need help with update...

Alidad

hi, I'm new to php and i hope someone can help me with small problem i have.

I have made a forms signup page (signup.php) which is only two text fields user name and password. Once log in it will redirect to profile page (profile.php).

I have also made second forms for profile that will retreive from mysql database and once made change in forms and update into the same mysql databse.

My problme is that I may not doing right to create session variable from singup.php page, becuase once signup, i noticed that that profile forms is come from first row of mysql database but not from right member profile.

I do not know what did i missed to make sure is access into the right member profile from database.

<?php require_once('../Connections/member.php'); ?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['user_name'])) {
  $loginUsername=$_POST['user_name'];
  $password=$_POST['password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "welcome.php";
  $MM_redirectLoginFailed = "isnotworking.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_member, $member);

  $LoginRS__query=sprintf("SELECT user_name, password FROM registered_members WHERE user_name='%s' AND password='%s'",
    get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); 

  $LoginRS = mysql_query($LoginRS__query, $member) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;	      

if (isset($_SESSION['PrevUrl']) && false) {
  $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
}
header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}

</head>
<body>
    <br/><br/>
    <form METHOD="POST" name="form1" id="form1" action="<?php echo $loginFormAction; ?>" >
        <p><label>Login: </label> <input type="text" name="user_name" id="user_name" />
        </p>
	    <p><label>Password: </label><input type="password" name="password" id="password" /></p>
        <a href="forgot.php">Forgot My Login</a> 
	    <input name="button" type="submit" id="submit" onclick="MM_validateForm('name','','R','password','','R');return document.MM_returnValue" value="login" />
    </form>
</body>
</html>

And profile.php

<?php require_once('../Connections/member.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    

    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  $updateSQL = sprintf("UPDATE registered_members SET first_name=%s, last_name=%s, gender=%s, are_you=%s, country=%s, city=%s, b_month=%s, b_day=%s, b_year=%s, zip_code=%s, user_name=%s, email=%s, `State`=%s, password=%s WHERE id=%s",
                       GetSQLValueString($_POST['first_name'], "text"),
                       GetSQLValueString($_POST['last_name'], "text"),
                       GetSQLValueString($_POST['gender'], "text"),
                       GetSQLValueString($_POST['are_you'], "text"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['city'], "text"),
                       GetSQLValueString($_POST['b_month'], "text"),
                       GetSQLValueString($_POST['b_day'], "text"),
                       GetSQLValueString($_POST['b_year'], "text"),
                       GetSQLValueString($_POST['zip_code'], "text"),
                       GetSQLValueString($_POST['user_name'], "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['State'], "text"),
                       GetSQLValueString($_POST['password'], "text"),
                       GetSQLValueString($_POST['id'], "int"));

  mysql_select_db($database_member, $member);
  $Result1 = mysql_query($updateSQL, $member) or die(mysql_error());

  $updateGoTo = "isworks.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}
?>
<?php require_once('Connections/config.php'); ?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$aUserName_rstName = "X";
if (isset($_SESSION['MM_Username'])) {
  $aUserName_rstName =  $_SESSION['MM_Username'] ;
}
mysql_select_db($database_member, $member);
$query_rstName = "SELECT * FROM registered_members";
$rstName = mysql_query($query_rstName, $member) or die(mysql_error());
$row_rstName = mysql_fetch_assoc($rstName);
$totalRows_rstName = mysql_num_rows($rstName);
?>

</head>

<body>
<div align="center">
  <h2>&nbsp;</h2>
    <form method="post" name="form1" action="<?php echo $editFormAction; ?>">
      <table align="center">
        <tr valign="baseline">
          <td nowrap align="right">Id:</td>
          <td><?php echo $row_rstName['id']; ?></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">First_name:</td>
          <td><input type="text" name="first_name" value="<?php echo $_SESSION['MM_Username']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Last_name:</td>
          <td><input type="text" name="last_name" value="<?php echo $row_rstName['last_name']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Gender:</td>
          <td><input type="text" name="gender" value="<?php echo $row_rstName['gender']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Are_you:</td>
          <td><input type="text" name="are_you" value="<?php echo $row_rstName['are_you']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Country:</td>
          <td><input type="text" name="country" value="<?php echo $row_rstName['country']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">City:</td>
          <td><input type="text" name="city" value="<?php echo $row_rstName['city']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">B_month:</td>
          <td><input type="text" name="b_month" value="<?php echo $row_rstName['b_month']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">B_day:</td>
          <td><input type="text" name="b_day" value="<?php echo $row_rstName['b_day']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">B_year:</td>
          <td><input type="text" name="b_year" value="<?php echo $row_rstName['b_year']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Zip_code:</td>
          <td><input type="text" name="zip_code" value="<?php echo $row_rstName['zip_code']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">User_name:</td>
          <td><input type="text" name="user_name" value="<?php echo $row_rstName['user_name']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Email:</td>
          <td><input type="text" name="email" value="<?php echo $row_rstName['email']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">State:</td>
          <td><input type="text" name="State" value="<?php echo $row_rstName['State']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">Password:</td>
          <td><input type="text" name="password" value="<?php echo $row_rstName['password']; ?>" size="32"></td>
        </tr>
        <tr valign="baseline">
          <td nowrap align="right">&nbsp;</td>
          <td><input type="submit" value="Update record"></td>
        </tr>
      </table>
      <input name="hiddenField" type="hidden" value="<?php echo $_SESSION['MM_Username']; ?>" />
      <input type="hidden" name="MM_update" value="form1">
      <input type="hidden" name="id" value="<?php echo $row_rstName['id']; ?>">
  </form>
       <p><a href="memberprofile.php">Go to profile.. </a></p>
</div>
</body>
</html>
<?php
mysql_free_result($rstName);
?>

does any one can help why is not showing the right profile information from database and what do i need to fix it!

reeksy

Looks like you need to change login.php

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser == 0) {
    echo "No rows found, nothing to print so am exiting";
    exit;
}else{
    $userRow = mysql_fetch_assoc($LoginRS);
    echo '<pre>';
    print_r($userRow);
    echo '</pre>';
}

Alidad

Thanks for your response, but my question is that where or what do i need to write session Variable code to send data to the profile.php page to retreive right profile information from database!

please help thanks.