Okay I've been at this for well over a month and I'm ready to scream and say #*@$ it! (Yes I beeped out my language).

I can't get this stupid code to do what I want.

1. I need my user update.php to look like this: update info on the fly (http://www.moonation.org/love/update.php)

Except I don't want old email required or change email by typing it twice, or spam protected (as only admin sees it no one else), or country....or delete--deleting I have covered by admin use ONLY.

That's just an example about what I mean with updating on the fly without logging into an area to update info.

2. I need my update form to check my existing pw in the database WITH my username (can't update username because I've uniqued it and it checks against the current pw) to allow updates...if the pw is wrong, update won't happen...my code currently doesn't check the pw and just updates anyway.

3. change pw by typing in username and current pw with new pw and confirm new pw...currently it's not working >_<

4. update SELECTED fields or ALL of the form WITHOUT emptying fields already filled in within my database...my code keeps emptying them >_<

At this point, I'm ready to give up playing with php all together because no matter how many tutorials and forums I read, php HATES me!

If you need to see my code, please let me know...
Basically I only have these fields

username (db row: username)
new password (must be able to empty current pw and replace it in db row: pw)
new password again (must equal new pw for db row: pw)
email (db row: email)
site name (db row: sitename)
site url (db row: siteurl)
current password (db row: pw)

I'm about to have an anurism!!!!!!!!!!!!!!

Ok it's simple.

Try something like this:



<?php
// The below few variables assumes this is what the names of them are from the previous form that it's being submitted too
$password = $_POST['password'];
$email = $_POST['email'];
$sitename = $_POST['sitename'];
$url = $_POST['url'];
// This is the select statement to get the database info
$sel = mysql_query("SELECT * FROM `table`");
// Allows you to access and print out the queries
$select = mysql_fetch_array($sel);

// If the password equals password in the database, execute query
if ($password == $select[pw]) {
$update = mysql_query("UPDATE `pw` WHERE username='$select[username]' AND password='$select[password]'");
}


Try that, it might work ;)

doesn't SELECT * FROM $table mean I have to be logged in so the database can grab all of the information for one id? Because I don't want that...also I only want to updated selected (e.g. url only or url, pw and email) fields or all of the fields...I can get it to work doing update $table set and listing all the variables then doing WHERE $_POST['username'] AND $_POST['oldpw'] LIMIT 1, but then that updates all of the fields...

Edit: Tried it, it doesn't work ~_~ although I don't get errors, it wont update

so you only want to update values that have changed right, and you want it to check thier password is the correct one before doing any updating ?

did you change
$password = $_POST['password'];
$email = $_POST['email'];
$sitename = $_POST['sitename'];
$url = $_POST['url'];

to match the names of the text fields on your form? If not then it won't update

I'm assuming the names of the form elements are the same as the database rows, coz that's good practice .... this isn't a working example, you'll need to change some stuff, not structure but details


<?php
mysql_connect($hostname, $user, $password);
@mysql_select_db($db);
$arr = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE username = '{$_POST['username']}'"));
if ($_POST['password'] != $arr['password']) {
echo "You do not have permission to update this profile.";
}
else {
foreach ($_POST as $key => $value)
{
if ($value != $arr[$key])
{
mysql_query("UPDATE `users` SET $key = '{$value}' WHERE username = '{$_POST['username']}'");
}
}
}

?>

Sorry I've not gotten back to anyone; my site's been down all week so I've not been able to test any coding ~_~

Anyways, K.J. your script works, BUT where nothing's filled in within the form e.g. email, it empties the field in my db...is there a way to stop it and force it to think what's already in the db is what the user submitted?

I've tried:

if( $_POST['email'] == '' )
$email = $_POST['email'];

AND:

$email = $_POST['email'];
if(isset($email) and $email=="")

yh, this should do it ....


<?php
mysql_connect($hostname, $user, $password);
@mysql_select_db($db);
$arr = mysql_fetch_assoc(mysql_query("SELECT * FROM `users` WHERE username = '{$_POST['username']}'"));
if ($_POST['password'] != $arr['password']) {
echo "You do not have permission to update this profile.";
}
else {
foreach ($_POST as $key => $value)
{
if ($value != $arr[$key])
{
if ($value != "")
{
mysql_query("UPDATE `users` SET $key = '{$value}' WHERE username = '{$_POST['username']}'")
}
}
}
}

?>


so only if value != "" does it update the database with the new value, try that ....

Yay it works!!!!!

Thankyou thankyou *hugs all around*

nice to hear ......