Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Feb 2010
    Posts
    30
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Just a quick question -- can read from db but not write.

    Hi.

    I'm new here and came acroos this as i'm a little stuck with my project.

    I'm making a running trainer user php, mysql.
    I have sorted logins and sessions and it can read from a database.


    However my add/edit/delete user form will only display and delete users.

    I have scanned it several times and can't find the problem, it is proably blindingly obvious, so I would appreciate is some people could have a look.

    PHP Code:
    <?php
    require("includes/sesh.inc");
    require(
    "includes/header.inc");
    require(
    "includes/db.inc");



    if (isset(
    $_GET['add']))
    //if the user has chosen to add someone to the database
    {
    echo 
    "<h1>Add user</h1>";
    $f $_POST['fname'];
    $s $_POST['sname'];
    $u $_POST['uname'];
    $p $_POST['pass'];
    $l $_POST['alevel'];
    $a $_POST['age'];
    $g $_POST['gend'];
    $r $_POST['rabil'];
    $t $_POST['rtrain'];

    $query "INSERT INTO userdetails (userid, firstname, surname, username, password, accesslevel, age, gender, runnerability, racetrainingfor) VALUES (NULL, '$f', '$s','$u','$p',$l,$a,'$g',$r,'$t')";
    mysql_query($query);
    echo 
    "<p>User added. <a href='user.php'>Add/Edit People</a></p>";
    }

    elseif(isset(
    $_GET['del']))
    {
    //if the user has chosen to delete a record ask them to confirm
    echo "<h1>Confirm Delete User</h1>";
    $therecord $_GET['del'];
    echo 
    "<form action='user.php?confirm=yes' method='post'>Are you sure you want to delete user ".$therecord."?. It will be irreversible <br>";
    echo 
    "<input type='hidden' name='todel' value='".$therecord."'><input type='submit' name='yes' value ='Yes'> || <input type='submit' name='no' value ='No'></form>";
    }

    elseif(isset(
    $_GET['confirm']) && isset($_POST['yes']))
    {
    echo 
    "<h1>Deleting The User</h1>";
    //the user has confirmed that they want to delete a record
    $d $_POST['todel'];
    $query "DELETE FROM userdetails WHERE userid=$d";
    mysql_query($query);
    echo 
    "<p>User deleted. <a href='user.php'>Add/Edit Users</a></p>";
    }

    elseif(isset(
    $_GET['edit']))
    {
    // if the user has chosen to edit a record
    $peeps $_GET['edit'];
    $query "SELECT * FROM userdetails WHERE userid=$peeps";
    $result =mysql_query($query);
    $row mysql_fetch_array($result);
    extract($row);
    echo 
    "<h1>Edit User</h1>";
    //display a form for adding a User
    echo "<form action='user.php?add=yes' method='post'>
    <p>Firstname: <input type='text' name='fname'><br>
    Surname:  <input type='text' name='sname'><br>
    Username:  <input type='text' name='uname'><br>
    Password:  <input type='text' name='pass'><br>
    Access Level:  <input type='text' name='alevel'><br>
    Age:  <input type='int' name='age'><br>
    Gender:  <input type='text' name='gen'><br>
    Runner Ability:  <input type='int' name='rabil'><br>
    Race Training For:  <input type='text' name='rtrain'><br>
    <input type='submit' value='Add User'></p>
    </form>"
    ;
    }

    elseif(isset(
    $_GET['update']))
    {
    // if the user has selected to update the details of a record
    $i $_POST['uid'];
    $f $_POST['fname'];
    $s $_POST['sname'];
    $u $_POST['uname'];
    $p $_POST['pass'];
    $l $_POST['alevel'];
    $a $_POST['age'];
    $g $_POST['gend'];
    $r $_POST['rabil'];
    $t $_POST['rtrain'];
    $query "UPDATE userdetails SET firstname='$f', surname='$s', username='$u', password='$p', accesslevel=$l, age=$a, gender='$g', runnerability=$r,  racetrainingfor='$t' WHERE userid=$i";
    mysql_query($query);
    echo 
    "<h1>Update User</h1><p><a href='user.php'>Add/Edit People</a></p>";
    }

    else {
    //default view
    echo "<h1>Add/Edit User</h1>";
    //display a form for adding a User
    echo "<form action='user.php?add=yes' method='post'>
    <p>Firstname: <input type='text' name='fname'><br>
    Surname:  <input type='text' name='sname'><br>
    Username:  <input type='text' name='uname'><br>
    Password:  <input type='text' name='pass'><br>
    Access Level:  <input type='text' name='alevel'><br>
    Age:  <input type='int' name='age'><br>
    Gender:  <input type='text' name='gen'><br>
    Runner Ability:  <input type='int' name='rabil'><br>
    Race Training For:  <input type='text' name='rtrain'><br>
    <input type='submit' value='Add User'></p>
    </form>"
    ;
    //display full list of people in the database with option to edit or delete
    $query "SELECT * FROM userdetails";
    $result mysql_query($query);
    echo 
    "<table border='box'><tr><th>Firstname</th><th>Surname</th><th>Username</th><th>Access Level</th><th>Age</th><th>Gender</th><th>Runner Ability</th><th>Race Training For</th><th>Edit</th></tr>";
    while (
    $row mysql_fetch_array($result))
    {
    extract($row);
    echo 
    "<tr><td>".$firstname."</td><td>".$surname."</td><td>".$username."</td><td>".$accesslevel."</td><td>".$age."</td><td>".$gender."</td><td>".$runnerability."</td><td>".$racetrainingfor."</td><td><a href='user.php?edit=".$userid."'>Edit</a> || <a href='user.php?del=".$userid."'>Delete</a></td></tr>";
    //<td><a href='user.php?edit=".$userid."'>Edit</a> || <a href="user.php?del=".$userid."'>Delete</a></td></tr>";
    }
    echo 
    "</table>";
    }

    require(
    "includes/menu.inc");
    require(
    "includes/footer.inc");
    ?>
    Thanks, Jama

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,801
    Thanks
    160
    Thanked 2,216 Times in 2,203 Posts
    Blog Entries
    1
    However my add/edit/delete user form will only display and delete users.
    You don't have any error checks in your queries.
    Change all your query statements like
    Code:
    $query = "UPDATE userdetails SET firstname='$f', surname='$s', username='$u', password='$p', accesslevel=$l, age=$a, gender='$g', runnerability=$r,  racetrainingfor='$t' WHERE userid=$i";
    mysql_query($query) or die(mysql_error(). '<br/>query:'. $query );
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • Users who have thanked abduraooft for this post:

    DJJama (02-24-2010)

  • #3
    New Coder
    Join Date
    Feb 2010
    Posts
    30
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Thank you.

    Doing this showed up that there was an error with my user id.
    After some searching found i did not have auto-increment on.

    Jama

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,801
    Thanks
    160
    Thanked 2,216 Times in 2,203 Posts
    Blog Entries
    1
    Quote Originally Posted by DJJama View Post
    Doing this showed up that there was an error with my user id.
    After some searching found i did not have auto-increment on.

    Jama
    Good job

    btw, your code is susceptible to sql injections, read http://php.net/manual/en/security.da...-injection.php
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •