="Text" name="first" value="<?php echo $artist_realname ?>">
<br>

Birthday:
<input type="Text" name="last" value="<?php echo $artist_birthday ?>">
<br>

Hometown:
<input type="Text" name="address" value="<?php echo $artist_hometown ?>">
<br>

Soundclick:
<input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
<br>

Myspace:
<input type="Text" name="position" value="<?php echo $artist_myspace ?>">
<br>

Email:
<input type="Text" name="position" value="<?php echo $artist_email ?>">
<br>

Bio:
<textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
<br>

<input type="Submit" name="submit" value="Update Information">
</p>
</form>



<?php



}



?>



</body>

</html>


I'm sure it has to be something real little and stupid. When the script pulls the info from the DB it should be a link. Then when you click the name it pulls its supposed to bring up the rest of the mysql information into the form so that I can update it. However its not pulling into the form and I just can't get why lol. Thanks for the help again.

Fumigator
01-02-2008, 04:50 PM
It will really help you now and in the future if you get into the good habit of error checking your SQL queries. Your code just assumes they work, and that may not always be the case-- in fact, I can pretty much guarantee you will have a broken query once or twice in your lifetime. That may not be the root of your immediate problem, but error checking is critical.



$query = "SELECT blah";
$result = mysql_query($query);
//check for error
if (!$result) {
die ("SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
}


As for your immediate problem, It appears the variable $id is only assigned a value inside an "if" statement that only evaluates to "true" if $id is true. It just doesn't look like sound logic at first glance. You should be using the isset() function in my opinion.

Also, your code should not be relying on register_globals being set to "on", as the PHP default nowadays is to have it "off" and someday it will be removed altogether.

DJDex
02-25-2008, 12:56 AM
What would be a better way to go about editing my SQL database then. This code is obviously not working correctly. I appreciate the help.

Fumigator
02-25-2008, 02:19 AM
Start by following the advice already given and then get back to us if you're still stuck.

DJDex
02-26-2008, 01:29 AM
I went ahead and added the error check. I still get no errors. The script is running at www.deathentertainment.com/test/edit.php

As far as you talking about registered globals do you mean the id=1 in the URL? If so what would be a better way. This page is only going to be used for when a user logs into the system it will pull up only there information based on there user id and allow them to edit. Is my approach wrong since currently i am reading the DB before I go and edit the record or no?

Fumigator
02-26-2008, 02:50 AM
"Register globals" is a PHP mistake (it is disabled by default now) that automatically assigns form post variables to variables of the same name. For example, your form has a "submit" button named "submit", and your code assumes that "register globals" is turned on because it refers to the variable $submit without assigning anything to that variable. Better would be to check the variable $_POST['submit'], which is guaranteed to work. Same thing with $id. Looking at your insert and update queries, you refer to variables that aren't going to be set anywhere no matter what-- $artist_realname? Where is that given a value?

DJDex
02-27-2008, 02:37 AM
Ok so I've tried declaring the variables but I believe that I have it in the wrong spot.



<html>
<body>

<?php

require_once('./config.php');

$db = mysql_connect($dblocation, $dbname, $dbpw) or die (mysql_error ("Cannot Link"));
mysql_select_db ($dbname, $db) or die (mysql_error ("Cannot Select DB"));


if ($submit) {

// here if no ID then adding else we're
$id = $_POST['id'];

if ($id) {

$artist_realname = $_POST['artist_realname'];
$artist_birthday = $_POST['artist_birthday'];
$artist_hometown = $_POST['artist_hometown'];
$artist_soundclick = $_POST['artist_soundclick'];
$artist_myspace = $_POST['artist_myspace'];
$artist_email = $_POST['artist_email'];
$artist_bio = $_POST['artist_bio'];

$sql = "UPDATE artistinfo SET artist_realname='$artist_realname',artist_birthday='$artist_birthday',artist_hometown='$artist_homet own',artist_soundclick='$artist_soundclick',artist_myspace='$artist_myspace',artist_email='$artist_e mail',artist_bio='$artist_bio' WHERE user_id=$id";

} else {

$sql = "INSERT INTO artistinfo (artist_realname,artist_birthday,artist_hometown,artist_soundclick,artist_myspace,artist_email,artis t_bio) VALUES ('$artist_realname','$artist_birthday','$artist_hometown','$artist_soundclickname','$artist_myspace' ,'$artist_email','$artist_bio')";

}

// run SQL against the DB

$result = mysql_query($sql);
if (!$result) {
die ("SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
}

echo "Record updated/edited!<p>";

} elseif ($delete) {

// delete a record

$sql = "DELETE FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);
if (!$result) {
die ("SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
}

echo "$sql Record deleted!<p>";

} else {

// this part happens if we don't press submit

if (!$id) {

// print the list if there is not editing

$result = mysql_query("SELECT * FROM artistinfo",$db);
if (!$result) {
die ("SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
}

while ($myrow = mysql_fetch_array($result)) {

printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF, $myrow["user_id"], $myrow["artist_realname"], $myrow["artist_hometown"]);

printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>", $PHP_SELF, $myrow["user_id"]);

}

}

?>

<P>

<a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>
<form method="post" action="<?php echo $PHP_SELF?>">

<p>
<?php



if ($id) {

// editing so select a record

$sql = "SELECT * FROM artistinfo WHERE user_id=$id";

$result = mysql_query($sql);
if (!$result) {
die ("SQL error encountered. Query was: $query<br />Error was: ".mysql_error());
}

$myrow = mysql_fetch_array($result);

$id = $myrow["user_id"];
$artist_realname = $myrow["artist_realname"];
$artist_birthday = $myrow["artist_birthday"];
$artist_hometown = $myrow["artist_hometown"];
$artist_soundclick = $myrow["artist_soundclick"];
$artist_myspace = $myrow["artist_myspace"];
$artist_email = $myrow["artist_email"];
$artist_bio = $myrow["artist_bio"];

// print the id for editing

?>

<input type=hidden name="user_id" value="<?php echo $id ?>">

<?php

}



?>

Real Name:
<input type="Text" name="first" value="<?php echo $artist_realname ?>">
<br>

Birthday:
<input type="Text" name="last" value="<?php echo $artist_birthday ?>">
<br>

Hometown:
<input type="Text" name="address" value="<?php echo $artist_hometown ?>">
<br>

Soundclick:
<input type="Text" name="position" value="<?php echo $artist_soundclick ?>">
<br>

Myspace:
<input type="Text" name="position" value="<?php echo $artist_myspace ?>">
<br>

Email:
<input type="Text" name="position" value="<?php echo $artist_email ?>">
<br>

Bio:
<textarea name="position" rows="5"><?php echo $artist_bio ?></textarea>
<br>

<input type="Submit" name="submit" value="Update Information">
</p>
</form>



<?php



}



?>



</body>

</html>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum