membership update help!

jwilley

Sorry i'm still being very "newbie-ish" but i'm SLOWLY getting some of this down... what i want to do is have a user login using their lastname and certification_number which are in my database. I want it to validate that first form against the server and then go to the Edit Information page where they can edit THEIR information in the database only.

I did many tutorials and got a login page working fine and have it action=newmemupd.php right to the update page. It's the update page that i'm having problmems with. I've gotten to the point where my newmemupd.php page prints ALL the members in the database and allows you to click on their name and then it will fill in the form with thier information and then submit the form to UPDATE the field information.

So i basically need some help to do the following:
//----get the id of the user that logged in

select member_id

from members

where username == $loginname

$db_member_id = member_id;

then

//---- simple update statement

update * values (your fields go here)
from member

where member_id = $db_member_id

this will allow only the user that logged in to change his/het data.

I understand the logic but the code is elluding me...

Here is my original code that doesn't validate the login yet...

<html><title>newmemupdate</title>

<body>



<?php



$db = mysql_connect("localhost", "oataorg_ohioata","atmedical");

mysql_select_db("oataorg_memdb",$db);



if ($submit) {

  // here if no ID then adding else we're editing

  if ($id) {

$sql = "UPDATE membinfo SET firstname='$firstname',lastname='$lastname',address1='$address1',membernumber='$membernumber',license_number='$license_number',certification_number='$certification_number',address1='$address1',address2='$address2',address3='$address3',city='$city',state='$state',zip='$zip',workplace='$workplace',workaddress='$workaddress', workcitystatezip='$workcitystatezip',class='$class',district='$district',job_description='$job_description', addschool='$addschool',pager='$pager',cell='$cell',home='$home',work='$work',fax='$fax', email='$email' WHERE id=$id";

  } else {

$sql = "INSERT INTO membinfo (firstname,lastname,membernumber,license_number,certification_number,address1,address2,address3,city,state,zip,workplace,workaddress,workcitystatezip,class,district,job_description,addschool,pager,cell,home,work,fax,email) VALUES ('$firstname','$lastname','$address1','$membernumber','$license_number','$certification_number','$address1','$address2','$address3','$city','$state','$zip','$workplace','$workaddress','$workcitystatezip','$class','$district', '$job_description', addschool='$addschool','$pager','$cell','$home','$work','$fax','$email')";

  }

  // run SQL against the DB

  $result = mysql_query($sql);

  echo "Record updated/edited!<p>";

} elseif ($delete) {

// delete a record

$sql = "DELETE FROM membinfo WHERE id=$id";	

$result = mysql_query($sql);

echo "$sql Record deleted!<p>";

} else {

  // this part happens if we don't press submit

  if (!$id) {

// print the list if there is not editing

$result = mysql_query("SELECT * FROM membinfo",$db);

while ($myrow = mysql_fetch_array($result)) {

  printf("<a href=\"%s?id=%s\">%s %s</a> \n", $PHP_SELF, $myrow["id"], $myrow["lastname"], $myrow["firstname"]);

  printf("<a href=\"%s?id=%s&delete=yes\">(DELETE)</a><br>", $PHP_SELF, $myrow["id"]);

}

  }



  ?>

  <P>

  <a href="<?php echo $PHP_SELF?>">ADD A RECORD</a>

  <P>

  <form method="post" action="<?php echo $PHP_SELF?>">

  <?php



  if ($id) {

// editing so select a record

$sql = "SELECT * FROM membinfo WHERE id=$id";

$result = mysql_query($sql);

$myrow = mysql_fetch_array($result);

$id = $myrow["id"];

$firstname = $myrow["firstname"];

$lastname = $myrow["lastname"];

$membernumber = $myrow["membernumber"];

$license_number = $myrow["license_number"];

$certification_number = $myrow["certification_number"];

$address1 = $myrow["address1"];

$address2 = $myrow["address2"];

$address3 = $myrow["address3"];

$city = $myrow["city"];

$state = $myrow["state"];

$zip = $myrow["zip"];

$workplace = $myrow["workplace"];

$workaddress = $myrow["workaddress"];

$workcitystatezip = $myrow["workcitystatezip"];

$class = $myrow["class"];

$district = $myrow["district"];

$job_description = $myrow["job_description"];

$addschool = $myrow["addschool"];

$pager = $myrow["pager"];

$cell = $myrow["cell"];

$home = $myrow["home"];

$work = $myrow["work"];

$fax = $myrow["fax"];

$email = $myrow["email"];

// print the id for editing



?>

<p>
<input type=hidden name="id" value="<?php echo $id ?>">

<?php

  }



  ?>

  First name:
  <input type="Text" name="firstname" value="<?php echo $firstname ?>">
  Last name:
  <input type="Text" name="lastname" value="<?php echo $lastname ?>">
  <br>

  Member Number:
  <input type="Text" name="membernumber" value="<?php echo $membernumber ?>">
  <br>

   License Number:
   <input name="license_number" type="Text" id="license_number" value="<?php echo $license_number ?>">
   <br>

Certification Number:
<input name="certification_number" type="Text" id="certification_number" value="<?php echo $certification_number?>">
</p>
<p>Address 1:
  <input type="Text" name="address1" value="<?php echo $address1 ?>">
  <br>

  Address 2:
  <input name="address2" type="Text" id="address2" value="<?php echo $address2 ?>">
  <br>

   Address 3:
   <input name="address3" type="Text" id="address3" value="<?php echo $address3?>">
   <br>

    City:
    <input name="city" type="Text" id="city" value="<?php echo $city?>">
  State (XX):
	 <input name="state" type="Text" id="state" value="<?php echo $state?>" size="4" maxlength="2">
	 Zip:
	  <input name="zip" type="Text" id="zip" value="<?php echo $zip ?>">
</p>
<p>Work Place:
       <input name="workplace" type="Text" id="workplace" value="<?php echo $workplace ?>" size="40">
       <br>

	    Work Address:
	    <input name="workaddress" type="Text" id="workaddress" value="<?php echo $workaddress ?>" size="40">
	    <br>

		 Work (city, state, zip):
		 <input name="workcitystatezip" type="Text" id="workcitystatezip" value="<?php echo $workcitystatezip ?>" size="40">
</p>
<p>Class:
	      <input name="class" type="Text" id="class" value="<?php echo $class?>" size="2" maxlength="1">
	      District:
		   <input name="district" type="Text" id="district" value="<?php echo $district ?>" size="4" maxlength="2">
		   <br>

		    Job Description:
		    <input name="job_description" type="Text" id="job_description" value="<?php echo $job_description?>">
		    <br>

			 High School (if outreach):
			 <input name="addschool" type="Text" id="addschool" value="<?php echo $addschool ?>" size="40">
</p>
<p>Pager:
		      <input name="pager" type="Text" id="pager" value="<?php echo $pager ?>">
		      Cell Phone:
			   <input name="cell" type="Text" id="cell" value="<?php echo $cell ?>">
			   <br>

			    Home Phone:
			    <input name="home" type="Text" id="home" value="<?php echo $home ?>">
			    Work Phone:
			     <input name="work" type="Text" id="work" value="<?php echo $work ?>">
			     <br>

			    Fax Number:
			     <input name="fax" type="Text" id="fax" value="<?php echo $fax ?>">
			     Email Address:
			     <input name="email" type="Text" id="email" value="<?php echo $email?>" size="40">
</p>
<p>
  <input type="Submit" name="submit" value="Enter information">

        </p>
  </form>



<?php



}



?>



</body>

</html>

Any ideas on combining all this would be greatly appreciated! i'm getting sorta desperate after searching the forum for about 2 weeks...
Jon

scoppc

Since you've got the logic, here is a hint to turn your logic to a working scripts:

//this is update.php
//file that contains scripts to update user info

//get the login information
//It depends on where do you store it, I assume that u use cookies
$username=$_COOKIE['loginname'];

if ($_POST['submit']){
//if the form is submitted
     //grab all data from the form... do it here...
     //checking it here...
     //update time... (after successful checking all input)
     $sql="UPDATE member SET memberName='$name', memberEmail='$email' WHERE memberUsername='$username'";
     $query=mysql_query($sql);

 if (!$query){
      print "Update Fails";
}else{
      header("Location:myprofile.php");
 }
}else{
     //you can query the information for this user
     //display the form with all fields already filled in
}

Hope this will give u some idea.

Xo_

Hi there

I don't know if you copy/pasted your code, but you seem to have forgotten to enclose the $id between the ' in your WHERE clauses in the mysql queries.
Don't know if you missed that, if not, sorry 🙂

Hope this helps

Cheers