[RESOLVED] Updating database trouble

moonbrat

Hi hi...

I'm a long time reader, first time poster and well...after 3 days of TRYING to sort this code out...(yes I know it looks shocking!) I only made a LITTLE progress...like getting it to run without errors...

Basically I need this:

Able to change current details on the fly (without login) so my pw in the database is checked against my username to verify user details.
CURRENTLY it's not checking the password and updating anyway.
Able to change ALL details OR one or two details WITHOUT current details being deleted from the columns.
CURRENTLY it's deleting fields that I leave blank on the form...or it gives me error: query empty if I don't fill in the fields...
I need to somehow get sql1 sql2 and sql3 to work together e.g. user is updating email only so ignore sitename and siteurl and keep data in the db...
I didn't know exactly how to write it so I can update 1 or 2 fields or the entire form...(See point 2)

Anyways, here's my coding:

<?
//***************************************
// This is downloaded from Affinity Scripts //
/// You can you this on your site for your own PERSONAL use ///
// Please don't  remove the link to Affinity Scripts ///
// Creation of Affinity Site Affiliation System is by Aymie Jordaine. ///////
//The author is not responsible for any type of loss or problem or damage on using this script.//
/// You can use it at your own risk. /////
//*****************************************

include "include/config.php";
include "include/signup_header.php";

/*
while (list ($key,$val) = each ($_POST)) {
$$key = $val;
}
*/

$todo=$_POST['todo'];
$username=$_POST['username'];
if(isset($email) and $email=="")
$email=$_POST['email'];
if(isset($sitename) and $sitename=="")
$sitename=$_POST['sitename'];
if(isset($siteurl) and $siteurl=="")
$siteurl=$_POST['siteurl'];

if(isset($todo) and $todo=="update"){
$pw=mysql_real_escape_string($pw);

$status = "OK";
$msg="";

if (isset($_POST['oldpw']) && !empty($_POST['oldpw']) == $row['pw']) {

//check everything's been filled in properly
    if (!empty($_POST['pw'])) {
        if (strip_tags($_POST['pw2']) != strip_tags($_POST['pw'])) {
            echo "<p><strong>Error:</strong> New passwords did not match - please press the back button on your browser and try again.</p>";
            exit;
        }
                if ( strlen($pw) < 3 or strlen($pw) > 10 )
                {
                echo $msg."<p class=\"centered\">Password must be more than 3 char legth</p>";
                $status= "NOTOK";}
                exit;
          }
    //put it into the db    

    if (!empty($_POST['pw']) && $_POST['pw'] != $row['pw']) {
        $pw = strip_tags($_POST['pw']);
        $update = mysql_query("UPDATE $table SET pw = '$_POST[pw]' WHERE username='$_POST[username]' LIMIT 1");
    }
}

if (!ereg("^(http|ftp)", $siteurl)) {
$siteurl = "$url";
}

if($status<>"OK"){ 
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}
  else
{ 
if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed.
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}
$sql1 = "UPDATE $table SET email='$email' WHERE username='$username' LIMIT 1";
mysql_query1($sql1) or exit(mysql_error());

$sql2 = "UPDATE $table SET sitename='$sitename' WHERE username='$username' LIMIT 1";
mysql_query2($sql2) or exit(mysql_error());

$sql3 = "UPDATE $table SET siteurl='$siteurl' WHERE username='$username' LIMIT 1";
mysql_query3($sql3) or exit(mysql_error());
}
}
include "include/footer.php";
?>

I've tried many many times...it's driving me nuts!!! I need my table to update the way I want...I dont usually work with updating parts of forms, only the entire thing...

Studio_Junkies

what is the value of $row['pw']? - is it a boolean? if not, this will be false:

if (isset($POST['oldpw']) && !empty($POST['oldpw']) == $row['pw'])

You can make code easier to follow by not exchanging variables so often. Also, it will reduce load. There is nothing wrong with using super globals if they are already defined, in fact it is one less process PHP has to do. PHP can handle it, but its the load on my brain that hurts!

moonbrat

what is the value of $row['pw']? - is it a boolean? if not, this will be false:

if (isset($POST['oldpw']) && !empty($POST['oldpw']) == $row['pw'])

It's to tell mysql to check my old password, empty it and replace it with a new password IF a new password is being set.

Basically I wanted:

oldpw to be checked against my username, using the pw field in my database.
pw to be checked with pw2 for matching new password
oldpw + p2 = pw.

If no new password is being set, ignore pw and pw2 and just check oldpw is being verified with username with updating on the fly.

PW is my password field in my database because $password is returned as my real password in my coding >_< it's a stupid thing my server does...

Studio_Junkies

Try echoing your variables at each stage of the script to see what is going on.

I think the question you need to ask is more like this:

$_POST['pw']=(isset($_POST['pw'])?preg_replace("/[^a-zA-Z\-_0-9\.]/",'',$_POST['pw']):'';

if($_POST['pw']!='' && $_POST['pw']==$row['pw']){
  // have entered a valid password
};

moonbrat

Ok my script now looks like: (I hope I put password snippet from S.J. in the correct place)

<?
//***************************************
// This is downloaded from Affinity Scripts //
/// You can you this on your site for your own PERSONAL use ///
// Please don't  remove the link to Affinity Scripts ///
// Creation of Affinity Site Affiliation System is by Aymie Jordaine. ///////
//The author is not responsible for any type of loss or problem or damage on using this script.//
/// You can use it at your own risk. /////
//*****************************************

include "include/config.php";
include "include/signup_header.php";

$todo=$_POST['todo'];
$username=$_POST['username'];
if(isset($email) and $email=="")
$email=$_POST['email'];
if(isset($sitename) and $sitename=="")
$sitename=$_POST['sitename'];
if(isset($siteurl) and $siteurl=="")
$siteurl=$_POST['siteurl'];

if(isset($todo) and $todo=="update"){
$pw=mysql_real_escape_string($pw);

$status = "OK";
$msg="";

 $_POST['pw']=(isset($_POST['pw'])?preg_replace("/[^a-zA-Z\-_0-9\.]/",'',$_POST['pw']):'');

if($_POST['pw']!='' && $_POST['pw']==$row['pw']){
  // have entered a valid password
}

//check everything's been filled in properly
    if (!empty($_POST['pw'])) {
        if (strip_tags($_POST['pw2']) != strip_tags($_POST['pw'])) {
            echo "<p><strong>Error:</strong> New passwords did not match - please press the back button on your browser and try again.</p>";
            exit;
        }
                if ( strlen($pw) < 3 or strlen($pw) > 10 )
                {
                echo $msg."<p class=\"centered\">Password must be more than 3 char legth</p>";
                $status= "NOTOK";}
                exit;
          }
    //put it into the db    

    if (!empty($_POST['pw']) && $_POST['pw'] != $row['pw']) {
        $pw = strip_tags($_POST['pw']);
        $update = mysql_query("UPDATE $table SET pw = '$_POST[pw]' WHERE username='$_POST[username]' LIMIT 1");
    }
}

if (!ereg("^(http|ftp)", $siteurl)) {
$siteurl = "$url";
}

if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}
  else
{
if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed.
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}
$sql1 = "UPDATE $table SET email='$email' WHERE username='$username' LIMIT 1";
mysql_query1($sql1) or exit(mysql_error());

$sql2 = "UPDATE $table SET sitename='$sitename' WHERE username='$username' LIMIT 1";
mysql_query2($sql2) or exit(mysql_error());

$sql3 = "UPDATE $table SET siteurl='$siteurl' WHERE username='$username' LIMIT 1";
mysql_query3($sql3) or exit(mysql_error());
}
include "include/footer.php";
?>

Although I don't get a mysql error, it does return a blank page (except for header and footer, they show), and my database is NOT updating >_<

Basically I wanted my script to be like this: update on the fly but without the email required (because the UNIQUED name is required), verify email, country, spam proof (my list doesn't list email, just needed for sending password) and delete info.

This file reads from sumit form....so it's the check file...

Studio_Junkies

The danger of using foreign script is that you don't understand what is going on in it. I have added some echo statements that will help you see what is being executed, and what is not.

<?
//***************************************
// This is downloaded from Affinity Scripts //
/// You can you this on your site for your own PERSONAL use ///
// Please don't  remove the link to Affinity Scripts ///
// Creation of Affinity Site Affiliation System is by Aymie Jordaine. ///////
//The author is not responsible for any type of loss or problem or damage on using this script.//
/// You can use it at your own risk. /////
//*****************************************

include "include/config.php";
include "include/signup_header.php";

$todo=$_POST['todo'];
$username=$_POST['username'];
if(isset($email) and $email=="")
$email=$_POST['email'];
if(isset($sitename) and $sitename=="")
$sitename=$_POST['sitename'];
if(isset($siteurl) and $siteurl=="")
$siteurl=$_POST['siteurl'];

if(isset($todo) and $todo=="update"){

echo 'here '.__LINE__.'<br />';

$pw=mysql_real_escape_string($pw);

$status = "OK";
$msg="";

$_POST['pw']=(isset($_POST['pw'])?preg_replace("/[^a-zA-Z\-_0-9\.]/",'',$_POST['pw']):'');

if($_POST['pw']!='' && $_POST['pw']==$row['pw']){

echo 'here '.__LINE__.'<br />';

  // have entered a valid password
}

//check everything's been filled in properly
    if (!empty($_POST['pw'])) {
        if (strip_tags($_POST['pw2']) != strip_tags($_POST['pw'])) {
            echo "<p><strong>Error:</strong> New passwords did not match - please press the back button on your browser and try again.</p>";
            exit;
        }
                if ( strlen($pw) < 3 or strlen($pw) > 10 )
                {
                echo $msg."<p class=\"centered\">Password must be more than 3 char legth</p>";
                $status= "NOTOK";}
                exit;
          }
    //put it into the db    

echo 'here '.__LINE__.'post: '.$_POST['pw'].' orig: '.$row['pw'].'<br />';

if (!empty($_POST['pw']) && $_POST['pw'] != $row['pw']) {
    $pw = strip_tags($_POST['pw']);
    $update = mysql_query("UPDATE $table SET pw = '$_POST[pw]' WHERE username='$_POST[username]' LIMIT 1");
}
}

if (!ereg("^(http|ftp)", $siteurl)) {
$siteurl = "$url";
}

if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}
  else
{
if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onClick='history.go(-1)'>";
}else{ // if all validations are passed.
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}
$sql1 = "UPDATE $table SET email='$email' WHERE username='$username' LIMIT 1";

echo 'here '.__LINE__.$sql1.'<br />';


mysql_query1($sql1) or exit(mysql_error());

$sql2 = "UPDATE $table SET sitename='$sitename' WHERE username='$username' LIMIT 1";

echo 'here '.__LINE__.$sql2.'<br />';

mysql_query2($sql2) or exit(mysql_error());

$sql3 = "UPDATE $table SET siteurl='$siteurl' WHERE username='$username' LIMIT 1";


echo 'here '.__LINE__.$sql3.'<br />';


mysql_query3($sql3) or exit(mysql_error());
}
include "include/footer.php";
?>