|
PHP - Edit Profile Page?
I was looking at various tutorials on the net to help me create an edit profile page for my site but the ones I tried wouldn't work...
What changes would I have to make to this: (register.php) <?php include ('header.php'); ?></center> <div class=content> <?php if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = mysql_real_escape_string($_POST['username']); $password = md5(mysql_real_escape_string($_POST['password'])); $email = mysql_real_escape_string($_POST['email']); $location = mysql_real_escape_string($_POST['location']); $website = mysql_real_escape_string($_POST['website']); $about = mysql_real_escape_string($_POST['about']); $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'"); if(mysql_num_rows($checkusername) == 1) { echo "<b>Error</b>"; echo "Sorry, that username is taken. Please go back and try again.</p>"; } else { $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress, Location, Website, About) VALUES('".$username."', '".$password."', '".$email."', '".$location."', '".$website."', '".$about."')"); if($registerquery) { echo "<b>Success!</b>"; echo "Your account was successfully created. Please click<a href=\"index.php\"> here </a>to login."; } else { echo "<b>Error</b>"; echo "<p>Sorry, your registration failed. Please go back and try again.</p>"; } } } else { ?> <b>Register</b> <br><br> Please enter your details below to register. <br><br> <form method="post" action="register.php" name="registerform" id="registerform"> <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0> <b>Required Information:</b><br><br> <tr><td> <b>Username:</b> </td><td> <input type="text" name="username" id="username" /> </td></tr><tr><td> <b>Password:</b> </td><td> <input type="password" name="password" id="password" /> </td></tr><tr><td> <b>Email Address:</b> </td><td> <input type="text" name="email" id="email" /> </td></tr></table></td><td valign=top> <table border=0> <b>Optional Information:</b><br><br> <tr><td> <b>Location:</b> </td><td> <input type="text" name="location" id="location"> </td></tr><tr><td> <b>Your Website:</b> </td><td> <input type="text" name="website" id="website"> </tr></td><tr><td valign=top> <b>Short About:</b> </td><td> <textarea name="about" id="about" rows="10" cols="20"></textarea> </td></tr></td> </table> </td></tr> </table> <input type="submit" name="register" id="register" value="Register" class=btn /> </form> <?php } ?> </div> <?php include ('footer.php'); ?> an edit profile page? I use this as the template because its damn near the same script, just with a few alterations... I know the obvious things the bit I struggle with is selecting the database then inserting new information?...I keep getting my variables/queries messed up when I rewrite it to create a edit profile page. Cheers, Similar TutorialsHi all, I am currently facing a problem, if you look at 'viewprofile.jpg' attachment, you can see that there is an uploaded profile picture. However when I click to edit the profile, the picture is missing (editprofile.jpg), I am just wondering what went wrong? Can someone guide me in troubleshooting this problem? Code: [Select] <?php if (isset($_POST['submit'])) { // Validate and move the uploaded picture file, if necessary if (!empty($new_picture)) { if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') || ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= CT_MAXFILESIZE)) { //0 indicates a success, other values indicate failure if ($_FILES['file']['error'] == 0) { // Move the file to the target upload folder $target = CT_UPLOADPATH . basename($new_picture); if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) { // The new picture file move was successful, now make sure any old picture is deleted if (!empty($old_picture) && ($old_picture != $new_picture)) { @unlink(CT_UPLOADPATH . $old_picture); } } else { // The new picture file move failed, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Sorry, there was a problem uploading your picture.