agent007
July 31st, 2002, 12:09
*rips hair out*
I've been trying to the past hour, but I can't get this script to work. What I need to do is to allow users to update their email and website in the database. Here's the edituser.php file:
<?
require("config.cfg");
@mysql_connect ("$servername", "$dbusername", "$dbpassword") OR die ("Connection Error to Server");
@mysql_select_db ("$dbname") OR die("Connection Error to Database");
if(isset($id)) {
$sql = "select * from shout_users where id = '$id'";
if ($a = mysql_query($sql)) {
while ($foo = mysql_fetch_array($a) ) {
$id = $foo["id"];
$user = $foo["username"];
$pwd = $foo["password"];
$email = $foo["email"];
$homepage = $foo["homepage"];
echo "<body bgcolor=\"#f5f5f5\"><LINK REL=\"stylesheet\" HREF=\"style.css\"><font size=\"1\">";
print "<br><b>$user</b>, you may edit your profile details in this area.";
echo " <TABLE ALIGN=\"center\" WIDTH=\"100%\" BORDER=\"0\">
<TR>
<TD bgcolor=\"#f5f5f5\" ALIGN=\"center\" VALIGN=\"middle\" ALIGN=\"left\" WIDTH=\"100%\"><br><b>Edit Profile Form</b>
<FORM onSubmit=\"document.edit.send.disabled='true'\" NAME=\"edit\" METHOD=\"post\" ACTION=\"editsend.php\">
<INPUT TYPE=\"hidden\" NAME=\"page\" VALUE=\"test.php\">
email: <INPUT TYPE=\"text\" SIZE=\"15\" MAXLENGTH=\"30\" VALUE=\"$email\" NAME=\"email\"><br>
site: <input type=\"text\" size=\"15\" maxlength=\"30\" value=\"$homepage\" name=\"homepage\"><br><br>To finalize your editting, enter your password below:<br>
password: <input type=\"password\" size=\"15\" maxlength=\"30\" value=\"\" name=\"password\">
<BR><BR>
<INPUT CLASS=\"submit-reset\" TYPE=\"submit\" NAME=\"send\" VALUE=\"edit\" BORDER=\"0\">
</TD>
</TR></TABLE>";
echo "</font></body>";
}
}
}
?>
If that script is submitted, it will go to editsend.php:
<?
require("config.cfg");
@mysql_connect ("$servername", "$dbusername", "$dbpassword") OR die ("Connection Error to Server");
@mysql_select_db ("$dbname") OR die("Connection Error to Database");
$password = md5($password);
$sql = "SELECT * FROM shout_users WHERE password = '$password'";
$result=mysql_query($sql);
$num=mysql_num_rows($result);
if($num == 0) {
echo "<body bgcolor=\"#f5f5f5\"><LINK REL=\"stylesheet\" HREF=\"style.css\"><font size=\"1\"><br>Please recheck your password</font></body>";
} else{
$sql = "UPDATE shout_users SET email='$email',homepage='$homepage' WHERE id=$id";
$result = mysql_query($sql);
header("Location: editted.php");
}
?>
The problem is, the script always says the database is updated, but it never is. I'm thinking there's something wrong with my SQL syntax, but I'm not sure. Can anyone shed some light on this?
I've been trying to the past hour, but I can't get this script to work. What I need to do is to allow users to update their email and website in the database. Here's the edituser.php file:
<?
require("config.cfg");
@mysql_connect ("$servername", "$dbusername", "$dbpassword") OR die ("Connection Error to Server");
@mysql_select_db ("$dbname") OR die("Connection Error to Database");
if(isset($id)) {
$sql = "select * from shout_users where id = '$id'";
if ($a = mysql_query($sql)) {
while ($foo = mysql_fetch_array($a) ) {
$id = $foo["id"];
$user = $foo["username"];
$pwd = $foo["password"];
$email = $foo["email"];
$homepage = $foo["homepage"];
echo "<body bgcolor=\"#f5f5f5\"><LINK REL=\"stylesheet\" HREF=\"style.css\"><font size=\"1\">";
print "<br><b>$user</b>, you may edit your profile details in this area.";
echo " <TABLE ALIGN=\"center\" WIDTH=\"100%\" BORDER=\"0\">
<TR>
<TD bgcolor=\"#f5f5f5\" ALIGN=\"center\" VALIGN=\"middle\" ALIGN=\"left\" WIDTH=\"100%\"><br><b>Edit Profile Form</b>
<FORM onSubmit=\"document.edit.send.disabled='true'\" NAME=\"edit\" METHOD=\"post\" ACTION=\"editsend.php\">
<INPUT TYPE=\"hidden\" NAME=\"page\" VALUE=\"test.php\">
email: <INPUT TYPE=\"text\" SIZE=\"15\" MAXLENGTH=\"30\" VALUE=\"$email\" NAME=\"email\"><br>
site: <input type=\"text\" size=\"15\" maxlength=\"30\" value=\"$homepage\" name=\"homepage\"><br><br>To finalize your editting, enter your password below:<br>
password: <input type=\"password\" size=\"15\" maxlength=\"30\" value=\"\" name=\"password\">
<BR><BR>
<INPUT CLASS=\"submit-reset\" TYPE=\"submit\" NAME=\"send\" VALUE=\"edit\" BORDER=\"0\">
</TD>
</TR></TABLE>";
echo "</font></body>";
}
}
}
?>
If that script is submitted, it will go to editsend.php:
<?
require("config.cfg");
@mysql_connect ("$servername", "$dbusername", "$dbpassword") OR die ("Connection Error to Server");
@mysql_select_db ("$dbname") OR die("Connection Error to Database");
$password = md5($password);
$sql = "SELECT * FROM shout_users WHERE password = '$password'";
$result=mysql_query($sql);
$num=mysql_num_rows($result);
if($num == 0) {
echo "<body bgcolor=\"#f5f5f5\"><LINK REL=\"stylesheet\" HREF=\"style.css\"><font size=\"1\"><br>Please recheck your password</font></body>";
} else{
$sql = "UPDATE shout_users SET email='$email',homepage='$homepage' WHERE id=$id";
$result = mysql_query($sql);
header("Location: editted.php");
}
?>
The problem is, the script always says the database is updated, but it never is. I'm thinking there's something wrong with my SQL syntax, but I'm not sure. Can anyone shed some light on this?