BetterPHP

The non-existent community
https://betterphp.co.uk/board/

Edit user info

https://betterphp.co.uk/board/viewtopic.php?t=870

Page 1 of 1

Edit user info

Posted: Sat Dec 17, 2011 2:14 am
by rstinohio1
I'm having problems updating my database, I have 4 fields i want to change. I checked all the { on the page, that's not the problem, I tried to echo information from the database and it displayed my information so that's not the problem, i tried yelling at my computer, that didn't work, i tried to input data into the database with the insert function it worked but is not practical in my situation. I'm probably going to face palm when i find out whats wrong, help please :mrgreen: 

<font size="5" face="sans-serif">Change Settings <?php echo "{$_SESSION['usr']}"; ?></font>

		<form action="" method="POST">		

		<table cellpadding="3" cellspacinf="4" border="0">

<tr>

	<td>Name</td>

	<td><input type="text" name="name" /></td>

	</tr>

	<tr>

	<td>Age</td>

	<td><input type="text" name="age" /></td>

	</tr>

	<tr>

	<td>Gender</td>

	<td><input type="text" name="mf" /></td>

	</tr>

	<tr>

	<td>Location</td>	

	<td><input type="text" name="loc" /></td>	

	</tr>

	<tr>	

	<td><input type="submit" name="submit" value="submit" /></td>

	</tr>

	</table>

	</form>
<?php
if ($_POST['submit']){
define('INCLUDE_CHECK',true);
require 'connect.php';

$usr = $_SESSION['usr'];



$sql = 
mysql_query("UPDATE members 
SET name='{$_POST['name']}', age='{$_POST['age']}, mf='{$_POST['mf']}', loc='{$_POST['loc']}' 
WHERE usr='$usr'");

if($sql){
echo 'Changes Saved!';

}else{
echo 'Error';
} 
}

?>

Re: Edit user info

Posted: Sat Dec 17, 2011 3:39 pm
by jacek
It looks like it should work, it might be that one of your column names is a keyword. try wrapping them all in backticks which would fix the problem if this is the cause.
mysql_query("UPDATE `members` SET `name` = '{$_POST['name']}', `age` = '{$_POST['age']}, `mf` = '{$_POST['mf']}', `loc` = '{$_POST['loc']}' WHERE `usr` = '$usr'");
a few other things though, you should really not be using the query directly in the script like this. It would be better to separate the logic type code (the query) and the display type code (the html) so that if you need to make a change to one you don't have to scroll through the other. You can do this by using functions, so you could create an update_profile() function for example.

One thing you really need to do is look into SQL injection, since you don't seems to have considered it at all here ;)

Re: Edit user info

Posted: Sat Dec 17, 2011 6:43 pm
by rstinohio1
thanks, it worked, and i watched your sql injection tutorial, :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited