Updating database mess

genista

Hi,

I am working on a page for someone that updates the user's details into the database, I want all of the validation done in the same page as the html, the problem I have is that I seem to be in a bit of a mess with regard to getting it right. The following code forms the basis for what I want to do and hopefully should make sense. The problem is that when this page is loaded it is blank. If I runa line for debugging all the page seems to be doing (and I might be wrong) is updating the database and ignoring everything else...

As I say all I want to do is post the user's details, validate any new input and then send it right back to where it came from...

$id = $_SESSION['username'];
$query = "select * from users where username='$id'";

//now we pass the query to the database 
$result=mysql_query($query) or die("Could not get data.".mysql_error()); 

//get the first (and only) row from the result 
$row = mysql_fetch_array($result, MYSQL_ASSOC); 

//now finally create variables with data we have got which will be used later 
//we will set the value attribute of the appropriate form element to the value from the database 



$username=$row['username']; 
$password=$row['password']; 
$first_name=$row['first_name'];
$maiden_name=$row['maiden_name'];
$last_name=$row['last_name']; 
$address_line1=$row['address_line1']; 
$address_line2=$row['address_line2']; 
$town=$row['town']; 
$county=$row['county'];
$postcode=$row['postcode'];
$daytime_phone=$row['daytime_phone'];
$mobile_phone=$row['mobile_phone'];
$evening_phone=$row['evening_phone'];


if(isset($_POST["submit"])){    
/*field_validator("username", $_POST["username"], "alphanumeric", 4, 15);
    field_validator("password", $_POST["password"], "string", 4, 10);
    field_validator("confirmation password", $_POST["password2"], "string", 4, 10);*/
    field_validator("first_name", $_POST["first_name"], "alphanumeric", 1, 15);
    field_validator("maiden_name", $_POST["maiden_name"], "alphanumeric", 1, 15);
    field_validator("last_name", $_POST["last_name"], "alphanumeric", 1, 15);
    field_validator("address_line1", $_POST["address_line1"], "alphanumeric", 4, 15);
    field_validator("address_line2", $_POST["address_line2"], "alphanumeric", 4, 15);
    field_validator("town", $_POST["town"], "alphanumeric", 4, 15);
    field_validator("postcode", $_POST["postcode"], "alphanumeric", 4, 9);
    field_validator("daytime_phone", $_POST["daytime_phone"], "number", 1, 11);
    field_validator("mobile_phone", $_POST["mobile_phone"], "number", 1, 11);
    field_validator("evening_phone", $_POST["evening_phone"], "number", 1, 11);
    }

/*if(empty($messages)) {
        // registration ok, get user id and update db with new info:
        updateuser(*/$strUsername = isset($_POST['username']) ? $_POST['username'] : ""; 
		$strPassword = isset($_POST['password']) ? $_POST['password'] : "";
		$strfirst_name = isset($_POST['first_name']) ? $_POST['first_name'] : "";
		$strmaiden_name = isset($_POST['maiden_name']) ? $_POST['maiden_name'] : ""; 
		$strlast_name = isset($_POST['last_name']) ? $_POST['last_name'] : "";
		$straddress_line1 = isset($_POST['address_line1']) ? $_POST['address_line1'] : ""; 
		$straddress_line2 = isset($_POST['address_line2']) ? $_POST['address_line2'] : ""; 
		$strtown = isset($_POST['town']) ? $_POST['town'] : "";  

		$strcounty = isset($_POST['county']) ? $_POST['county'] : "";
		$strpostcode = isset($_POST['postcode']) ? $_POST['postcode'] : "";
		$strdaytime_phone = isset($_POST['daytime_phone']) ? $_POST['daytime_phone'] : "";
		$strmobile_phone = isset($_POST['mobile_phone']) ? $_POST['mobile_phone'] : "";
		$strevening_phone = isset($_POST['evening_phone']) ? $_POST['evening_phone'] : "";


$query = "UPDATE `users` SET `first_name`='$first_name', `maiden_name`='$maiden_name', `last_name`='$last_name', `address_line1`='$address_line1', `address_line2`='$address_line2', `town`='$town', `county`='$county', `postcode`='$postcode', `daytime_phone`='$daytime_phone', `mobile_phone`='$mobile_phone', `evening_phone`='$evening_phone'";

    $result=mysql_query($query, $link) or die("Died inserting login info into db.  Error returned if any: ".mysql_error()); 
    return true;

Thanks,

Rodney_H_

genista:

You don't have a WHERE clause in your UPDATE query, meaning ALL records will be updated (if I am not mistaken) rather than one specific record for the user.

Also, I think you can simplify everything down to:

<?php
session_start(); // start a session

// if the form was not submitted:
if(!isset($_POST['submit']))
{
	die('You came to this page by mistake. Please go back.';
}

// else process the submitted form data:
else
{
	// ...CONNECT TO DB HERE...

// your function to validate posted values and convert to variables (?):
field_validator("first_name", $_POST["first_name"], "alphanumeric", 1, 15);
field_validator("maiden_name", $_POST["maiden_name"], "alphanumeric", 1, 15);
field_validator("last_name", $_POST["last_name"], "alphanumeric", 1, 15);
field_validator("address_line1", $_POST["address_line1"], "alphanumeric", 4, 15);
field_validator("address_line2", $_POST["address_line2"], "alphanumeric", 4, 15);
field_validator("town", $_POST["town"], "alphanumeric", 4, 15);
field_validator("postcode", $_POST["postcode"], "alphanumeric", 4, 9);
field_validator("daytime_phone", $_POST["daytime_phone"], "number", 1, 11);
field_validator("mobile_phone", $_POST["mobile_phone"], "number", 1, 11);
field_validator("evening_phone", $_POST["evening_phone"], "number", 1, 11);	

$query = "UPDATE `users` 
		  SET `first_name` = '$first_name', 
		  `maiden_name` = '$maiden_name', 
		  `last_name` = '$last_name', 
		  `address_line1` = '$address_line1', 
		  `address_line2` = '$address_line2', 
		  `town` = '$town', 
		  `county` = '$county', 
		  `postcode` = '$postcode', 
		  `daytime_phone` = '$daytime_phone', 
		  `mobile_phone` = '$mobile_phone', 
		  `evening_phone` = '$evening_phone'
		  WHERE `username` = '". mysql_real_escape_string($_SESSION['username']). "' 
		  LIMIT 1";

$result = mysql_query($query, $link) or die('Update failed: ' . mysql_error());

if(mysql_affected_rows($link) == 0)
{
	echo 'The record was not updated.';
}

else
{
	echo 'Record updated successfully...';
}		  
}
?>

genista

Ok that simplification looks great, I have added it to my code, but have two problems, which I will list after the code:

$id = $_SESSION['username'];
$query = "select * from users where username='$id'";

//now we pass the query to the database 
$result=mysql_query($query) or die("Could not get data.".mysql_error()); 

//get the first (and only) row from the result 
$row = mysql_fetch_array($result, MYSQL_ASSOC); 

//now finally create variables with data we have got which will be used later 
//we will set the value attribute of the appropriate form element to the value from the database 



$username=$row['username']; 
$password=$row['password']; 
$first_name=$row['first_name'];
$maiden_name=$row['maiden_name'];
$last_name=$row['last_name']; 
$address_line1=$row['address_line1']; 
$address_line2=$row['address_line2']; 
$town=$row['town']; 
$county=$row['county'];
$postcode=$row['postcode'];
$daytime_phone=$row['daytime_phone'];
$mobile_phone=$row['mobile_phone'];
$evening_phone=$row['evening_phone'];

if(!isset($_POST['submit'])) 
{ 
    die('You came to this page by mistake. Please go back.'); 
} 

// else process the submitted form data: 
else 
{ 

field_validator("first_name", $_POST["first_name"], "alphanumeric", 1, 15); 
    field_validator("maiden_name", $_POST["maiden_name"], "alphanumeric", 1, 15); 
    field_validator("last_name", $_POST["last_name"], "alphanumeric", 1, 15); 
    field_validator("address_line1", $_POST["address_line1"], "alphanumeric", 4, 15); 
    field_validator("address_line2", $_POST["address_line2"], "alphanumeric", 4, 15); 
    field_validator("town", $_POST["town"], "alphanumeric", 4, 15); 
    field_validator("postcode", $_POST["postcode"], "alphanumeric", 4, 9); 
    field_validator("daytime_phone", $_POST["daytime_phone"], "number", 1, 11); 
    field_validator("mobile_phone", $_POST["mobile_phone"], "number", 1, 11); 
    field_validator("evening_phone", $_POST["evening_phone"], "number", 1, 11);   


$query = "UPDATE `users` 
              SET `first_name` = '$first_name', 
              `maiden_name` = '$maiden_name', 
              `last_name` = '$last_name', 
              `address_line1` = '$address_line1', 
              `address_line2` = '$address_line2', 
              `town` = '$town', 
              `county` = '$county', 
              `postcode` = '$postcode', 
              `daytime_phone` = '$daytime_phone', 
              `mobile_phone` = '$mobile_phone', 
              `evening_phone` = '$evening_phone' 
              WHERE `username` = '". mysql_real_escape_string($_SESSION['username']). "' 
              LIMIT 1"; 

$result = mysql_query($query, $link) or die('Update failed: ' . mysql_error()); 

if(mysql_affected_rows($link) == 0) 
{ 
    echo 'The record was not updated.'; 
} 

else 
{ 
    echo 'Record updated successfully...'; 
}           


HTML below here, to display the retrieved records and then let the user overwrite them and submit.

So the two problems are:

1) The section that checks to see if the form is submitted must be in the wrong place, because on loading the page, all I get is: 'You came to this page by mistake. Please go back'

2) I get undefined index errors on the field validation part.

I really appreciate your help so far, its good to try and simplify things rather than work on the complicated...

Rodney_H_

It IS in the wrong place. I would do the following:

1) make sure the form has been submitted at the top of the page. It it hasn't been, redirect the user OR give an error message

2) I would also make sure that all the posted values that you want to use in your script are run against the php isset() function to ensure that they are indeed set....

Also, why are you running a SELECT query first and then doing an UPDATE query? I don't understand your logic or what you are trying to do...

genista

The select query covers the html below all this php so that the details that the user originally posted when they joined can be displayed so they see what they need to change. So I have to get the details from the database and then further down post them back again...

genista

In fact looking at the code, perhaps I need to explain it a bit better:

Top part:

$id = $_SESSION['username'];
$query = "select * from users where username='$id'";

//now we pass the query to the database 
$result=mysql_query($query) or die("Could not get data.".mysql_error()); 

//get the first (and only) row from the result 
$row = mysql_fetch_array($result, MYSQL_ASSOC); 

//now finally create variables with data we have got which will be used later 
//we will set the value attribute of the appropriate form element to the value from the database 



$username=$row['username']; 
$password=$row['password']; 
$first_name=$row['first_name'];
$maiden_name=$row['maiden_name'];
$last_name=$row['last_name']; 
$address_line1=$row['address_line1']; 
$address_line2=$row['address_line2']; 
$town=$row['town']; 
$county=$row['county'];
$postcode=$row['postcode'];
$daytime_phone=$row['daytime_phone'];
$mobile_phone=$row['mobile_phone'];
$evening_phone=$row['evening_phone'];

Here I am retrieving the users details and setting them up so I can echo the results later in the html part of this page.

The next part is to then submit back the changes to the database:

	if(isset($_POST["submit"])){    

field_validator("username", $_POST["username"], "alphanumeric", 4, 15);
    field_validator("password", $_POST["password"], "string", 4, 10);
    field_validator("confirmation password", $_POST["password2"], "string", 4, 10);
    field_validator("first_name", $_POST["first_name"], "alphanumeric", 1, 15);
    field_validator("maiden_name", $_POST["maiden_name"], "alphanumeric", 1, 15);
    field_validator("last_name", $_POST["last_name"], "alphanumeric", 1, 15);
    field_validator("address_line1", $_POST["address_line1"], "alphanumeric", 4, 15);
    field_validator("address_line2", $_POST["address_line2"], "alphanumeric", 4, 15);
    field_validator("town", $_POST["town"], "alphanumeric", 4, 15);
    field_validator("postcode", $_POST["postcode"], "alphanumeric", 4, 9);
    field_validator("daytime_phone", $_POST["daytime_phone"], "number", 1, 11);
    field_validator("mobile_phone", $_POST["mobile_phone"], "number", 1, 11);
    field_validator("evening_phone", $_POST["evening_phone"], "number", 1, 11);
}

$query = "UPDATE `users` 
              SET `first_name` = '$first_name', 
              `maiden_name` = '$maiden_name', 
              `last_name` = '$last_name', 
              `address_line1` = '$address_line1', 
              `address_line2` = '$address_line2', 
              `town` = '$town', 
              `county` = '$county', 
              `postcode` = '$postcode', 
              `daytime_phone` = '$daytime_phone', 
              `mobile_phone` = '$mobile_phone', 
              `evening_phone` = '$evening_phone' 
              WHERE `username` = '". mysql_real_escape_string($_SESSION['username']). "' 
              LIMIT 1"; 

$result = mysql_query($query, $link) or die('Update failed: ' . mysql_error()); 

if(mysql_affected_rows($link) == 0) 
{ 
    echo 'The record was not updated.'; 
} 

else 
{ 
    echo 'Record updated successfully...'; 
}

Now we have the html:

</HEAD>
<html>
<head>
<title><?php print $title ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php doCSS()?>
</head>
<body>
<form name="form1" method="post" action="<?=$_SERVER["PHP_SELF"]?>" <table>
<p>Username: 
    <?php echo $username; ?> 
  </p> 
  <p>First Name: 
    <input type="text" name="first_name" value="<?php echo $first_name; ?>"> 
  </p>
  <p>Maiden Name: 
    <input type="text" name="maiden_name" size="10" value="<?php echo $maiden_name; ?>"> 
  </p>
etc, etc

So far I have the isset function working on the field validator, but I cannot see how I can check to see if the form is submitted before I am retrieving the results from the database...

Rodney_H_

If i were you, I would re-evaluate your logic with some pseudo-code and make sure you are doing what you want, when you want it.

For example:

<?php
session_start();

// IF the form was submitted:
if(isset($_POST['submit']))
{
	// 1) make sure there is a value for all needed items

// 2 - a) if missing values, then throw error and exit script.

// 2 - b) else, run your UPDATE query

// 3 - a) if update was successful, update any needed session values
//   && use the new (posted values) to display user data on the page
//   -> no need to run query for this info., as it was just posted

// 3 - b) else the update failed, throw an error and exit script
}

// ELSE the form was NOT submitted
else
{
	// 1) throw an error or redirect user to the form

// 2) exit script
}
?>

Then it will just be a matter of "filling in the blanks"