I didn't mean to bump this topic - I wanted to add information to make solving my issue easier and their is no edit button available - so my apologies for that
here is the PHP script that the above section is from
the page's purpose is to allow details of the users on my database driven test site to be edited.
The issue is that when i submit the form, and leave both password fields blank - it changes the password to a new value. Even though I have included
if (!empty($_POST['pass1']))
<?php # Script 9.3 - edit_user.php
// This page is for editing a user record.
// This page is accessed through view_users.php.
$page_title = 'Edit a User';
include ('includes/header.html');
echo '<h1>Edit a User</h1>';
// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
$id = $_POST['id'];
} else { // No valid ID, kill the script.
echo '<p class="error">This page has been accessed in error.</p>';
include ('includes/footer.html');
exit();
}
require_once ('../mysqli_connect.php');
// Check if the form has been submitted:
if (isset($_POST['submitted'])) {
$errors = array();
// Check for a first name:
if (empty($_POST['first_name'])) {
$errors[] = 'You forgot to enter your first name.';
} else {
$fn = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
}
// Check for a last name:
if (empty($_POST['last_name'])) {
$errors[] = 'You forgot to enter your last name.';
} else {
$ln = mysqli_real_escape_string($dbc, trim($_POST['last_name']));
}
// Check for an email address:
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email address.';
} else {
$e = mysqli_real_escape_string($dbc, trim($_POST['email']));
}
// Check for a Password and that p1 and p2 match
if (!empty($_POST['pass1'])) {
if ($_POST['pass1'] != $_POST['pass2']) {
$errors[] = 'Your new password did not match the confirmed password.';
} else {
$np = mysqli_real_escape_string($dbc, trim($_POST['pass1']));
}
}
if (empty($errors)) { // If everything's OK.
// Test for unique email address:
$q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id";
$r = @mysqli_query($dbc, $q);
if (mysqli_num_rows($r) == 0) {
// Make the query:
$q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e', pass=SHA1('$np') WHERE user_id=$id LIMIT 1";
$r = @mysqli_query ($dbc, $q);
if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.
// Print a message:
echo '<p>The user has been edited.</p>'; }
elseif (mysqli_affected_rows($dbc) == 0) { // If nothing was changed in the form
// Print a message
echo '<p class="error">No records have been updated.</p>'; }
else { // If it did not run OK.
echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.
echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; // Debugging message.
}
} else { // Already registered.
echo '<p class="error">The email address has already been registered.</p>';
}
} else { // Report the errors.
echo '<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p>';
} // End of if (empty($errors)) IF.
} // End of submit conditional.
// Always show the form...
// Retrieve the user's information:
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";
$r = @mysqli_query ($dbc, $q);
if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.
// Get the user's information:
$row = mysqli_fetch_array ($r, MYSQLI_NUM);
// Create the form:
echo '<form action="edit_user.php" method="post">
<p>First Name: <input type="text" name="first_name" size="15" maxlength="15" value="';
if (empty($_POST['first_name'])) {
echo $row[0];
} else {
echo $_POST['first_name'];
}
echo '" /></p>
<p>Last Name: <input type="text" name="last_name" size="15" maxlength="15" value="';
if (empty($_POST['last_name'])) {
echo $row[1];
} else {
echo $_POST['last_name'];
}
echo '" /></p>
<p>Email Address: <input type="text" name="email" size="15" maxlength="30" value="';
if (empty($_POST['email'])) {
echo $row[2];
} else {
echo $_POST['email'];
}
echo '" /> </p>
<p>New Password: <input type="password" name="pass1" size="10" maxlength="20" /></p>
<p>Confirm New Password: <input type="password" name="pass2" size="10" maxlength="20" /></p>
<p><input type="submit" name="submit" value="Submit" /></p>
<input type="hidden" name="submitted" value="TRUE" />
<input type="hidden" name="id" value="' . $id . '" />
</form>';
} else { // Not a valid user ID.
echo '<p class="error">This page has been accessed in error.</p>';
}
mysqli_close($dbc);
include ('includes/footer.html');
?>
This is one of my very first scripts, I'm learning PHP and MySQL from a book by Larry Ullman. This is one of the extension tasks suggested in the book.
🙂
thanks.
