PHP - Deleting Files & Updating Database

Hi Everyone,

Im trying to add a delete button to the message inbox page of my website, where when delete is clicked, the checked messages get deleted from the database.
After a bit of research on google i have come up with the code below however i cant get it to work. I have replaced the mysql delete query with echo "checked"; just for debugging.


$query = mysql_query("SELECT * FROM users WHERE id='$id'");
$row = mysql_fetch_assoc($query);

$submit = $_POST['submit'];
$username = $row['username'];
$checked = $_POST['message'];

$messages_query = mysql_query("SELECT * FROM messages WHERE recipient='$username'");
if (mysql_num_rows($messages_query) > 0)
{
   while ($messages_row = mysql_fetch_array($messages_query))
   {

   

if ($messages_row['message_read'] == 0) { echo "<div style='background-color:#FFCCCC;'>"; }

$message_id = $messages_row['id'];
   

echo "<a href='message.php?id=$message_id'>";

echo "From: " . $messages_row['sender'];

echo "Subject: " . $messages_row['subject'] . "<br />";

echo "</a>";

echo "<form method='POST'><input type='checkbox' name='message[]' value='1' /></form>";

if ($messages_row['message_read'] == 0) { echo "</div>"; }
   }
}
else
{
   echo "No messages";
}

if ($submit)
{

if ($checked == "1")

{

echo "checked";

}
}
?>
<html>
<form method="POST">
<input type="submit" name="submit" value="Delete" />
</form>
</html>


I have also tried the following but i still cant get it to work:

if (isset($checked))

{

echo "checked";

}


Can anybody see where iv gone wrong?

Thanks

i trying to delete messages out of my message database but im not sure if i'm using this code right
or there stuff missing to it :S

delete.php
<?php 
require_once('settings.php');
checkLogin('1 2');

$id=$_GET["msgs"];
mysql_query("DELETE messages FROM messages WHERE message_id='$id'");
?>

link usages to delete
<a href="delete.php?msgs=<? echo $row['message_id']  ?>">[X]</a>

I'm trying to delete rows in the database, based on what checkboxes are left empty by the user...

What i have is small application in which a user can add an item to the database and give it tags...

for example there is "apple" and it has the tags of "fruit, red, round"

What i want is for the user to be able to edit those tags, so the user can remove "fruit" and add "sweet" instead or just remove "fruit" all at the same time.

The code i have, somewhat works...

This code below loops through the checkboxes and should remove the items that are no longer checked, by going through the database and grabbing all the tags and them checking it against those that are still checked and remove the ones that it didn't find checked...??

However whats happening is when i unchecked say "red" it removes all the other items..so if i had "red, fruit, round' and i want to remove "red" it leaves red but removes the rest.

foreach($_POST['tag'] as $r=>$n){
$t = mysql_real_escape_string($_POST['tag'][$r]);

$get_tag2 = mysql_query("SELECT * FROM file_cats WHERE fileID='$fileID'") or die(mysql_error());
while($t2 = mysql_fetch_assoc($get_tag2)){
$tmp_tag1 = $t2['category'];

if($t==$tmp_tag1){
$remove_tag = mysql_query("DELETE FROM file_cats WHERE fileID='$fileID' AND category='$t' LIMIT 1") or die(mysql_error());
}
}
}


This following piece of code just adds a new tag...however i want it to check to see if that tags already exist in the database, if it does then don't add it just add the new ones..


foreach($_POST['tag'] as $k=>$l){
$tag = mysql_real_escape_string($_POST['tag'][$k]);

$add_tag = mysql_query("INSERT into file_cats (fileID, category) VALUES('$fileID', '$tag')") or die(mysql_error());

}


My final problem is that i can't remove items if the second snippet of code is there, i have to remove those lines of code in order to remove items, however i can add items with both loops there.

I'm basically stuck and hope that someone here can shed some light on what i'm doing wrong, because i know i'm doing something wrong i just can't find it

Anyway thank you in advanced

I've tried reading through some of the threads but couldnt understand some of them.

I've made a newsfeed script which works how i want it to. Now i want to add the function to delete a row from the database from an "admin panel" on the website.

So far i have this:
<?php
include("includes.php");

doConnect();

$get_news = "SELECT id, title, text, DATE_FORMAT(datetime, '%e %b %Y at %T') AS datetime FROM newsfeed ORDER BY datetime DESC";

$result= mysqli_query($mysqli, $get_news)
or die(mysqli_error($mysqli));

while ($row = mysqli_fetch_array($result)) {
echo '<strong><font size="3">'. $row['title'] .' </font></strong><br/><font size="3">'. $row['text'] .'</font><br/><font size="2">'. $row['datetime'] .'</font><br/><br/><a href="delnews.php?del_id=' .$row['id']. '">
<strong>DELETE</strong></a>';}
?>
then my delnews.php is:
<?php
include("includes.php");

doConnect();

$query = "DELETE FROM newsfeed WHERE id = "$_POST['id']""; 

$result = mysql_query($query); 

echo "The data has been deleted."; 

?>
I believe the problem is $_POST['id']. i've tried different things in there but none work. It displays the echo line but doesnt actually delete anything.

I am new to php so this may be a stupid mistake, but try and play nice!

Thanks

Hi, guys.
I am a php newb and stuck (see title).
I it will only send the value of 1 tick box over to the page "delete_message.php"

This is what i have so far:

Code: [Select]
<?php
// get messages
$result = mysql_query("SELECT * FROM tbl_pvt_msg WHERE to_UID='$UID'");
if (!$result) die("Query to show fields from table failed");
while ($data=mysql_fetch_array($result)) {

$_SESSION['from_UID']=$data['1'];
UIDtoemail();
$from_email=$_SESSION['from_email'];
$contents=$data['3'];
$timesent=$data['4'];
$msg_ID=$data['0'];
echo "<form action='scripts/delete_message.php' method='POST' >";
echo "<tr><td>$from_email</td><td>$contents</td><td>$timesent</td><td><input type='checkbox' value='$msg_ID' name='msg_ID' /></td> </tr>";
}
// turn uid into email
function UIDtoemail(){
$from_UID=$_SESSION['from_UID'];
$result = mysql_query("SELECT * FROM tbl_usr WHERE UID='$from_UID'");
if (!$result) die("Query to show fields from table failed");
$data=mysql_fetch_array($result);
$_SESSION['from_email']=$data['7'];

}
?>
</table>
<input type="submit" value="Delete" id="delete" />
</form>

Hello -
I'm opening my website up to visitors for free, and trying to bypass a login screen to go straight into the data content that was appearing after a user logged in.  I have an index.php file that included the following code at the beginning:

 <?php
session_start();
include("database.php");
include("login.php");
include("/vservers/skyranks/db_connect.php");
?>
<?header("Cache-control: private"); ?>
<html>


I deleted the "include("login.php"); line, and was successful at bypassing the username and login screen.  However, the page that is supposed to display the data content is incomplete.  In fact, it only displays my company's logo.

Any ideas as to why the data content is not showing up? 

Thank you for any help with this, as my php is quite novice at this point.

Regards -

Joe

I'm creating a newsletter and the unsubscribe isn't deleting the database entry like I'm asking it to. Everything else works fine, it even successfully says the user has been removed, but it doesn't actually delete the database entry.

I've spent  two days trying to figure out why. Here's the code:

Newsletter sign up:
 

<?php
//DB Connect Info
$servername = "";
$database = "";
$username = "";
$password = "";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}

/*$createTable = $conn->prepare ("CREATE TABLE IF NOT EXISTS email_user (
  id int(11) NOT NULL AUTO_INCREMENT,
  email varchar(200) NOT NULL,
  hash varchar(250) NOT NULL,
  PRIMARY KEY (id)
)");

$createTable->execute();
*/

function input_security($data)
{
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

$email = input_security($_POST['email']);

$insertData = input_security($insertData);

if(isset($_POST['submit']))
{  
  extract($_POST);
  if($email!="") :
    $email=mysqli_real_escape_string($conn,$email);
    $emailval = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/';    
    if(preg_match($emailval, $email)) :
      $db_check=$conn->query("SELECT * FROM email_user WHERE email='$email'");
      $count=mysqli_num_rows($db_check);
      if($count< 1) :         
         $hash=md5($email.time());
         $link = '/unsubscribe.php?key='.$hash;

        // Change your domain        
         $fetch=$conn->query("INSERT INTO email_user(email,hash) VALUES('$email','$hash')");
         $to="$email"; //change to ur mail address
         $strSubject="Maintenance Fee Relief, LLC | Email Subscription";
         $message = '<p>Thank you for subscribing with us.</p>' ;              
         $message .= '<p>Click here to unsubscribe your email : <a href="'.$link.'">unsubscribe</p>' ;              
         $headers = 'MIME-Version: 1.0'."\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
         $headers .= "From: info@";            
         $mail_sent=mail($to, $strSubject, $message, $headers);  
         $msg_sucess="Your request has been accepted!.";
      else :
        $msg="This $email email address is already subscribe with us.";
      endif;  
    else :
      $msg="Please enter your valid email id";
    endif;      
  else :
    $msg="Please fill all mandatory fields";
  endif;
}
?>

<div class="newsletter-sign-up-header-form">
<div id="logerror"><?php echo @$msg; ?><?php echo @$msg_sucess; ?></div>
<form  method="post">
<span><input type="email" name="email" placeholder="Email Address - Join Newsletter" class="newsletter-sign-up-header-email" required></span>
<span><button name="submit" value="submit" title="Submit" class="newsletter-sign-up-header-submit-button">Submit</button></span>
</form>
</div>

<?php
//DB Connect Info
$servername = "";
$database = "";
$username = "";
$password = "";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $database);

// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>

<?php
if(@$_GET['key']!=""):
    $hash=mysqli_real_escape_string($conn,$_GET['key']);
    $fetch=$conn->query("SELECT * FROM email_user WHERE hash = '$hash'");
    $count=mysqli_num_rows($fetch);
    if($count==1) :
      $row=mysqli_fetch_array($fetch);      
        $conn->query("DELETE email_user WHERE id='$user_id'");
        $msg="Your email id unsubscribe with us";
    else :
      $msg="Please click valid link.";
    endif;
else :
    header("Location:404.php");
endif;
?>

<!doctype html>
<html lang="en">
<head>
   <title>Unsubscribe</title>
</head>
<body>
    <div align="center">
    <h2><?php echo $msg; ?></h2>
        <a href="https://www.--.com">--.com</a>                                                
    </div>
    

 

Quote

 

 

Hey guys, im new hear so im not shore how things work.
Iv got a project where we are ment to alow users to record a bug fault in a computer, currently i have a page that looks like ths:
<?php
if (empty($_POST['bug_ID']))
   echo "<p>You must enter a BUG ID number</p>";
else {
   $bugID = addslashes($_POST['bug_ID']);
   $name = addslashes($_POST['bug_name']);   

   umask(0007);
   if (!file_exists("../../data/lab05"))
      mkdir("../../data/lab05", 02777);
      $lab05 = fopen("../../data/lab05/". "$bugID.txt", "a");
   
   if (is_writable("../../data/lab05/NewBug.txt"))
   {
      if (fwrite($lab05, $bugID . ", " . $name . "\n"))
         echo "<p>Thank you entering a new bug</p>";
      else
         echo "<p>Cannot add bug</p>";
   }
   else
      echo "<p>Cannot write to the file.</p>";
   fclose($lab05);
}
?>

this code runs fine however I also need to write a sperate page that allows for users to search and up date bugs recorded, I want them to search using the bug_ID field and we are ment to use the fgets method but am unshore, anyhelp would be much apricated.

thank you

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=334042.0

I have a bad way with words, so if the title doesnt make much sense nor my post, I apolagize!

But I am using a while loop and mysql_fetch_array to echo all information in a table in mysql.

With each entry, I have included a button that executes a delete query for that entry.

Code: [Select]
$delquery="DELETE FROM requests WHERE user = '".$row['user']."'";
mysql_query($delquery,$link2);
echo "<font size='19px' color='#009933'>User deleted from request database.When I click the button, the message is echod in every entry listed on the page, and nothing happens. I figured Id use delete from the username, so that way mysql will know which one to delete... but Idk when I think about it thats dumb and makes no sense. Im stuck.

This side of the application im trying to make is the admin side where I can process requests. After I process the request I delete it from the database so I know I processed it. I have no idea what query to use for this.

Anybody know how I could do this?

Thanks

Hello,
I have been staring at my screen for the last couple of days and have finally run out of solutions.

I have the code below where the data is generated form another page. The correct data is displayed but for some reason when I try to alter any data it does not work. I simply get the message, "Your profile has been successfully updated..." but nothing has been changed in the database.

I think the code is not connecting to the correct table in the database..  I fail to see why this would be.