</p>'; } } } else { // The new picture file is not valid, so delete the temporary file and set the error flag @unlink($_FILES['new_picture']['tmp_name']); $error = true; echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (CT_MAXFILESIZE / 1024). '</p>'; } } // Grab the profile data from the POST $name = mysqli_real_escape_string($dbc, trim($_POST['name'])); $nric = mysqli_real_escape_string($dbc, trim($_POST['nric'])); $gender = mysqli_real_escape_string($dbc, trim($_POST['gender'])); $old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture'])); $new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name'])); $new_picture_type = $_FILES['new_picture']['type']; $new_picture_size = $_FILES['new_picture']['size']; list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']); $error = false; // Update the profile data in the database if (!$error) { if (!empty($name) && !empty($nric) && !empty($gender)) { $query = "UPDATE tutor_profile SET name = '$name', nric = '$nric', gender = '$gender' WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // Confirm success with the user echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile.php?tutor_id=' . $_GET['tutor_id'] . '">view your profile</a>?</p>'; mysqli_close($dbc); exit(); } else { echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>'; } } } // End of check for form submission else { // Grab the profile data from the database $query = "SELECT name, nric, gender FROM tutor_profile WHERE tutor_id = '" . $_GET['tutor_id'] . "'"; $data = mysqli_query($dbc, $query) or die(mysqli_error($dbc)); // The user row was found so display the user data if (mysqli_num_rows($data) == 1) { $row = mysqli_fetch_array($data); if ($row != NULL) { $name = $row['name']; $nric = $row['nric']; $gender = $row['gender']; } else { echo '<p class="error">There was a problem accessing your profile.</p>'; } } } mysqli_close($dbc); ?> <form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo CT_MAXFILESIZE; ?>" /> <ul id="tabSet_ep"> <li><a href="#panel1">Personal Profile</a></li> <li><a href="#panel2">Qualifications</a></li> <li><a href="#panel3">Tutor\'s Comments/Commitment</a></li> <li><a href="#panel4">Tutoring Levels/Subjects</a></li> </ul> <!--Personal Profile--> <div id="panel1"> <label for="new_picture">Pictu </label> <input type="file" id="new_picture" name="new_picture" /> <?php if (!empty($old_picture)) { echo '<img class="profile" src="' . CT_UPLOADPATH . $old_picture . '" alt="Profile Picture" />'; } ?><br /> <label for="firstname">First name:</label> <input type="text" id="firstname" name="firstname" value="<?php if (!empty($name)) echo $name; ?>" /><br /> <label for="lastname">Last name:</label> <input type="text" id="lastname" name="lastname" value="<?php if (!empty($nric)) echo $nric; ?>" /><br /> <label for="gender">Gender:</label> <select id="gender" name="gender"> <option value="M" <?php if (!empty($gender) && $gender == 'M') echo 'selected = "selected"'; ?>>Male</option> <option value="F" <?php if (!empty($gender) && $gender == 'F') echo 'selected = "selected"'; ?>>Female</option> </select><br /> </div> <input type="submit" value="Save Profile" name="submit" /> </form> Hi. I am working on a website that has restriction level. An admin, a staff, and ordinary user. In my admin page when I click the button "View Users" it shows all the listed users in a table, from admin to ordinary users. And on each entry is an option to either "Delete" or "Edit" the users account. Now I have a problem with editing user profile because it appears blank fields. Not like in the admin side wherein if I click "Edit" the fields are filled with the users info. How do I do this in the staff's page. Here is the view users code from the admin's page: Code: [Select] if (@$_GET['action'] == "View Users") { print "<font size=6 color=yellow><center>View User's Records</center><br></font>"; $result = mysql_query ("SELECT * FROM users order by user_lvl, lname asc"); $rows = mysql_num_rows($result); if ($rows!=0) { print "<table border=1 align=center cellspacing=10>"; print " <tr bgcolor=yellow align=center> <td>First Name</td> <td>Last Name</td> <td>Email</td> <td>Username</td> <td>Password</td> <td>Phone Number</td> <td>User Privilege</td> <td>Options</td> </tr>"; for ($i=0; $i< $rows; $i++) { $row = mysql_fetch_row ($result); print "<tr bgcolor= white align=center>"; print "<td>$row[0]</td>"; print "<td>$row[1]</td>"; print "<td>$row[2]</td>"; print "<td>$row[3]</td>"; print "<td>$row[4]</td>"; print "<td>$row[5]</td>"; print "<td>$row[6]</td>"; print "<td>[ <a href=admin_main.php?action=Delete&username=$row[3]>Delete</a> ]"; print "[ <a href=admin_main.php?action=Edit&username=$row[3]>Edit</a> ]"; print "</td>"; print "</tr>"; } print "</table>"; print "<font size=1 color=yellow>Number of entries found: $rows"; } else { print "No records found!"; } mysql_free_result ($result); } Now here is the code when I click "Edit" from the "View Users" table: Code: [Select] if (@$_GET['action'] == "Edit") { $result = mysql_query ("Select * from users where username='$_GET[username]'"); $row = mysql_fetch_row ($result); print "<font size=6 color=yellow><center>Edit Records </center></font>"; print "<form method = get> <table border = 1 align=center> <tr> <td><font color=yellow>First Name:</font></td> <td><input type=text name=fname value=$row[0] ></td></tr> <tr> <td><font color=yellow>Last Name:</font></td> <td><input type=text name=lname value=$row[1]></td></tr> <tr> <td><font color=yellow>Email Address: </font></td> <td><input type=text name=email value=$row[2] </td></tr> <tr> <td><font color=yellow>Username: </font></td> <td><input type = text name = username value=$row[3] ></td></tr> <tr> <td><font color=yellow>Password:</font></td> <td><input type=text name=password value=$row[4]></td></tr> <tr> <td><font color=yellow>Contact Number:</font></td> <td><input type = text name = phone_number value=$row[5]></td></tr> <tr> <td><font color=yellow>User Privilege:</font></td> <td><input type = txt name = user_lvl value=$row[6]></td></tr> <tr><td><input type=submit value='Update Users' Submit name=action></td></tr> </table> </form> "; } if (@$_GET['action']=="Update Users") { $result = mysql_query ("UPDATE users SET fname='$_GET[fname]', lname='$_GET[lname]', email='$_GET[email]', username='$_GET[username]', password='$_GET[password]', phone_number='$_GET[phone_number]', user_lvl='$_GET[user_lvl]' where username= '$_GET[username]'"); print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>"; } Hi I am trying to develop an editprofile.php page to allow users to change their details. So far i have written Code: [Select] <?php $result = mysql_query("SELECT username FROM users WHERE username = {$_SESSION['MM_Username']}"); $num_rows = mysql_num_rows($result); if($num_rows > 0) { while ($row = mysql_fetch_array($result)) { $username = $row['username']; } } ?> and then tried to test it by using Code: [Select] <div><?php echo $username ?></div> but nothing is being echo'ed out. What am i doing wrong? Hello, I'm a new member and i want to say a compliment to the php coders. Well, in the profile page i want to insert to box. The first can be modified by the user and by the staff And the second can be inserted comments only by the staff.. We don't have a profile page to modify the date but, is possible insert only that? How can i do that? Naturally the staff comments can be modifed by the staff area. Thanks Hi, I have to ask about profile page for each user like facebook and netlog. As u can see in netlog it is like this http://en.netlog.com/ElegantLeo and i have a site http://cyprussaver.com/merchant.php?id=64 and here each merchant profile can be viewed like this but i need to show them like this http://cyprussaver.com/rocksman please guide me what i have to do in order to achieve this result. Thanks, Hanan ALi Hello. Say i want to view another user profile. I click on user name and i see the profile page. So how can i link user name to his profile? I have tried linking it to $id (this is where user id is stored in the database), but no luck. Thank you. I've been working on a project and I have pretty much everything set up with a registration page, login and logout. After the user logs in it directs it to index.php. That's where it it ends. How do I start the page where it will display something like Hello, username! and than anything else the user has done in his or her account. Does anyone know a good tutorial? Thanks This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=347558.0 hi all, i have a profile page which is a form that asks users to enter there personal details such as name, location, mobile number etc and saves this info with a mysql database, however when you return to the edit profile page the fields are blank and i want them to pull the details the user has entered (if any) and display it, so if a user entered there name as Lee, then returned to the edit profile page there name field would show lee instead of being empty. heres my profiles page code, any help would be great Code: [Select] <?PHP session_start(); if (!(isset($_SESSION['username']) && $_SESSION['username'] != '')) { header ("Location: login.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <!-- Author: Reality Software Website: http://www.realitysoftware.ca Note: This is a free template released under the Creative Commons Attribution 3.0 license, which means you can use it in any way you want provided you keep the link to the author intact. --> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title></title> <link href="style.css" rel="stylesheet" type="text/css" /> <style type="text/css"> .auto-style2 { font-size: 25px; } </style> </head> <body> <div id="container"> <!-- header --> <div id="header"> <div id="logo"><a href="#"><span class="orange">SouthWest</span> LAN's</a></div> <div id="menu"> <ul> <li><a href="index.php">home</a></li> <li><a href="register.php">Register</a></li> <li><a href="account.php">My Account</a></li> <li><a href="forum.php">Forums</a></li> <li><a href="faq.php">FAQ</a></li> </ul> </div> </div> <!--end header --> <!-- main --> <div id="main"> <div id="content"> <div id="head_image"> <div id="slogan"><strong><span class="auto-style2">Organising LAN Parties in the SouthWest</span></strong><br /></div> <div id="under_slogan_text"></div> </div> <div id="text"> <h1>Edit Profile</h1> <br /> <form name="register" method="post" action="process_p.php"> <table border="0" width="225" align="center"> <tr> <td width="219" bgcolor="#999999"> <p align="center"><font color="white"><span style="font-size:12pt;">Please fill out as much as possible</span></font></p> </td> </tr> <tr> <td width="219"> <table border="0" width="282" align="center"> <tr> <td width="116"><span style="font-size:10pt;">Username: </span></td> <td width="156"><?php echo $_SESSION['username']; ?></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Email: </span></td> <td width="156"><input type="text" name="email" maxlength="30"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Real Name: </span></td> <td width="156"><input type="text" name="real_name"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Location: </span></td> <td width="156"><input type="text" name="location"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Mobile Number: </span></td> <td width="156"><input type="text" name="mobile_number"></td> </tr> <tr> <td width="116"><span style="font-size:10pt;">Instant Messager: </span></td> <td width="156"><input type="text" name="instant_messaging"></td> </tr> <tr> <td width="116"> </td> <td width="156"> <p align="right"><input type="submit" name="update" value="Update Profile"></p> </td> </tr> </table> Hi phpfreaks members, I got a little social network website, http://www.tranceprofile.com I got a php script for members to log in to my website. When they are logged in they can view there own profile and edit it. I got my login script on two places, http:www.tranceprofile.com/login.php and my index.php page. Well here is my problem: When they log in they are send to my index.php page as a logged in user. I want them to be redirected to the http://www.tranceprofile.com/profile.php page. I hope you guys can help me out! Best regards, Mitch Oosterhuis. Login script: <table width="400" align="center" cellpadding="6" style="background-color:#FFF; border:#666 1px solid;"> <form action="login.php" method="post" enctype="multipart/form-data" name="signinform" id="signinform"> <tr> <td width="23%"><font size="+2">Log In</font></td> <td width="77%"><font color="#FF0000"><?php print "$errorMsg"; ?></font></td> </tr> <tr> <td><strong>Email:</strong></td> <td><input name="email" type="text" id="email" style="width:60%;" /></td> </tr> <tr> <td><strong>Password:</strong></td> <td><input name="pass" type="password" id="pass" maxlength="24" style="width:60%;"/></td> </tr> <tr> <td align="right"> </td> <td><input name="remember" type="checkbox" id="remember" value="yes" checked="checked" /> Remember Me</td> </tr> <tr> <td> </td> <td><input name="myButton" type="submit" id="myButton" value="Sign In" /></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td colspan="2">Forgot your password? <a href="forgot_pass.php">Click Here</a> <br /></td> </tr> <tr> <td colspan="2">Need an Account? <a href="register.php">Click Here</a><br /> <br /></td> </tr> </form> </table> Hi, I have a "user profile" page and it has a profile image upload form. I have it so that the old profile image is deleted, and the new image is uploaded and the new image is echoed out using the name of the new file from the database. The problem is, when I click submit to add the new image, the old image still stays there and the new image does not show up. Only when I manually click refresh on my browser does the new image show up. That is going to be bad for my users. Please if anyone can help, I'd greatly appreciate it. Below is the code I am using to delete the old image, and code to upload the image as well, when the photo upload form is used. Code: [Select] if(isset($_POST['photoUpload'])) { if(file_exists("images/".$currentUser.".jpg")){ unlink("images/".$currentUser.".jpg"); clearstatcache(); } //reads the name of the file the user submitted for uploading $image=$_FILES['image']['name']; //if it is not empty if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']); //get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); //if it is not a known extension, we will suppose it is an error and will not upload the file, //otherwise we will do more tests if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { //print error message echo '<h1>Unknown extension!</h1>'; $errors=1; } } //end if here //was else here //get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file //in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name= $currentUser .'.'.$extension; //$image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname=$image_name; //"images/". // Connects to your Database mysql_connect("host", "user", "pass") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()) ; //we verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], "images/".$newname); // update the photo name in the database $result = mysql_query("UPDATE users SET profilePhoto='$newname' WHERE username='$currentUser'") or die(mysql_error()); if (!$copied) { echo '<h1>Copy unsuccessful!</h1>'; $errors=1; } else{ $dir="images/"; echo "<p>Profile Picture Change Successful!</p>"; echo "<img src='{$dir}{$newname}' alt='{$newname}' height='200' width='200' />"; echo "<p></p>"; } } I'm trying to set up a very simple (WIP) members page that you can click registered users to see their profile page that will display basic information. I'm having trouble with the sessions and retrieving this info from my database. I'm very new to this so it's all pretty amateur. I've been looking at this code for several hours trying to fix things but I start to make some progress, then change stuff, and go backwards. I had a members page that displayed the registered users in my database, but after a while of altering to try to get the profiles to work, I messed it up :mad:. I have basic login and register pages. I need some seperate eyes to take a look. Any help is so much appreciated. Thanks! members.php Code: [Select] <?php session_start(); require 'mysql-connect.php'; $auser=$_SESSION['user']; if(isset($auser)){ $Members = mysql_query("SELECT * FROM user WHERE username='$username'") or die(mysql_error()); $numRowsMembers = mysql_num_rows($Members); ?> <table border="1"> <?php for($count = 1; $count <= $numRowsMembers; $count++) { $name = mysql_fetch_array($Members); ?> <tr> <?php echo '<td><a href="member_profile.php?username=' . $name['username'] . '">' . $name['username'] . '</a></td>'; } } ?> </tr> </table> member_profile.php Code: [Select] <?php session_start(); require 'mysql-connect.php'; $auser=$_SESSION['user']; if(isset($auser)){ $username = $_GET['username']; $user = mysql_query("SELECT * FROM user WHERE username = '$username'"); echo $user; $user=mysql_fetch_assoc($user); echo "<h1>User Info</h1>"; echo "<b>Username:".$user['username']."<br>"; echo "<br>"; echo '<form name="backlistfrm" method="post" action="members.php">'; echo '<input type="submit" value="Back to The List">'; echo '</form>'; echo "<br>"; } ?