Form won't post!

jfleck

I am working on a social network, When I submit this form it says it updated successfull however the changes never stick! Why won't they post correctly to my database?

<?php
session_start(); // Must start session first thing

// Here we run a login check
if (!isset($_SESSION['id'])) { 
   $msgToUser = 'Please <a href="http://www.sourcevibe.com">log in</a> to access your account';include_once 'msgToUser.php';
   exit(); 
}

//Connect to the database through our include 
include_once "connect_to_mysql.php";
// Place Session variable 'id' into local variable
$id = $_SESSION['id'];
// Process the form if it is submitted
if ($_POST['firstname']) {
    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];
    $city = $_POST['city'];
    $state = $_POST['state'];
    $employer = $_POST['employer'];
    $relationshipstatus = $_POST['relationshipstatus'];
    $school = $_POST['school'];
    $website = $_POST['website'];
    $aboutme = $_POST['aboutme'];
    $facebook = $_POST['facebook'];
    $youtube = $_POST['youtube'];
    $myspace = $_POST['myspace'];
    $instagram = $_POST['instagram'];
    $linkedin = $_POST['linkedin'];
    $twitter = $_POST['twitter'];
    $sql = mysql_query("UPDATE members SET facebook='$facebook',youtube='$youtube',myspace='$myspace',instagram='$instagram',linkedin='$linkedin',twitter='$twitter',firstname='$firstname',lastname='$lastname',school='$school',website='$website',aboutme='$aboutme',city='$city',state='$state',employer='$employer',relationshipstatus='$relationshipstatus'  WHERE id='$id'"); 
$success = '<big style="font-weight: bold; font-style: italic;"><span style="color: #004A80;">Your account info has been updated</span></big>';include_once 'edit_info.php';

} // close if post
?>

<?php
// Query member data from the database and ready it for display
$sql = mysql_query("SELECT * FROM members WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$city = $row["city"];
$state = $row["state"];
$employer = $row["employer"];
$relationshipstatus = $row["relationshipstatus"];
$aboutme = $row["aboutme"];
$website = $row["website"];
$school = $row["school"];
$facebook = $row["facebook"];
$youtube = $row["youtube"];
$myspace = $row["myspace"];
$instagram = $row["instagram"];
$linkedin = $row["linkedin"];
$twitter = $row["twitter"];


}
?>

<?php
session_start(); // Must start session first thing

// See if they are a logged in member by checking Session data
$toplinks = "";
if (isset($_SESSION['id'])) {
	// Put stored session variables into local php variable
    $userid = $_SESSION['id'];
$vibe = $_SESSION['vibe'];

$toplinks = '<a href="member_profile.php?id=' . $userid . '">Profile</a><span style="color: rgb(53, 162, 234);"> &bull;</span> 
<a href="http://www.sourcevibe.com">Account</a> <span style="color: rgb(53, 162, 234);">&bull; </span>
<a href="logout.php">Log Out</a>';
} else {
	echo 'Please <a href="http://www.sourcevibe.com">log in</a> to access your account';
    exit(); 
}
?>


<table
 style="width: 950px; text-align: left; margin-left: auto; margin-right: auto;"
 border="0" cellpadding="0" cellspacing="5">
  <tbody>
    <tr>
      <td colspan="2"
 style="width: 589px; text-align: center; vertical-align: top;">
      <table
 style="text-align: left; width: 100%;" border="0"
 cellpadding="0" cellspacing="0">
        <tbody>
          <tr>
            <td
 style="text-align: center; vertical-align: top; width: 204px;"></td>
            <td
 style="text-align: center; vertical-align: top; width: 726px;">
            <table
 style="text-align: left; background-color: rgb(255, 255, 255); width: 720px; height: 20px;"
 border="0" cellpadding="0" cellspacing="5">
              <tbody>
                <tr>
                  <td
 style="text-align: center; width: 234px; height: 20px; vertical-align: middle; background-color: rgb(0, 113, 188);"><a
 href="edit_pic.php"><span
 style="color: rgb(255, 255, 255); font-weight: normal ! important;">Edit
Picture</span></a></td>
                  <td
 style="text-align: center; width: 234px; height: 20px; background-color: rgb(0, 113, 188); vertical-align: middle;"><a
 href="edit_info.php"><span
 style="color: rgb(255, 255, 255); font-weight: normal ! important;">Edit
Information</span></a></td>
                  <td
 style="text-align: center; width: 234px; height: 20px; background-color: rgb(0, 113, 188); vertical-align: middle;"><a
 href="account_settings.php"><span
 style="color: rgb(255, 255, 255); font-weight: normal ! important;">Account
Information</span></a></td>
                </tr>
              </tbody>
            </table>
            </td>
          </tr>
        </tbody>
      </table>
      </td>
    </tr>
  </tbody>
</table>
<table
 style="width: 950px; height: 5%; text-align: left; margin-left: auto; margin-right: auto;"
 border="0" cellpadding="0" cellspacing="0">
  <tbody>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><?php echo "$success"; ?></td>
    </tr>
  </tbody>
</table>


<form action="edit_info.php" method="post" enctype="multipart/form-data" name="form" id="form" onsubmit="return validate_form ( );">
<br><div id="editinfo"><br><table
 style="width: 950px; text-align: left; margin-left: auto; margin-right: auto;"
 border="0" cellpadding="0" cellspacing="5">
  <tbody>
    <tr>
      <td
 style="width: 340px; text-align: center; vertical-align: top;"><br><table
 style="width: 340px; text-align: left; margin-left: auto; margin-right: auto;"
 border="0" cellpadding="0" cellspacing="0">
  <tbody>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">First
Name:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="firstname" type="text" id="firstname" value="<?php echo "$firstname"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">Last
Name:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="lastname" type="text" id="lastname" value="<?php echo "$lastname"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>

  <td
 style="text-align: center; vertical-align: top;"><br>City:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="city" type="text" id="city" value="<?php echo "$city"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">State:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="state" type="text" id="state" value="<?php echo "$state"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>

  <td
 style="text-align: center; vertical-align: top;"><br>School:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="school" type="text" id="school" value="<?php echo "$school"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">Employer:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="employer" type="text" id="employer" value="<?php echo "$employer"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><br>Relationship
Status:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">

<input name="relationshipstatus" type="text" id="relationshipstatus" value="<?php echo "$relationshipstatus"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;">Website:</td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="website" type="text" id="website" value="<?php echo "$website"; ?>" size="30" maxlength="40" /></td>
    </tr>
    <tr>
      <td
 style="text-align: center; vertical-align: top;"><input name="Submit" type="submit" value="Submit Misc." /><br><br></td>
    </tr>
  </tbody>
</table>
</td>
      <td
 style="width: 589px; text-align: center; vertical-align: top;"><br>
<textarea name="aboutme" cols="70" rows="10" id="aboutme"><?php echo "$aboutme"; ?></textarea><br><input name="Submit" type="submit" value="Submit About Me" />
      <br><br><br>



</td>
    </tr>
  </tbody>
</table>

NogDog

Well, you don't ever check to see if your update query really ran, so maybe start there?

Instead of just doing this:

    $sql = mysql_query("UPDATE members SET facebook='$facebook',youtube='$youtube',myspace='$myspace',instagram='$instagram',linkedin='$linkedin',twitter='$twitter',firstname='$firstname',lastname='$lastname',school='$school',website='$website',aboutme='$aboutme',city='$city',state='$state',employer='$employer',relationshipstatus='$relationshipstatus'  WHERE id='$id'");

...try something like this:

    $sql = "UPDATE members SET facebook='$facebook',youtube='$youtube',myspace='$myspace',instagram='$instagram',linkedin='$linkedin',twitter='$twitter',firstname='$firstname',lastname='$lastname',school='$school',website='$website',aboutme='$aboutme',city='$city',state='$state',employer='$employer',relationshipstatus='$relationshipstatus'  WHERE id='$id'";
    if(mysql_query($sql) == false) {
        throw new Exception("Update failed: ".mysql_error().PHP_EOL.$sql);
    }

jfleck

Thanks, This is the response I got to replaceing that.

Fatal error: Uncaught exception 'Exception' with message 'Update failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't go it alone. J.Fleck has written hundreds of poetic peices which have gaine' at line 1 UPDATE members SET facebook='https://www.facebook.com/josephfleck25',youtube='http://www.youtube.com/jfleckpoetry',myspace='',instagram='',linkedin='http://www.linkedin.com/profile/view?id=',twitter='https://twitter.com/jfleck4u',firstname='jskkk',lastname='Fleck ',school='Skagit Valley College',website='http://www.harborcitysolutions.com25',aboutme='J.Fleck (Joseph Fleck) is a poet, motivationalist and entrepreneur from southern California. Joe has a vision of helping people gain strength, independence and faith while he walks with you, not in front of you. We are all in this journey together, don't go it alone. J.Fleck has written hundreds of poetic peices which have gained viral recognition on youtube as several spoken wo in /home/renovati/public_html/sourcevibe.com/account/edit_info.php on line 33

NogDog

So I'd guess you aren't doing anything to escape the user inputs before using them in the query. (See [man]mysql_real_escape_string/man -- which could be avoided if you moved up to the PDO or MySQLi extensions instead of using the deprecated mysql_*() functions, then use bound parameters, but I'm guessing you just want to get this working for now. 😉 )

And the obligatory SQL Injection cartoon: http://xkcd.com/327/