Any help greatly appreciated.
Code: [Select]

<?php
  
error_reporting(E_ALL);
session_start();

  
  ?>


<?php
  
require_once('appvars.php');
  require_once('connectvars1.php');

  



 // Connect to the database
  
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

  
if (!isset($_GET['user_id'])) {
    
$query = "SELECT * FROM antique WHERE user_id = '" . $_SESSION['user_id'] . "'";
  
  
}
  else 
{
    $query = "SELECT * FROM antique WHERE user_id = '" . $_GET['user_id'] . "'";
  
}
  $data = mysqli_query($dbc, $query);

  
if (mysqli_num_rows($data) == 1) {
    

  
$row = mysqli_fetch_array($data);
    

 }
?>



 




<?php

require_once('appvars.php');
  require_once('connectvars1.php');

  
// Make sure the user is logged in before going any further.
  
if (!isset($_SESSION['user_id'])) {
    echo '<p class="login">Please <a href="login1.php">log in</a> to access this page.</p>';
    
exit();
  
}
  


  // Connect to the database
  
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);


if (isset($_POST['submit'])) {
    

// Grab the profile data from the POST
    
$name = mysqli_real_escape_string($dbc, trim($_POST['name']));
    
$phone = mysqli_real_escape_string($dbc, trim($_POST['phone']));

$address1 = mysqli_real_escape_string($dbc, trim($_POST['address1']));
    
$address2 = mysqli_real_escape_string($dbc, trim($_POST['address2']));
    
$postcode = mysqli_real_escape_string($dbc, trim($_POST['postcode']));

$webadd = mysqli_real_escape_string($dbc, trim($_POST['webadd']));

$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
    
$old_picture = mysqli_real_escape_string($dbc, trim($_POST['old_picture']));
    
$new_picture = mysqli_real_escape_string($dbc, trim($_FILES['new_picture']['name']));
    
$new_picture_type = $_FILES['new_picture']['type'];
    $new_picture_size = $_FILES['new_picture']['size']; 


$username = mysqli_real_escape_string($dbc, trim($_POST['username']));

$user_id = mysqli_real_escape_string($dbc, trim($_POST['user_id']));

    
if (!empty($_FILES['new_picture']['tmp_name'])) {list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);

}




//list($new_picture_width, $new_picture_height) = getimagesize($_FILES['new_picture']['tmp_name']);
    
$error = false;

    

// Validate and move the uploaded picture file, if necessary
    
if (!empty($new_picture)) {
      if ((($new_picture_type == 'image/gif') || ($new_picture_type == 'image/jpeg') || ($new_picture_type == 'image/pjpeg') ||
        ($new_picture_type == 'image/png')) && ($new_picture_size > 0) && ($new_picture_size <= MM_MAXFILESIZE) &&
        ($new_picture_width <= MM_MAXIMGWIDTH) && ($new_picture_height <= MM_MAXIMGHEIGHT)) {
        if ($_FILES['new_picture']['error'] == 0) {
          

// Move the file to the target upload folder
          
$target = MM_UPLOADPATH . basename($new_picture);
          
if (move_uploaded_file($_FILES['new_picture']['tmp_name'], $target)) {
            

// The new picture file move was successful, now make sure any old picture is deleted
            
if (!empty($old_picture) && ($old_picture != $new_picture)) {
              
            }
          }
          else {
            

// The new picture file move failed, so delete the temporary file and set the error flag
            
@unlink($_FILES['new_picture']['tmp_name']);
            
$error = true;
            echo '<p class="error">Sorry, there was a problem uploading your picture.</p>';

          }
        }
      }
      
else {
        
// The new picture file is not valid, so delete the temporary file and set the error flag
        
@unlink($_FILES['new_picture']['tmp_name']);

        $error = true;
        
echo '<p class="error">Your picture must be a GIF, JPEG, or PNG image file no greater than ' . (MM_MAXFILESIZE / 1024) .
          ' KB and ' . MM_MAXIMGWIDTH . 'x' . MM_MAXIMGHEIGHT . ' pixels in size.</p>';
      }
    }



$error = false;


// Update the profile data in the database
    
if (!$error) {
      if (!empty($name)&& !empty($phone) && !empty($address1) && !empty($address2)) {
        // Only set the picture column if there is a new picture
        if (!empty($new_picture)) {

//if (!empty($postcode)){
          $query = "UPDATE antique SET name = '$name', phone = '$phone', address1 = '$address1', address2 = '$address2', postcode = '$postcode', " .
            " email = '$email', webadd = '$webadd', picture = '$new_picture', username = '$username' WHERE user_id = '" .  $row['user_id'] ."'";
        
}}
       
        else {
          
$query = "UPDATE antique SET name = '$name', phone = '$phone', address1 = '$address1', address2 = '$address2', postcode = '$postcode', " .
            " email = '$email', webadd = '$webadd', username = '$username' WHERE user_id = '" .  $row['user_id'] ."'";
        }
        mysqli_query($dbc, $query) or die("<br>Query $query<br>Failed with error: " . mysqli_error($dbc) . '<br>On line: ' . __LINE__); 

        

// Confirm success with the user
        
echo '<p>Your profile has been successfully updated. Would you like to <a href="viewprofile4.php">view your profile</a>?</p>';


        
mysqli_close($dbc);
        exit();
    
  }
      
else {
        echo '<p class="error">You must enter all of the profile data (the picture is optional).</p>';
   
   
    }
  } 

// End of check for form submission
  else {
    

// Grab the profile data from the database
    
$query="SELECT * FROM antique WHERE user_id= '" . $row['user_id'] . "'";

$data = mysqli_query($dbc, $query);
    
$row = mysqli_fetch_array($data);

    
if ($row != NULL) {
      $name = $row['name'];
      
$phone = $row['phone'];

$address1 = $row['address1'];

$address2 = $row['address2'];

$postcode = $row['postcode'];
      
$email = $row['email'];

$webadd = $row['webadd'];
      
$old_picture = $row['picture'];

$username = $_SESSION['username'];

$user_id = $row['user_id'];
    
}
    else {
      echo '<p class="error">There was a problem accessing your profile.</p>';

    }
  }


  mysqli_close($dbc);

?>

 
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

    <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
   
<fieldset>
      <legend>Personal Information</legend>

      <label for="name">Name:</label>
      <input type="text" id="name" name="name" value="<?php if (!empty($name)) echo $name; ?>" /><br />

      <label for="phone">Phone:</label>
      <input type="text" id="phone" name="phone" value="<?php if (!empty($phone)) echo $phone; ?>" /><br />

<label for="address1">Address1:</label>
      <input type="text" id="address1" name="address1" value="<?php if (!empty($address1)) echo $address1; ?>" /><br />


      <label for="address2">Address2:</label>
      <input type="text" id="address2" name="address2" value="<?php if (!empty($address2)) echo $address2; ?>" /><br />

      <label for="postcode">Postcode:</label>
      <input type="text" id="postcode" name="postcode" value="<?php if (!empty($postcode)) echo $postcode; ?>" /><br />

      <label for="email">Email:</label>
      <input type="text" id="email" name="email" value="<?php if (!empty($email)) { echo $email; } else { echo 'No email entered';} ?>" /><br />

      <label for="webadd">Web address:</label>
      <input type="text" id="webadd" name="webadd" value="<?php if (!empty($webadd)) { echo $webadd; } else { echo 'No web entered';}  ?>" /><br />


<input type="hidden" name="old_picture" value="<?php if (!empty($old_picture)) echo $old_picture; ?>" />
      <label for="new_picture">Pictu </label>
      <input type="file" id="new_picture" name="new_picture" />
      <?php if (!empty($old_picture)) {
        echo '<img class="profile" src="' . MM_UPLOADPATH . $old_picture . '" alt="Profile Picture" style: height=100px;" />';
      } 

    ?> <br />
 <label for="address2">username:</label>
      <input type="text" id="username" name="username" value="<?php if (!empty($username)) echo $username; ?>" /><br />


<label for="user_id">User ID:</label>
      <input type="text" id="user_id" name="user_id" value="<?php echo '' . $row['user_id'] . '' ; ?>" /><br />
   
</fieldset>
   
<input type="submit" value="Save Profile" name="submit" />
 
</form>
<?php echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout3.php">Log out</a>.</p>');
echo '<class = "label">USER ID: ' . $row['user_id'] . '';

 ?>


<p><a href="index.php">Return to homepage</a></p>


<?php require_once('footer.php');
 ?>
</body>

</html>
 

do you see anything wrong with this update code?  i am having trouble setting the acntStatus=1.

Code: [Select]
<?php
mysql_select_db($database_uploader, $uploader);    
$query = "SELECT * FROM members WHERE uname='$_SESSION[user]'";
$result = mysql_query($query) or die(mysql_error());

if (mysql_num_rows($result) > 0) {
$row = mysql_fetch_array($result) or die(mysql_error());

$usedSpace = $row['bandwhitch'];

$acntType = $row['acntType'];
if ($acntType == 1) {
$totalSpace = 500;
}
else {
$totalSpace = 250;
}


if($usedSpace > $totalSpace) {
echo "There is something wrong with your account. Please contact us!";
$usageError = true;
mysql_query(sprintf("UPDATE members SET acntStatus='%s' WHERE uname='%d'",   
   mysql_real_escape_string(1),
$_SESSION['user']))
or die(mysql_error());  
mysql_close($con);
}
$usagePercent = (round(($usedSpace/$totalSpace), 2)) * 100; // Convert to percentage
}
?>

ok it updates the posts table , but not the notifications table , helP!
Code: [Select]
<?php include("../includes.php");
$session =$logOptions_id;
if($session)
{
$id = $_POST['id'];
if(!$id)
{
$id = $session;
}
$post = mysql_real_escape_string($_POST['post']);
$date = mktime();





$action_type = 0;



mysql_query("INSERT INTO posts SET to_id='$id',from_id='$session',post='$post',type='$action_type',date='$date'");
$post_id = mysql_insert_id();

$query = mysql_query("SELECT id,to_id,from_id,post,type,state,date FROM posts WHERE id='$post_id' AND state='0' ORDER BY id DESC LIMIT 15");
print posts($query, "newPost");

if($id!=$session)
{
mysql_query("INSERT INTO notifications SET user_id='$id', from_id='$session', post_id='$post_id', action_type='$action_type', date='$date'");
}

}
?>

why does this code not update database.....any errors you see off the bat?  none of the messages are displaying for whether it posts or not......so I think there is something wrong with posting or a loop or something.

Code: [Select]
<?php
session_start();
include "config2.php";
if (!isset($_SESSION['id'])) { 
   echo 'Please <a href="login.php">log in</a> to access your account';
   exit(); 
}

//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Place Session variable 'id' into local variable
$userid = $_SESSION['id'];
?>
 <?php
//action: view users -----------------------------------------------------------------------------
if (isset($_GET['viewUsers'])) {
//get all active users
$query = "SELECT name, username, phone, address, city, state, zip, cell, email, accounttype, badges, password, rank, userid FROM members WHERE userid=userid";
$rs = mysql_query($query);

?>
  <table width="563" border='1'>
    <tr>
      <th width="54">Name</th><th width="84">Username</th><th width="47">Email</th>
      <th width="148">Access Level</th>
      <th width="105">&nbsp;</th>
      <th width="85">&nbsp;</th>
      </tr>
    <?php
//show the users
while ($row = mysql_fetch_assoc($rs)) {
?>
    <tr>
      <td><?php echo $row['name'];?></td>
      <td><?php echo $row['username'];?></td>
      <td><?php echo $row['email'];?></td>
      <td><?php echo $row['accounttype']?></td>
      <td>&nbsp;</td>
      <td><a href='admin.php?edit&amp;id=<?php echo $row['userid'];?>'>Edit</a>, <a href='admin.php?delete&amp;id=<?php echo $row['userid'];?>'>Delete</a></td>
      </tr>
    <?php
}
?>
    </table>
  <?php
}
//action: edit user -----------------------------------------------------------------------------
if (isset($_GET['edit']) && isset($_GET['id'])) {
$userid = (int) $_GET['id'];
if ($userid == 0) {
die("Invalid ID provided.");
}
//execution when completed the edit user form and pressed submit button ---------------------
if (isset($_POST['editUser'])) {
//validate data ------------------------------------------------------------------------
//check empty fields
$notRequired = array("email","phone","address", "city", "state","zip","cell" ); //passwords won't be checked, as they are not required
foreach ($_POST as $k=>$v) {
if ($v == "" && !in_array($k,$notRequired)) {
$error[$k] = "<strong>This field is empty</strong>";
}
}
//escape string
$name = "mysql_real_escape_string{$_POST['fname']} {$_POST['last']}";
$phone = mysql_real_escape_string($_POST['phone']);
$address = mysql_real_escape_string($_POST['address']);
$city = mysql_real_escape_string($_POST['city']);
$state = mysql_real_escape_string($_POST['state']);
$zip = mysql_real_escape_string($_POST['zip']);
$email = mysql_real_escape_string($_POST['email']);
$cell = mysql_real_escape_string($_POST['cell']);
$username = mysql_real_escape_string($_POST['username']);
$last = mysql_real_escape_string($_POST['last']);
$first = mysql_real_escape_string($_POST['fname']);


