Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 4 123 ... LastLast
Results 1 to 15 of 54
  1. #1
    New Coder
    Join Date
    Feb 2010
    Posts
    81
    Thanks
    23
    Thanked 0 Times in 0 Posts

    Form with data already populated

    Hey guys!

    I am currently working on a password changing form for my website. When a user is logged in they would go to the form, the "username" and "type" would already be populated.

    Here is my code, check it out.. I am almost there, I can get the data to show up but when I press submit it doesnt ammend the data in SQL:
    PHP Code:
    <form id="form1" name="form1" method="post" action="#">
                        
                        <table width="465" border="0" align="center">
                          <tr>
                            <td colspan="2"><p><strong>Administration Modification Tool</strong></p>
                            <p><em>This allows you to reset a user's password for your website.</em></p>
                            <p>&nbsp;</p></td>
                          </tr>
                          <tr>
                            <td width="165"><label>Username:</label></td><td width="290">
                            <label><input name="username" type="text" disabled="disabled" id="username" 
                            intvalue="<?php echo $_SESSION['user']['username'];?>" size="35" /></label></td>
                          </tr>
                          <tr>
                            <td>Password:</td>
                            <td><input name="password" type="password" id="password" size="35" /></td>
                          </tr>
                          <tr>
                            <td>Account Type:</td>
                            <td><input name="type" type="text" disabled="disabled" id="type" intvalue="<?php echo $_SESSION['user']['type'];?>" size="35" /></td>
                          </tr>
                          <tr>
                            <td colspan="2">&nbsp;</td>
                          </tr>
                          <tr>
                            <td colspan="2"><div align="center">
                              <input type="submit" name="submit" id="submit" value="Submit" />
                            </div></td>
                          </tr>
                        </table>
                      </form>

    <?php

    if($_POST["username"]) {
        
    $connection db_connect();    
        
    extract($_POST);
        
    $password AESEncryptCtr($password"******"256);
        
    mysql_query("UPDATE $type SET password = '$password' WHERE username = '$username' LIMIT 1") or die(mysql_error());    
    }
    ?>
    Would appreciate some help with this one.. Cheers, Aaron!
    Last edited by Inigoesdr; 02-15-2010 at 09:19 PM.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    I guess I'm not sure what "extract" does, but try grabbing your POST variables as shown, and sanitize them first:

    PHP Code:
    if($_POST["username"]) {
    $connection db_connect();
    // extract($_POST);
    $username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);
    $type=mysql_real_escape_string($_POST['type']);
    $password AESEncryptCtr($password"******"256);
    mysql_query("UPDATE $type SET password = '$password' WHERE username = '$username' LIMIT 1") or die(mysql_error());


  • #3
    SSJ
    SSJ is offline
    Regular Coder
    Join Date
    Mar 2007
    Posts
    230
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by mlseim View Post
    I guess I'm not sure what "extract" does, but try grabbing your POST variables as shown, and sanitize them first:

    PHP Code:
    if($_POST["username"]) {
    $connection db_connect();
    // extract($_POST);
    $username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);
    $type=mysql_real_escape_string($_POST['type']);
    $password AESEncryptCtr($password"******"256);
    mysql_query("UPDATE $type SET password = '$password' WHERE username = '$username' LIMIT 1") or die(mysql_error());

    @mlseim: The extract() function imports variables into the local symbol table from an array.

    @oxygenproject: I think you should store the post data into one array and then try to extract it. I think that will work well.

  • #4
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    intvalue?

  • #5
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Quote Originally Posted by oxygenproject View Post
    Hey guys!
    ...
    Would appreciate some help with this one.. Cheers, Aaron!
    Please remember to read the stickies for this forum. In particular the one about using [php][/php] tags when posting code.
    Quote Originally Posted by SSJ View Post
    @mlseim: The extract() function imports variables into the local symbol table from an array.
    Which is normally a bad idea, and not really needed.
    Quote Originally Posted by SSJ View Post
    @oxygenproject: I think you should store the post data into one array and then try to extract it. I think that will work well.
    That does.. nothing different.
    Quote Originally Posted by MattF View Post
    intvalue?
    What?

  • Users who have thanked Inigoesdr for this post:

    oxygenproject (02-15-2010)

  • #6
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by Inigoesdr View Post
    What?
    Look at the code. What is an intvalue? Last time I checked, that should be value.
    Last edited by MattF; 02-15-2010 at 09:38 PM.

