Passing variable(Revisit)

janhouse00

Hello, I am working on some kind of a signup script. Somehow I couldn't pass a variable $email_from_db grabbed from database to another part of my script. What's wrong?

<?
function main() {
global $PHP_SELF;

print"<table><tr>
<td><form action=$PHP_SELF method=post><input type=submit name=action value=signup></form></td>
<td><form action=$PHP_SELF method=post><input type=submit name=action value=modify></form></td>
</tr></table>";
}

function modify_login() {
global $PHP_SELF,$email,$pw;

print"<form action=$PHP_SELF method=post>
<p><table align=center>
<tr><td>Email </td><td><input name=email value=$email></td></tr>
<tr><td>Password </td><td><input name=pw value=$pw> </td></tr>
<tr><td colspan=2><input type=submit value=Login><input type=hidden name=action value=modifiy_login_verify></td></tr>
</table></p></form>";
}

function form($value) { /The value of the first argument will be used by the hidden value in this function, to decide what the proper action to be/
global $PHP_SELF,$value,$email,$pw;

print"<form action=$PHP_SELF method=post>
<table>
....//here comes other information such as name,address,etc.
....
<tr><td>Email </td><td><input name=email value=$email></td></tr>
<tr><td>Password</td><td><input name=pw value=$pw></td></tr>
<input type=submit value=submit><input type=hidden name=action value=$value></td></tr>
</table>
</form>";
}

function validation($value) {
global $PHP_SELF,$value,$email,$pw,$error;

if(!$email){
print"Please enter your email address";
$error=1;

if(!$pw){
print"Please enter your password";
$error=1;
}

if($error==1)
form($value);
}
}

if(!$action||$action=='')
main(); //This function provides two options, signup and modify

//**********************************************************************

else if($action==signup)
form($value="signup_submitted"); //If one chose to signup, then show the form

//**********************************************************

else if($action==modify)//If a user chose to modify, he/she must login first
modify_login();

//**********************************************************

else if($action==signup_submitted){
/If one has submited the form,perform the following routine to check whether his/her email exists in database or not/

$query="select email from member_profile where email='$email'";
$result=mysql_db_query("test",$query);
$email_exist=mysql_num_rows($result);

if($email_exist!=''){

print"Email $email already existed in database";
$error=1;
}

validation($value=signup_submitted);

if($error!=1){
$query="insert into member_profile(email,password)values('$email','$pw')";
$result=mysql_db_query("test",$query);
}

if($result) {
print"Success to signup";
main();
}
else
print"Fail to signup";

}}

//*********************************************************
/ Once the user has completed the login form, his/her info will be verified.*/

else if($action==modify_login_verify){
$query = mysql_db_query("test", "select * from member_profile where email='$email' and password='$pw'");
$result = mysql_num_rows($query);

if($result<1){
print"Wrong email or password";
$error=1;
}

if ($error==1)
modify_login();//If incorrect email or password, show the login form again

else {

$result = mysql_db_query ("test","select * from member_profile where email='$email' and password='$pw'");
while ($row = mysql_fetch_array ($result)) {

/*Here the personal info of authorized user will be fetched from database.

$email_from_db=$row["email"];
$pw=$row["password"];

form($value=modify_submitted);

}}}

//**********************************************************

else if($action==modify_submitted){

/Now here is the part that drives me crazy because the variable $email_from_db seemed couldn't be passed.Again the following few lines are used to validate the variable $email.It will be then compared with the user's email in database $email_from_db. If they are the same, skip the email validation part. /

if($email!=$email_from_db){ //Do so if email has been modified
$query="select email from member_profile where email='$email'";
$result=mysql_db_query("test",$query);
$email_exist=mysql_num_rows($result);
if($email_exist!=''){
print"Email $email already existed in database";
$error=1;
}
validation($value=modify_submitted);
if($error!=1){
$query="update member_profile set email='$email',password='$pw' where email='$email'";
$result=mysql_db_query("test",$query);
if($result) {
print"Success to update";
main();
}
else{
print"Fail to update";
}}

//**********************************************************
else
main();
?>

I wonder why $email_from_db doesn't exist there.Could anyone please help me to figure it out? Helps and comments are much appreciated.Thank you very much.

bobthedog

Ok - this is damn difficult to read tbh with you - in future please attach a file if the content is going to be this length! (or at least put tags around it so that the PHP keeps its formatting!!!

Anyhow - from what I can see.... your page display is based on the value of $action. If $action == modify_login_verify then you look up the value from the database and set it to $email_from_db.

Then (I am guessing), on a seperate page load, $action may be set this time to 'modify_submitted'. Since this is a seperate page load, then the value of $email_from_db is going to be lost, and so you are comparing against an empty string (unless you make them session variables, the value of a variable won't keep across page reloads! - pretty basic notion of php web dev tbh).

So - the answer would be to either relook up the value from the db, or keep the email_from_db value in a database.