//check email validation, the function is available at config.php

//check username exists in database
$res = mysql_query("SELECT username FROM members WHERE username='".$username."' AND username != '".$username."'");
if (mysql_num_rows($res) == 1) {
$error['username'] .= " <strong>Username already existst in database!</strong>";
}
//check both passwords are the same when password fields are not empty

//end validate data ---------------------------------------------------------------------

//save to database when no errors are detected ------------------------------------------
if (count($error) == 0) {
$query = "UPDATE members SET username='$username', email='$email', name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."',badges='".$badges."', rank='".$rank."', first='".$first."', last='".$last."' WHERE userid='".$_GET['userid']."'";
$query1 = "UPDATE sessions SET username='".$username."', email='".$email."',name='".$name."', phone='".$phone."',address='".$address."', city='".$city."',state='".$state."', zip='".$zip."',cell='".$cell."',badges='".$badges."', rank='".$rank."' WHERE id='".$userid."'";




//update username session if you edit yourself
if ($userid == $_SESSION['auth_admin_userid']) {
$_SESSION['auth_admin_username'] = $username;
}

if (mysql_query($query)|| mysql_query($query1)) 
{
echo "<p><strong>User has been edited and saved to the database.</strong></p>";
} else {
echo "<strong>User has NOT been edited and saved into the database. ".mysql_error()."</strong>";
}
}
}
//get user from the database and put data into $_POST variables.
$rs = mysql_query("SELECT first, last, username, phone, address, city, state, zip, cell, email, badges, rank, accounttype FROM members WHERE userid = ".$userid."");
if (mysql_num_rows($rs) == 0) {
die("User does not exists!");
}
$row = mysql_fetch_assoc($rs);
$_POST['fname'] = $row['first'];

$_POST['last'] = $row['last'];
$_POST['username'] = $row['username'];
$_POST['phone'] = $row['phone'];
$_POST['address'] = $row['address'];
$_POST['city'] = $row['city'];
$_POST['state'] = $row['state'];
$_POST['zip'] = $row['zip'];
$_POST['cell'] = $row['cell'];
$_POST['email'] = $row['email'];
$_POST['badges'] = $row['badges'];
$_POST['rank'] = $row['rank'];
$_POST['accounttype'] = $row['accounttype'];


//if is admin, then $_POST['admin'] exists


?>
 
 
 
 
 
 
  <form action="admin.php?edit&amp;id=<?php echo $userid; ?>" method="post">
  <div id="TabbedPanels1" class="TabbedPanels">
  <ul class="TabbedPanelsTabGroup">
    <li class="TabbedPanelsTab" tabindex="0">My Info</li>
    <li class="TabbedPanelsTab" tabindex="0">Merit Badges</li>
    <li class="TabbedPanelsTab" tabindex="0">Scout Rank</li>
    </ul>
  <div class="TabbedPanelsContentGroup">
  <div class="TabbedPanelsContent">
 
    <table align="center" cellpadding="8" cellspacing="8">
      <tr> 
        <td><div align="right">First Name:</div></td>
        <td> <input type="text" name="name" value='<?php echo $_POST['fname'];?>' />
          <?php echo(isset($error['fname']))?$error['fname']:"";?></td>
        </tr> <tr> 
        <td><div align="right">Last Name:</div></td>
        <td> <input type="text" name="name" value='<?php echo $_POST['last'];?>' />
          <?php echo(isset($error['last']))?$error['last']:"";?></td>
        </tr>
      <tr>
        <td><div>Phone Number:</div></td>
        <td><input type="text" name="phone" value='<?php echo $_POST['phone'];?>' />
          <?php echo(isset($error['phone']))?$error['phone']:"";?></td>
        </tr> 
      <tr>
        <td><div align="right">Address:</div></td>
        <td><input type="text" name="address" value='<?php echo $_POST['address'];?>' />
          <?php echo(isset($error['address']))?$error['address']:"";?></td>
        </tr>
      <tr>
        <td><div align="right">City:</div></td>
        <td><input type="text" name="city" value='<?php echo $_POST['city'];?>' />
          <?php echo(isset($error['city']))?$error['city']:"";?></td>
        </tr>
      <tr>
        <td><div align="right">State:</div></td>
        <td><input type="text" name="state" value='<?php echo $_POST['state'];?>' />
          <?php echo(isset($error['state']))?$error['state']:"";?></td>
        </tr> 
      <tr>
        <td><div align="right">Zip Code:</div></td>
        <td><input type="text" name="zip" value='<?php echo $_POST['zip'];?>' />
          <?php echo(isset($error['zip']))?$error['zip']:"";?></td>
        </tr>
      <tr>
        <td><div align="right">Email:</div></td>
        <td>
         