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    What's wrong with my example in post #2 ?

  • #8
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Quote Originally Posted by mlseim View Post
    What's wrong with my example in post #2 ?
    Whom is that question for?

  • #9
    New Coder
    Join Date
    Feb 2010
    Posts
    81
    Thanks
    23
    Thanked 0 Times in 0 Posts
    intvalue is supposed to be value.. ignore that .. i balls up some comments i was adding to them.. this doesnt have anything to do with it not working :P

    that revised code that you provided mlseim doesnt work either..

  • #10
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    What exactly isn't working? Are $type, $password and $username set where you try updating the DB? Have you tried echoing them to make sure they're set? Is the DB query throwing an error? You're description of what is happening, (or not, as the case may be), is vague.
    Last edited by MattF; 02-15-2010 at 11:03 PM.

  • #11
    New Coder
    Join Date
    Feb 2010
    Posts
    81
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Okay sorry MattF about being vague..

    The 'username' and 'type' fields are working correctly, when I load the form it displays the username I am logged in as likewise the type of account I am running.

    When I submit the password changes, it doesnt make any modifications to the SQL data as per the purpose of the form.

    Here is a complete extract of the code from go to woe:

    PHP Code:
                   <form id="form1" name="form1" method="post" action="#">
                        
                        <table width="465" border="0" align="center">
                          <tr>
                            <td colspan="2"><p><strong>Administration Modification Tool</strong></p>
                            <p><em>This allows you to reset a user's password for your website.</em></p>
                            <p>&nbsp;</p></td>
                          </tr>
                          <tr>
                            <td width="165"><label>Username:</label></td><td width="290">
                            <label><input name="username" type="text" disabled="disabled" id="username" 
                            value="<?php echo $_SESSION['user']['username'];?>" size="35" /></label></td>
                          </tr>
                          <tr>
                            <td>Password:</td>
                            <td><input name="password" type="password" id="password" size="35" /></td>
                          </tr>
                          <tr>
                            <td>Account Type:</td>
                            <td><input name="type" type="text" disabled="disabled" id="type" value="<?php echo $_SESSION['user']['type'];?>" size="35" /></td>
                          </tr>
                          <tr>
                            <td colspan="2">&nbsp;</td>
                          </tr>
                          <tr>
                            <td colspan="2"><div align="center">
                              <input type="submit" name="submit" id="submit" value="Submit" />
                            </div></td>
                          </tr>
                        </table>
                      </form>

    <?php

    if($_POST["username"]) {
    $connection db_connect();
    // extract($_POST);
    $username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);
    $type=mysql_real_escape_string($_POST['type']);
    $password AESEncryptCtr($password"school786a"256);
    mysql_query("UPDATE $type SET password = '$password' WHERE username = '$username' LIMIT 1") or die(mysql_error());
    }  
    ?>

  • #12
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Adding the print() line as below displays the username and type?

    Code:
    if($_POST["username"]) {
    $connection = db_connect();
    // extract($_POST);
    $username=mysql_real_escape_string($_POST['username']);
    $password=mysql_real_escape_string($_POST['password']);
    $type=mysql_real_escape_string($_POST['type']);
    
    print('Username: '.htmlspecialchars($_POST['username']).' Type: '.htmlspecialchars($_POST['type']));
    
    $password = AESEncryptCtr($password, "school786a", 256);
    mysql_query("UPDATE $type SET password = '$password' WHERE username = '$username' LIMIT 1") or die(mysql_error());
    }

  • #13
    New Coder
    Join Date
    Feb 2010
    Posts
    81
    Thanks
    23
    Thanked 0 Times in 0 Posts
    Still not having much luck..

    When i submit the page it takes me back to the home page (index.php).. and does not make any amendments to the SQL data.

  • #14
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,500
    Thanks
    8
    Thanked 1,089 Times in 1,080 Posts
    If your form is calling itself, remove this: action="#"

    You should use a separate script to process the form anyhow, it's easier to troubleshoot.

  • #15
    New Coder
    Join Date
    Feb 2010
    Posts
    81
    Thanks
    23
    Thanked 0 Times in 0 Posts
    No problems I have removed it, thanks for you help.

    Working through a few different things with the post script, as its still not amending the sql data in the password field.


  •  
    Page 1 of 4 123 ... LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •