Edit user info

Ask about a PHP problem here.
Post Reply
rstinohio1
Posts: 7
Joined: Sun Dec 11, 2011 9:37 pm
Location: USA - OHIO

Edit user info

Post by rstinohio1 »

I'm having problems updating my database, I have 4 fields i want to change. I checked all the { on the page, that's not the problem, I tried to echo information from the database and it displayed my information so that's not the problem, i tried yelling at my computer, that didn't work, i tried to input data into the database with the insert function it worked but is not practical in my situation. I'm probably going to face palm when i find out whats wrong, help please :mrgreen: 

<font size="5" face="sans-serif">Change Settings <?php echo "{$_SESSION['usr']}"; ?></font>

		<form action="" method="POST">		

		<table cellpadding="3" cellspacinf="4" border="0">

<tr>

	<td>Name</td>

	<td><input type="text" name="name" /></td>

	</tr>

	<tr>

	<td>Age</td>

	<td><input type="text" name="age" /></td>

	</tr>

	<tr>

	<td>Gender</td>

	<td><input type="text" name="mf" /></td>

	</tr>

	<tr>

	<td>Location</td>	

	<td><input type="text" name="loc" /></td>	

	</tr>

	<tr>	

	<td><input type="submit" name="submit" value="submit" /></td>

	</tr>

	</table>

	</form>
<?php
if ($_POST['submit']){
define('INCLUDE_CHECK',true);
require 'connect.php';

$usr = $_SESSION['usr'];



$sql = 
mysql_query("UPDATE members 
SET name='{$_POST['name']}', age='{$_POST['age']}, mf='{$_POST['mf']}', loc='{$_POST['loc']}' 
WHERE usr='$usr'");

if($sql){
echo 'Changes Saved!';

}else{
echo 'Error';
} 
}

?>
Top
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:
Contact jacek

Re: Edit user info

Post by jacek »

It looks like it should work, it might be that one of your column names is a keyword. try wrapping them all in backticks which would fix the problem if this is the cause.
mysql_query("UPDATE `members` SET `name` = '{$_POST['name']}', `age` = '{$_POST['age']}, `mf` = '{$_POST['mf']}', `loc` = '{$_POST['loc']}' WHERE `usr` = '$usr'");
a few other things though, you should really not be using the query directly in the script like this. It would be better to separate the logic type code (the query) and the display type code (the html) so that if you need to make a change to one you don't have to scroll through the other. You can do this by using functions, so you could create an update_profile() function for example.

One thing you really need to do is look into SQL injection, since you don't seems to have considered it at all here ;)
Image
Top
rstinohio1
Posts: 7
Joined: Sun Dec 11, 2011 9:37 pm
Location: USA - OHIO

Re: Edit user info

Post by rstinohio1 »

thanks, it worked, and i watched your sql injection tutorial, :)
Top
Post Reply

Return to “PHP”