            <input type="text" name="email" value='<?php echo $_POST['email'];?>' />
          <?php echo(isset($error['email']))?$error['email']:"";?></td>
        </tr>
      <tr>
        <td><div align="right">Cell Phone:</div></td>
        <td><input type="text" name="cell" value='<?php echo $_POST['cell'];?>' />
          <?php echo(isset($error['cell']))?$error['cell']:"";?></td>
        </tr> 
      <tr>
        <td class="aaaaaaa" align="right"><div>Username:</div></td>
        <td><label for="username"></label>
          <input type="text" name="username" value='<?php echo $_POST['username'];?>' />
          <?php echo(isset($error['username']))?$error['username']:"";?>
          </td>
        </tr>
      <input name="userid" type="hidden" value="<?php echo $userid; ?>" />
     
      </table>
    <p>&nbsp;       
   
   
    </div>
    <div class="TabbedPanelsContent">
      <label for="badges"></label>
      <input name="badges" type="text" id="badges" value='<?php echo $_POST['badges'];?>' />
      <?php echo(isset($error['badges']))?$error['badges']:"";?>
      </div>
    <div class="TabbedPanelsContent">
      <input name="rank" type="text" id="rank" value='<?php echo $_POST['rank'];?>' />
      <?php echo(isset($error['rank']))?$error['rank']:"";?>
      </div>
    </div>
  </div>
    <input name="editUser" type="submit" value="Save" />
   
   
    </form>   
  <p>
    <script type="text/javascript">
var TabbedPanels1 = new Spry.Widget.TabbedPanels("TabbedPanels1");
      </script>
    </p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
  <?php
}
?>
 

<br /><br />





</div></div>
<script type="text/javascript">
var MenuBar1 = new Spry.Widget.MenuBar("MenuBar1", {imgDown:"../SpryAssets/SpryMenuBarDownHover.gif", imgRight:"../SpryAssets/SpryMenuBarRightHover.gif"});
</script>

Hey

i have this code that should update database on submit of a form.

i have multiple rows selected from a database and i need to be able to update each row individually...however currently as the code stands it updates all rows with the data entered into the bottom row.

i dont know how to solve this its very frustrating

could someone take a look and help me?

here is the code

<?php
session_start();
?>
<a href="adminlogout.php">Logout</a><br />
<?php
$id = $_GET['id'];
if(!isset($_SESSION['myusername'])) {
header("location:adminlogin.php");
}
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$db = 'bank';

$conn = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($db);
if(isset($_POST['submit'])){
$select = mysql_query("SELECT * FROM accounts WHERE cusid=$id");
$row3 = mysql_fetch_array($select);
$update = mysql_query("UPDATE accounts SET balance='".$_POST['balance']."', type='".$_POST['type']."', name='".$_POST['name']."', active='".$_POST['active']."' WHERE cusid=$id");
}
$result = mysql_query("SELECT * FROM customer WHERE cusid=$id");
$row2 = mysql_fetch_array($result);
echo $row2['name'] . "'s bank accounts" . "<br><br>";
$result2 = mysql_query("SELECT * FROM accounts WHERE cusid=$id");
echo "<form method='post' action='accounts.php?id=$id'>";
while($row = mysql_fetch_array($result2))
{
echo "<input type='text' name='accno' style='background-color:lightgrey;' readonly='readonly' value='$row[accno]'>" . "<input type='text' name='name' value='$row[name]'>"; if($row['type'] == "Current"){echo"<select name='type'>" . "<option selected='Selected'>Current</option>" . "<option>Savings</option>" . "</select>";} else{echo"<select name='type'>" . "<option selected='Selected'>Savings</option>" . "<option>Current</option>" . "</select>";} echo"<input type='text' name='balance' value='$row[balance]'>"; if($row['active'] == "No"){ echo "<select name='active'>" . "<option value='No' selected='selected'>No</option>" . "<option value='Yes'>Yes</option>" . "</select>";} elseif($row['active'] == "Yes"){echo "<select name='active'>" . "<option value='Yes' selected='selected'>Yes</option>" . "<option value='No'>No</option>" . "</select>";} echo "<input type='submit' name='submit' value='Update'>" . "<br>";
}
echo "</form>";
?>