Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Apr 2014
    Posts
    13
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Thumbs up Update MYSQL Database user profile

    Hi Everyone, First of all what a great forum! I will be lurking around here and helping out when ever i can.

    I have always been interested in PHP so i have finally found the time to "self educated" myself. It's a learning curve but i love it.

    So far so good and i have been able to figure out how to do most myself, maybe not what would be the best way but at the moment, there are many ways to skin a cat.

    So i have found an issue where i am a little stuck, i can modify a logged in user using the form below, HOWEVER the only part that doesnt work is the drop down selection right down the bottom of the page ( this line: <label for="level2">Level:</label><select type="text" name="level" id="level2" value="<? echo ($_SESSION['level']) ?>"> )

    Now that works fine between 1 and 6, however because i have php and html mixed after 6, it makes it save blank into the database, my guess is because its trying to post the slash ? The reason for this is because i only want members with certain level permissions over 6 to be able to modify anything over that. Can someone shed some light on this and remember im pretty new at this.

    ( Also, as a newbie, can you see any major faults with my code that could be prevented now instead of later? I really appreciate your help in advance as i am passionate about learning this )

    PHP Code:
    <?php include "../includes/base.php"?>
    <?php 
    include "../includes/checklogin.php"?>
    <?php 
    include "includes/staffcheck.php"?>
    <?php 
    include "includes/globals.php"?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">  
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
     
    <title>User Management</title>
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>  
    <body>  
        <?php

    $dbhost 
    'localhost';
    $dbuser '****';
    $dbpass '****';
    $conn mysql_connect($dbhost$dbuser$dbpass);
    if(! 
    $conn )
    {
      die(
    'Could not connect: ' mysql_error());
    }

    if(isset(
    $_POST['update']))
    {
    $User1 $_POST['Username'];
    $First $_POST['First_Name'];
    $Last $_POST['Last_Name'];
    $level2 $_POST['level'];
    $Addy $_POST['EmailAddress'];
    $sql "UPDATE users SET Username = '$User1', First_Name = '$First', Last_Name = '$Last', level = '$level2', EmailAddress = '$Addy' WHERE UserID = '$UserID1'";    
    $retval mysql_query$sql$conn );
    if(! 
    $retval )
    {
      die(
    'Could not update data: ' mysql_error());
    }
    $_SESSION['Username'] = $_POST['Username'];
    $_SESSION['First_Name'] = $_POST['First_Name'];
    $_SESSION['Last_Name'] = $_POST['Last_Name'];
    $_SESSION['EmailAddress'] = $_POST['EmailAddress'];
    $_SESSION['level'] = $_POST['level'];
    echo 
    "Updated data successfully\n";
    }

    ?>
    <div id="main">
    </div>
    <form method="post" action="<?php $_PHP_SELF ?>">
        <fieldset>
            <label for="Username">Username:</label><input name="Username" type="text" id="User1" value="<? echo ($_SESSION['Username']) ?>" /><br />
            <label for="email">Email Address:</label><input type="text" name="EmailAddress" id="Addy" value="<? echo ($_SESSION['EmailAddress']) ?>" /><br />
            <label for="email">First Name:</label><input type="text" name="First_Name" id="First" value="<? echo ($_SESSION['First_Name']) ?>" /><br />
            <label for="email">Last Name</label><input type="text" name="Last_Name" id="Last" value="<? echo ($_SESSION['Last_Name']) ?>" /><br />
            <label for="UserID">UserID</label><input type="text" name="UserID" id="UserID" value="<? echo ($_SESSION['UserID']) ?>" /><br />
            <label for="level2">Level:</label><select type="text" name="level" id="level2" value="<? echo ($_SESSION['level']) ?>">
              <option value="1">Customer</option>
              <option value="2">Demo</option>
              <option value="3">Franchisee</option>
              <option value="4">Regional</option>
              <option value="5">State</option>
              <option value="6">6</option>
              <?php 
    if($_SESSION["level"] > 8)
    {
    echo 
    '<option value=\"7\">General Staff</option>
              <option value=\"8\">8</option>
              <option value=\"9\">9</option>
              <option value=\"10\">10</option>
              <option value=\"11\">Admin</option>'
    ;
    }
    ?>
            </select>
          <input type="submit" name="update" id="update" value="Update" />
        </fieldset>
        </form>
    </div>
    </body>
    </html>

  • #2
    New Coder
    Join Date
    Apr 2014
    Posts
    13
    Thanks
    3
    Thanked 0 Times in 0 Posts
    ha ha, a little bit funny. So while browsing the resources of this forum, i find a stick from a moderator......:
    1.6. Magic Quotes are the worst thing in the programming world, ever. This is a PHP feature that automatically puts a \ infront of ' and " in an effort to make SQL safer. It was a terrible idea when it was implemented. It's a terrible idea now. It will continue to be a terrible idea forever. If you actually use this feature and have no current plans to phase it out, please stand in line as there are hundreds of thousands of people wanting to slap you for it. See 2.1, 2.2 and 2.3.

    In that case, can someone point me in the correct direction on how to do what i am attempting? Please feel free to slap as suggested above.

  • #3
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,469
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    In your case, you don't need the slashes \

    You're using single quotes with your echo, so take out the slashes in that echo statement

  • Users who have thanked mlseim for this post:

    elgoots (04-22-2014)

  • #4
    New Coder
    Join Date
    Apr 2014
    Posts
    13
    Thanks
    3
    Thanked 0 Times in 0 Posts
    Thank you mlseim I think taking a break and walking away for an hour could have avoided this thread. Would have not over looked the obvious.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •