Trouble Updating MySQL Database

enlivenus

Thanks to whoever takes a look at my problem and offers advice. I really appreciate it. I'm new to PHP and MySQL, but believe it is time that I learn it.

Here goes:

I used a free PHP script to create registration, login, and update pages, and it works just fine. During the registration, the script only requests a limited number of information fields: username, password, email, emergency contact, emergency contact relationship, emergency phone. I am okay with the login script. It works fine.

I only mention the login script because later in the update script, I attempted unsuccessfully to add more data fields (i.e., instructor_name, instructor_phone, instructor_email, training_loc, date_submitted_app) to the update page. The update page originally assumed that only the data fields collected during the registration will be present and updated using the update page.

So, I created these additional data fields in the database and assigned default values to these data fields.

Then, I unsuccessfully attempted to modify the update page to enable me to update or insert information into the data fields that will be present on the update page that were not present on the registration page. To say it another way, the registration page collects on the bare minimum of information about the user. The update page requests the user to supplement their registration information with additional information about themselves and their user experience.

The update script pulls all the data fields (both original and new fields) and displays everything correctly on the update page, but I can't SAVE or UPDATE the update page.

The original update page script which works just fine. But, as I stated earlier, this original update page only displays and updates data fields collected at the time of registration (username, password, email, emergency contact, emergency contact relationship, emergency phone).

I modified the original update page script editing the [mysql_query ("UPDATE users SET.... and <input name= ... ] code. Those are the only two places I altered the php code.

Under the mysql_query, I just added the new data fields (all fields after "instructor_name") that I wanted to update. This is the area where my browser informs me that I have a MYSQL Syntax Error. The error message reads: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'instructor_name = 'Joe Instructor', instructor_number =' ... at line 10"

Under the <input name=... section, just added the fields for each database field that I wanted to collect. Fields listed after "instructor_name" are newly added fields, which were not present on the registration page.

Here is what I unsuccessfully attempted...

<?php 
/********************** MYSETTINGS.PHP**************************
This updates user settings and password
************************************************************/
include 'dbc.php';
page_protect();

$err = array();
$msg = array();

if($_POST['doUpdate'] == 'Update')  

{


$rs_pwd = mysql_query("select pwd from users where id='$_SESSION[user_id]'");
list($old) = mysql_fetch_row($rs_pwd);
$old_salt = substr($old,0,9);

//check for old password in md5 format
	if($old === PwdHash($_POST['pwd_old'],$old_salt))
	{
	$newsha1 = PwdHash($_POST['pwd_new']);
	mysql_query("update users set pwd='$newsha1' where id='$_SESSION[user_id]'");
	$msg[] = "Your new password is updated";
	//header("Location: mysettings.php?msg=Your new password is updated");
	} else
	{
	 $err[] = "Your old password is invalid";
	 //header("Location: mysettings.php?msg=Your old password is invalid");
	}

}

if($_POST['doSave'] == 'Save')  

{
// Filter POST data for harmful code (sanitize)
foreach($_POST as $key => $value) {
	$data[$key] = filter($value);
}


mysql_query("UPDATE  users SET
			`full_name` = '$data[full_name]',
			`dob` = '$data[dob]',
			`address` = '$data[address]',
			`tel` = '$data[tel]',
			`alt_tel` = '$data[alt_tel]',
			`emerg_contact` = '$data[emerg_contact]',
			`emerg_relation` = '$data[emerg_relation]',
			`emerg_tel` = '$data[emerg_tel]'
`instructor_name`='$data[instructor_name]',       							
`instructor_number` = '$data[instructor_number]',
`instructor_tel` = '$data[instructor_tel]',
`training_loc` = '$data[training_loc]',
`date_submitted_app` = '$data[date_submitted_app]',
			 WHERE id='$_SESSION[user_id]'
			") or die(mysql_error());

//header("Location: mysettings.php?msg=Profile Sucessfully saved");
$msg[] = "Profile Sucessfully saved";
 }

$rs_settings = mysql_query("select * from users where id='$_SESSION[user_id]'"); 
?>

<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>
<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>
  <script>
  $(document).ready(function(){
    $("#myform").validate();
	 $("#pform").validate();
  });
  </script>

 <?php 
/*********************** MYACCOUNT MENU ****************************
This code shows my account menu only to logged in users. 
Copy this code till END and place it in a new html or php where
you want to show myaccount options. This is only visible to logged in users
*******************************************************************/
if (isset($_SESSION['user_id'])) {?>

<?php } 
/*******************************END**************************/
?>
  <?php 
if (checkAdmin()) {
/*******************************END**************************/
?>
      <p> <a href="admin.php">Admin CP </a></p>
	  <?php } ?>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
      <p>&nbsp;</p></td>
    <td width="509" valign="top">
    <table align="center" cellpadding="5">
    <tr>
    <td bgcolor="#FFFFFF">

<br>
<h3 class="titlehdr">You are logged in:  <?php echo $_SESSION['user_name'];?></h3>
      <p>
        <?php	
      if (isset($_GET['msg'])) {
	  echo "<div class=\"error\">$_GET[msg]</div>";
	  }

  ?>
  <p> 
    <?php	
if(!empty($err))  {
   echo "<div class=\"msg\">";
  foreach ($err as $e) {
    echo "* Error - $e <br>";
    }
  echo "</div>";	
   }
   if(!empty($msg))  {
    echo "<div class=\"msg\">" . $msg[0] . "</div>";

   }
  ?>



  <?php while ($row_settings = mysql_fetch_array($rs_settings)) {?>
  <form action="mysettings.php" method="post" name="myform" id="myform">
    <table width="100%" border="0" align="center" cellpadding="3" cellspacing="3" class="forms">

<input name="full_name" type="text" id="full_name"  class="required" value="<? echo $row_settings['full_name']; ?>" size="30"> 

<input name="dob" type="date" id="dob"  class="required" value="<? echo $row_settings['dob']; ?>" size="30">

<textarea name="address" cols="30" rows="4" class="required" id="address"><? echo $row_settings['address']; ?></textarea>

<input name="tel" type="text" id="tel" class="required" value="<? echo $row_settings['tel']; ?>">

<input name="alt_tel" type="text" id="alt_tel" value="<? echo $row_settings['alt_tel']; ?>">

<input name="emerg_contact" type="text" id="emerg_contact" class="required"  value="<? echo $row_settings['emerg_contact']; ?>">

<input name="emerg_relation" type="text" id="emerg_relation" class="required" value="<? echo $row_settings['emerg_relation']; ?>">

<input name="emerg_tel" type="text" id="emerg_tel" class="required" value="<? echo $row_settings['emerg_tel']; ?>">

<input name="instructor_name" type="text" id="instructor_name" value="<? echo $row_settings['instructor_name']; ?>">

<input name="instructor_number" type="text" id="instructor_number" value="<? echo $row_settings['instructor_number']; ?>">

<input name="instructor_email" type="text" id="instructor_email" class="email" value="<? echo $row_settings['instructor_email']; ?>">             

<input name="instructor_tel" type="text" id="instructor_tel" value="<? echo $row_settings['instructor_tel']; ?>">

<input name="instructor_phone" type="text" id="instructor_tel" value="<? echo $row_settings['training_loc']; ?>">

<input name="date_submitted_app" type="date" id="date_submitted_app" value="<? echo $row_settings['date_submitted_app']; ?>">

<input name="user_name" type="text" id="web2" value="<? echo $row_settings['user_name']; ?>" disabled>

<input name="user_email" type="text" id="web3"  value="<? echo $row_settings['user_email']; ?>" disabled>

How can I make this update script update or save all of my required data fields, and not just the limited number of data fields collected during the registration?

I will appreciate any help, cause I'm new to PHP and MySQL, and I'm at my wits end.

Thanks!

EnlivenUs

ixalmida

This won't work:

$rs_pwd = mysql_query("select pwd from users where id='$_SESSION[user_id]'");

$_SESSION expects either a numeric index or a quote-enclosed key. Your best bet with any global/array-type variable is to either convert it to a local variable or concatenate it into your string.

Either of the following should work:

// Option 1:
$user_id = $_SESSION['user_id'];
$rs_pwd = mysql_query("select pwd from users where id='$user_id'");

// Option 2:
$rs_pwd = mysql_query("select pwd from users where id='".$_SESSION['user_id']."'");

You can also use curly braces inside a double-quoted string to indicate the PHP should evaluate the entire expression, but (in most cases) humans will find it harder to read.

Note: Option 1 is usually how I deal with post/get data (along with the extract() statement and some robust validation), but I've found it best not to convert session variables, so stick with Option 2.

Pikachu2000

That isn't exactly correct. The lack of key quoting in this case shouldn't be causing the problem. That piece of code should work as written.

<?php
session_start();
$_SESSION['test'] = 'Test';
echo $_SESSION[test] . '<br>' . $_SESSION['test'] . '<br>' . $_SESSION["test"] . "<BR>{$_SESSION[test]} <br>$_SESSION[test]";
?>

/* RETURNS 

Test
Test
Test
Test
Test

*/

johanafm

Pikachu2000;10964863 wrote:
That isn't exactly correct. The lack of key quoting in this case shouldn't be causing the problem. That piece of code should work as written.

That code is indeed correct.

But this isn't

Pikachu2000;10964863 wrote:

<?php
session_start();
$_SESSION['test'] = 'Test';
echo $_SESSION[test] . '<br>' .
"<BR>{$_SESSION[test]}";
?>
[/quote]
Both should give an E_NOTICE "undefined constant".

[QUOTE=Pikachu2000;10964863]
/* RETURNS 

Test
Test
[/QUOTE]
And that's because an undefined constant is assumed to have its name as its value. The array key "test" should be quoted in both cases.

ixalmida

Indeed, I was wrong. That code will work, albeit throw a notice.

Unfortunately, I grasped at the first questionable code. There's a lot of things I consider "wrong" which will technically work...but the format of the code limits the amount of time I'm willing to spend on it.

Here's what I'd do - echo the entire query that is throwing the mysql_error and look at it in context. There's probably a comma with no value after it or something.

jgetner

from what your post stated your problem was you missed a "," after this statement

`emerg_tel` = '$data[emerg_tel]'

please run that fix let us know if it worked or not?