> my login handler Code: [Select] <?php include 'mysql-connect.php'; $username = $_POST['user']; $password = $_POST['pass']; $query1 = mysql_query("SELECT * FROM user WHERE username='$username'"); $result = mysql_num_rows($query1); if($result == 0) { echo '<h1>Error!</h1>The username you specified does not exist!'; } else { $checkuser = mysql_query("SELECT * FROM user WHERE username='$username'"); $row = mysql_fetch_array($checkuser); $password2 = $row['password']; //$status = $row['status']; if ($password == $password2) { echo "Hi $username."; include("index.php"); } else { echo '<h1>Error!</h1>The username and password combination you entered does not match the ones we have in the database.'; } } ?> mysql-connect.php Code: [Select] <?php $host = "localhost"; $username = "root"; $password = ""; $database = "ug54"; $link = mysql_connect($host, $username, $password);//Connects to database with host, username, and password $select = mysql_select_db($database); ?> and my simple database Code: [Select] CREATE TABLE IF NOT EXISTS `user` ( `id` int(4) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(32) NOT NULL, `password` varchar(32) NOT NULL, `firstname` varchar(20) NOT NULL, `lastname` varchar(20) NOT NULL, `email` varchar(30) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ; -- -- Dumping data for table `user` -- INSERT INTO `user` (`id`, `username`, `password`, `firstname`, `lastname`, `email`) VALUES (1, '', '', '', '', '0'), (2, 'abc', '123', '', '', '0'), (3, 'a', 'b', 'c', 'd', '0'), (4, 'hfg', 'rgfdg', 'gdfg', 'dfgdf', '0'), (5, '999', '999', '999', '999', '999'); Hi, I am making a dating site where I have made the user profile edit page visible to the user when they log in, and I think I can get away with not showing the user their "public" profile view. But I definitely need to show other users on the site the "public" non editing profile page view. But I don't know how to do this. I have yet to create the search, search results, thumbnails with optional descriptions of the possible dating results. But I first want to just get 2 versions of the user profile page view. One that the user sees that I have already done. (The editable one). And the other I need to make which is the page the other users will see, (The public profile) Please if anyone has any idea how to do this I would greatly appreciate it, especially if you have any pseudocode ideas. thank you. Hi can anyone please help me, I have to create a edit page that retrieves information from a list so that a user can change the text. The page looks fine but when I enter data in the fields and update it leaves the page as it was retrieved. I am a beginner! My code looks like this: Code: [Select] <form method = "get" action = "edit.php"> <?php //check to see if user is logged on session_start(); if (!(isset($_SESSION['login']) && $_SESSION['login'] != "")) { header ("Location:login.php"); } include('connect.php'); //connection details to database in a connect.php page $product_id = $_GET['product_id']; $query = "SELECT * FROM products WHERE product_id = '$product_id'"; $result = mysql_query($query); while($row = mysql_fetch_array($result)){ $product_id = $row['product_id']; echo "<table>"; echo "<tr>"; echo "<td><input name = 'product_id' type = 'hidden' value ='$row[product_id]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Name:</td><td><input name = 'pname' type = 'text' value ='$row[product_name]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Range:</td><td><input name = 'prange' type = 'text' value ='$row[product_range]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td>Product Price:</td><td><input name = 'pprice' type = 'text' value ='$row[product_price]'></td>"; echo "</tr>"; echo "<tr>"; echo "<td><input type = 'submit' name = 'Submit' value = 'Update'></td>"; echo "</tr>"; echo "</table>"; } //if form was submitted if ($_SERVER['REQUEST_METHOD'] == 'POST'){ //get values from fields $productname = $_POST['pname']; $range = $_POST['prange']; $price1 = $_POST['pprice']; $price = (int)$price1; if ($productname == "" || $range == "" || $price == "" ) { $errorMessage .= "Please fill in all text boxes"; } else { $errorMessage = ""; } $query = "UPDATE products SET product_name = '$productname', product_range = '$range', product_price = '$price' WHERE product_id = '$product_id'"; $result = mysql_query($query); print "<br> $productname from range $range with a price of $price has been updated!"; } ?> Thank you in advance! So I'm working on a php page that can edit a .txt-file. This is what I'v got so far: Code: [Select] <?php if (isset($_POST['submit'])) { $stringData = stripslashes($_POST['sf']); file_put_contents("huisrekening.txt", $stringData); header('Location: quaestor.php?a=update'); } ?> Huisrekening: <form action="" method="post"> <textarea name="sf" cols="100" rows="20"> <?php $theData = file_get_contents("huisrekening.txt"); echo $theData; ?></textarea> <br /> <input type="submit" name="submit" value="Update" /> </form> <?php if ($_GET['a'] == 'update') { echo ''; $myFile = "huisrekening.txt"; $fh = fopen($myFile, 'r'); $theData = fgets($fh); fclose($fh); echo $theData; } ?> Problem: each time I hit the Update button an extra line appears in the .txt-file. :-( Does anybody know what I did wrong? hi i was wondering how i would make a website that allowed a user to login and edit there website ... like im a hoster and they can have a webpage on my server... how would i do this? allow them to create a database , and use all types of code? please help me this is important , if i didnt explain good enough please tell me My validation Code: [Select] <?php if(!isset($_POST['submit'])) { if(!isset($_GET["id"])) { me_redirect_to("staff.php"); } } ?> is redirecting me even if my $_POST['submit'] is set here's the full code Code: [Select] <?php require_once("includes/connection.php"); ?> <?php require_once("includes/functions.php"); ?> <?php require("includes/header.php"); ?> <?php require("includes/navbar.php"); ?> <?php require("staff_sidebar.php"); ?> <?php if(!isset($_POST['submit'])) { if(!isset($_GET["id"])) { me_redirect_to("staff.php"); } } ?> <?php if(!isset($_POST['submit'])) { if(!is_numeric($_GET["id"])) { me_redirect_to("staff.php"); } } ?> <?php if(isset($_GET['id'])); { $i = 0; $edit_proj_id = $_GET['id']; $edit_query = "Select proj_name, content from rec_projects where proj_id = {$edit_proj_id}"; $edit_result = mysql_query($edit_query, $connection); $num = mysql_num_rows($edit_result); if($num != 1) { me_redirect_to("staff.php"); } $edit_proj_name = mysql_result($edit_result,$i,"proj_name"); $edit_content = mysql_result($edit_result,$i,"content"); } ?> <div id="content"> <h1>Edit Subject</h1><br> <?php if(isset($_POST['submit'])) { $proj_name = me_mysql_prep(trim($_POST['proj_name'])); $proj_content = me_mysql_prep($_POST['proj_content']); if(empty($_POST['proj_name'])) { $empty_name = array('Project Name Cannot Be Empty'); } if(empty($_POST['proj_content'])) { $empty_content = array('Content Cannot Be Empty'); } if(isset($empty_name) && isset($empty_content)) { $error_merge = array_merge($empty_name, $empty_content); } else if(isset($empty_name)) { $error_merge = array_merge($empty_name); } else if(isset($empty_content)) { $error_merge = array_merge($empty_content); } else { $error_merge = array(); } if(!empty($error_merge)) { foreach($error_merge as $error) { echo "<span class=\"error_validation\">*". $error . "<br></span>"; } } else { $query = "UPDATE rec_projects SET proj_name='{$proj_name}', content='{$proj_content}' where proj_id = {$edit_proj_id}"; if($result = mysql_query($query,$connection)) { me_redirect_to("edited_project.php?edited=1"); } else { echo "Can\'t edit the project: ". mysql_error() . ""; } } echo "<br><br>"; } ?> <table> <tr><td> </td></tr> </table> <table> <form action="edit_project.php" method="post" name="add_subject"> <tr> <td>Project Name:</td> <td><input type="text" size="50" name="proj_name" value="<?php echo $edit_proj_name; ?>"></td> </tr> <tr> <td>Content:</td> <td><textarea cols="70" rows="20" name="proj_content"><?php echo $edit_content; ?></textarea></td> </tr> <tr> <td></td> <td><input type="submit" value="Edit Project" name="submit" id="submit" size="30"></td> </tr> </form> </table> </div> <?php require("includes/footer.php"); ?> It's suppose to be executing the mysql edit query but it's bypassing my validation. I wonder what the problem is.. Hi There I am trying to create a page that edit mysql database from a php page. I can get the edit page to show the orginal information but it wont update the data in the mysql database. I am sure I have entered everything right. If anyone could help with this I would greatly appreciated <?php include("dbconnect.php"); if(isset($_POST['submit'])) { // Set global variables to easier names // and prevent sql injection and apostrophe to break the db. $ProductName = mysql_escape_string($_POST['ProductName']); $ProductText = mysql_escape_string($_POST['ProductText']); $ProductImage = mysql_escape_string($_POST['ProductImage']); $ProductPrice = mysql_escape_string($_POST['ProductPrice']); $result = mysql_query("UPDATE Product SET ProductName='$ProductName', ProductText='$ProductText', ProductImage='$ProductImage', ProductPrice='$ProductPrice' WHERE ID='$ID' ",$dbconnect); echo "<b>Thank you! Product UPDATED Successfully!<br>You'll be redirected to View Page after (2) Seconds"; echo "<meta http-equiv=Refresh content=2;url=view.php>"; echo "$ProductName <br> $ProductText <br> $ProductImage <br> $ProductPrice"; } elseif(isset($_GET['ID'])) { $result = mysql_query("SELECT * FROM Product WHERE ID='$_GET[ID]' ",$dbconnect); while($myrow = mysql_fetch_assoc($result)) { $ProductName = $myrow["ProductName"]; $ProductText= $myrow["ProductText"]; $ProductImage = $myrow["ProductImage"]; $ProductPrice = $myrow["ProductPrice"]; ?> <br> <h3>::Edit Product</h3> <form method="post" action="<?php echo $PHP_SELF ?>"> <input type="hidden" name="ID" value="<? echo $myrow['ID']?>"> Product Name: <input name="ProductName" size="40" maxlength="255" value="<? echo $ProductName; ?>"><br> Product Text: <textarea name="ProductText" rows="7" cols="30"><? echo $ProductText; ?></textarea><br> Product Image: <textarea name="ProductImage" rows="7" cols="30"><? echo $ProductImage; ?></textarea><br> Product Price: <textarea name="ProductPrice" rows="7" cols="30"><? echo $ProductPrice; ?></textarea><br> <input type="submit" name="submit" value="Update Product"> </form> <? }//end of while loop }//end else ?> Hi guys, I am trying to put together a little system that allows users to log onto my website and access there own personal page. I am creating each page myself and uploading content specific to them which cannot be viewed by anyone else. I have got the system to work up as far as: 1/ The user logs in 2/ Once logged in they are re-directed to their own page using 'theirusername.php' Thats all good and working how I need it too. The problem I have is this. If I log onto the website using USER A details - I get taken to USER A's page like I should but - If I then go to my browser and type in USERBdetails.php I can then access USER B's page. This cannot happen!! I need for USER A not to be able to access USER B profile - there is obviously no point in the login otherwise! If you are not logged in you obviously cannot access any secure page. That much is working! Please find below the code I am using: LOGIN <?php session_start(); function dbconnect() { $link = mysql_connect("localhost", "username", "password") or die ("Error: ".mysql_error()); } ?> <?php if(isset($_SESSION['loggedin'])) { header("Location:" . strtolower($username) . ".php"); if(isset($_POST['submit'])) { $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $mysql = mysql_query("SELECT * FROM clients WHERE username = '{$username}' AND password = '{$password}'"); if(mysql_num_rows($mysql) < 1) { die("Password or Username incorrect! Please <a href='login.php'>click here</a> to try again"); } $_SESSION['loggedin'] = "YES"; $_SESSION['username'] = $username; $_SESSION['name'] header("Location:" . strtolower($username) . ".php"); } ?> HEADER ON EACH PHP PAGE <?php session_start(); if(!isset($_SESSION['loggedin'])) { die(Access to this page is restricted without a valid username and password); ?> --------------------------------------------------- Am I right in thinking it is something to do with the "loggedin" part? The system I have here is adapted from a normal login system I have been using for years. The original just checks the details and then does a 'session start'. This one obviously has to re-direct to a user specific page. To do this I used the <<header("Location:" . strtolower($username) . ".php");>> line to redirect to a page such as "usera.php" or "userb.php" Any help would be greatly appreciated! Ta |
|||||||