Database > MySQL database

updating value in table PHP/MySQL

(1/1)

Nick C.:
Hi, I'm a noob. I have a register/login script which works perfectly. Once the user logs in, I'd like them to be able to change their name. Here is the SQL:

CREATE TABLE `members` (
  `member_id` int(11) unsigned NOT NULL auto_increment,
  `firstname` varchar(100) default NULL,
  `lastname` varchar(100) default NULL,
  `login` varchar(100) NOT NULL default '',
  `passwd` varchar(32) NOT NULL default '',
  PRIMARY KEY  (`member_id`)
) TYPE=MyISAM;

I have a form in a file called member_settings.php

<form method="post" action="member_settings_exec.php">
<input name="mem_id" type="hidden" id="mem_id" value="<?php echo $_SESSION['SESS_MEMBER_ID']; ?>">
Name <input name="fname" type="text" id="fname" value="<?php echo $_SESSION['SESS_FIRST_NAME']; ?>">
<input name="update" type="submit" id="update" value="Update">
</form>

And here is member_settings_exec.php (I'll include all the code, because I'm not exactly sure where the problem is):

<?php
   //Start session
   session_start();

   //Include database connection details
   require_once('config.php');
   
   //Array to store validation errors
   $errmsg_arr = array();
   
   //Validation error flag
   $errflag = false;
   
   //Connect to mysql server
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('We failed to connect to the server: ' . mysql_error());
   }
   
   //Select database
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database.");
   }
   
   //Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   //Sanitize the POST values
   $fname = clean($_POST['fname']);
   
   //Input Validations
   if($fname == '') {
      $errmsg_arr[] = 'You cannot leave this field blank.';
      $errflag = true;
   }


   //If there are input validations, redirect back to the registration form
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: member_settings.php");
      exit();
   }
   
   #mem_id = clean($_POST['mem_id'])
   #fname = clean($_POST['fname'])

   //Create UPDATE query
   $qry = "UPDATE members SET firstname = $fname WHERE member_id = $mem_id" ;
   $result = @mysql_query($qry);
   
   //Check whether the query was successful or not
   if($result) {
      header("location: member-settings.php");
      exit();
   }else {
      die("Operation failed. " .mysql_error());
   }

?>

I usually get a syntax error in the $qry line, but I can't figure out what's wrong. I've tried several different approaches and either member_settings_exec.php loads blank or the syntax error. I can't figure out what it is! Any help? (I tried "UPDATE members(firstname) VALUES('$fname') WHERE member_id = $mem_id" to no avail).

cabalsdemon:
please put your code in code line next time so its easier


--- PHP Code: ---
CREATE TABLE `members` (
  `member_id` int(11) unsigned NOT NULL auto_increment,
  `firstname` varchar(100) default NULL,
  `lastname` varchar(100) default NULL,
  `login` varchar(100) NOT NULL default '',
  `passwd` varchar(32) NOT NULL default '',
  PRIMARY KEY  (`member_id`)
) TYPE=MyISAM;

I have a form in a file called member_settings.php

<form method="post" action="member_settings_exec.php">
<input name="mem_id" type="hidden" id="mem_id" value="<?php echo $_SESSION['SESS_MEMBER_ID']; ?>">
Name <input name="fname" type="text" id="fname" value="<?php echo $_SESSION['SESS_FIRST_NAME']; ?>">
<input name="update" type="submit" id="update" value="Update">
</form>

And here is member_settings_exec.php (I'll include all the code, because I'm not exactly sure where the problem is):

<?php
   //Start session
   session_start();

   //Include database connection details
   require_once('config.php');
   
   //Array to store validation errors
   $errmsg_arr = array();
   
   //Validation error flag
   $errflag = false;
   
   //Connect to mysql server
   $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
   if(!$link) {
      die('We failed to connect to the server: ' . mysql_error());
   }
   
   //Select database
   $db = mysql_select_db(DB_DATABASE);
   if(!$db) {
      die("Unable to select database.");
   }
   
   //Function to sanitize values received from the form. Prevents SQL injection
   function clean($str) {
      $str = @trim($str);
      if(get_magic_quotes_gpc()) {
         $str = stripslashes($str);
      }
      return mysql_real_escape_string($str);
   }
   
   //Sanitize the POST values
   $fname = clean($_POST['fname']);
   
   //Input Validations
   if($fname == '') {
      $errmsg_arr[] = 'You cannot leave this field blank.';
      $errflag = true;
   }


   //If there are input validations, redirect back to the registration form
   if($errflag) {
      $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
      session_write_close();
      header("location: member_settings.php");
      exit();
   }
   
   #mem_id = clean($_POST['mem_id'])
   #fname = clean($_POST['fname'])

   //Create UPDATE query
   $qry = "UPDATE members SET firstname = $fname WHERE member_id = $mem_id" ;
   $result = @mysql_query($qry);
   
   //Check whether the query was successful or not
   if($result) {
      header("location: member-settings.php");
      exit();
   }else {
      die("Operation failed. " .mysql_error());
   }

?>

--- End code ---



now it looks like your are not telling the script of update the database that you are doing anything

like this


--- PHP Code: ---
if(isset($_post 'submit' ))
 $qry = "UPDATE members SET firstname = $fname WHERE member_id = $mem_id" ;
   $result = @mysql_query($qry);

--- End code ---


something like that  not tested so work with it

Navigation

[0] Message Index

Go to full version