...

View Full Version : Form to update MYSQL database does not work.



DanielWatts
09-11-2011, 06:36 PM
I have no idea why this is not working, I want it to update the `name` database located in PHPMyAdmin, with a user defined name.

Code:

<?php
include 'config.php';
?>
<div align="left">Welcome too the profile page, here you can change your email and password and other features!</div>
<br />
<br />
<br />
<div align="left"><strong>Change Name:</strong>
<br /><input type="text" name="userchange" value=""><input type="submit" name="changename" value="Change">
<?php
if (ISSET($_POST['changename'])){
$cusername = $_POST['userchange'];
function change_username($cusername){
$cusername = mysql_real_escape_string(htmlentities($cusername));
$cname = mysql_real_escape_string($cusername);
mysql_query("UPDATE users SET name = $cname ");
}
}
?>

djm0219
09-11-2011, 07:05 PM
Where is your <form> tag? Where is the function change_username being called?

Even if you had a form tag right now and the post value named changename were set the only thing that would happen is that the value of $_POST['userchange'] would end up being put into the variable named $cusername. Nothing else will happen.

DanielWatts
09-11-2011, 07:10 PM
I've changed the code, but it still don't work :(


<?php
include 'config.php';
?>
<div align="left">Welcome too the profile page, here you can change your email and password and other features!</div>
<br />
<br />
<br />
<div align="left"><strong>Change Name:</strong>
<br /><form><input type="text" name="userchange" value=""><input type="submit" name="changename" value="Change">
</form>
<?php
if (ISSET($_POST['changename'])){
$cusername = $_POST['userchange'];
function change_username($cusername){
$cusername = mysql_real_escape_string(htmlentities($cusername));
$cname = mysql_real_escape_string($cusername);
mysql_query("UPDATE `users` SET `name` = '{$cusername}' WHERE `name`='OLDUSERNAME'");
}
}
?>

perpl3x3d
09-11-2011, 07:35 PM
You are not putting enough information into your form tag, it needs at least an action (what/where the form does/goes) and method (get or post), and is common practice to name them (for grabbing elements by id if you want to use javascript of any kind)

Here is my revised code:

<?php
include 'config.php';
?>
<div align="left">Welcome too the profile page, here you can change your email and password and other features!</div>
<br />
<br />
<br />
<div align="left"><strong>Change Name:</strong>
<br /><form action = '<?php echo $_SERVER['PHP_SELF']; ?>' method = 'POST' name = 'usernamechange'><input type="text" name="userchange" value=""><input type="submit" name="changename" value="Change">
</form>
<?php
if (ISSET($_POST['changename'])){
$cusername = $_POST['userchange'];
function change_username($cusername){
$cusername = mysql_real_escape_string(htmlentities($cusername));
$cname = mysql_real_escape_string($cusername);
mysql_query("UPDATE `users` SET `name` = '{$cusername}' WHERE `name`='OLDUSERNAME'");
}
}
?>

I'm assuming you are omitting your database connection? If you aren't, you are going to need to connect to the database before attempting to update any values.

Also, if you ever want to control what is displayed, I suggest you grab all of your session, cookie, get, post variables first, so you can manipulate what is displayed afterwards.

DanielWatts
09-11-2011, 07:38 PM
This still does not work, and I've included my config.php file.

perpl3x3d
09-11-2011, 07:39 PM
Can you provide the errors it is returning?

DanielWatts
09-11-2011, 07:40 PM
It does not return the error, it just does not change/update the database. No errors recorded.

djm0219
09-11-2011, 07:42 PM
As I said in my first post, the change_username function is never being called so the fact that nothing is being updated is not a surprise. I don't suspect he's getting any errors either based on what's been posted.

DanielWatts
09-11-2011, 07:46 PM
Djm, what do you mean. I've named it change_username as a function?

perpl3x3d
09-11-2011, 07:55 PM
As I said in my first post, the change_username function is never being called so the fact that nothing is being updated is not a surprise. I don't suspect he's getting any errors either based on what's been posted.

DOH, didn't even see he defined a function. :rolleyes:


Djm, what do you mean. I've named it change_username as a function?

Yes, you have have defined it, but you have not called it.

This should AT LEAST produce an error, at most update your database:

<?php
include 'config.php';
?>
<div align="left">Welcome too the profile page, here you can change your email and password and other features!</div>
<br />
<br />
<br />
<div align="left"><strong>Change Name:</strong>
<br /><form action = '<?php echo $_SERVER['PHP_SELF']; ?>' method = 'POST' name = 'usernamechange'><input type="text" name="userchange" value=""><input type="submit" name="changename" value="Change">
</form>
<?php
if (ISSET($_POST['changename'])){
function change_username($cusername){
$cusername = mysql_real_escape_string(htmlentities($cusername));
$cname = mysql_real_escape_string($cusername);
mysql_query("UPDATE `users` SET `name` = '{$cusername}' WHERE `name`='OLDUSERNAME'");
}
change_username($_POST['userchange']);
}
?>

tangoforce
09-11-2011, 08:06 PM
Any particular reason why htmlentities is also being used inside mysql_real_escape_string?

It doesn't really do anything for security.

djm0219
09-12-2011, 07:35 AM
In addition to what tangoforce said, why do you have change_username as a function? Functions are normally used when something needs to be done more than once and used in several places. For what you are trying to do the code in that function is just as easily done "in line".

The only other question here is where is OLDUSERNAME coming from?


<?php include 'config.php'; ?>
<div align="left">
Welcome too the profile page, here you can change your email and password and other features!
</div>
<br />
<br />
<br />
<div align="left">
<strong>Change Name:</strong>
</div>
<form action = '<?php echo $_SERVER['PHP_SELF']; ?>' method = 'POST' name = 'usernamechange'>
<input type="text" name="userchange" value="">
<input type="submit" name="changename" value="Change">
</form>
<?php
if (ISSET($_POST['changename'])){
$cusername = mysql_real_escape_string($_POST['userchange']);
mysql_query("UPDATE `users` SET `name` = '{$cusername}' WHERE `name`='OLDUSERNAME'");
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum