Help in row (update function)

Beginners - Learning PHP
#1

Hi there,
i am trying actually to update the data in database. but the problem is that once i submit it tells me that its good but nothing changed , i guess that there is a problem in my : $id

Thanks in advance,

image
image1215×774 39 KB

#2

Posting the actual code here would be more useful in helping you and make sure format the code if you don.

#3

The issues that I see are
not using parameterized queries.
Not knowing if id has a value
and storing plain text passwords

#4 
<?php
$id="";
$login ="";
$email ="";
$password = "";
$firstname = "";
$lastname = "";
$job = "";
$domain = "";
$modifier="";


session_start();
include 'connection.php';
if(isset($_SESSION['login'])){
	if($_SESSION['login']['rank']>1){
		header("Location:user_profile.php");
	}
	if(isset($_GET['edit'])){

		$id = $_GET['id'];

		$sql = "SELECT * FROM m2lm_user WHERE id='$id' ";

		$query = mysqli_query($con,$sql);

		$row = mysqli_fetch_array($query);

		$id = $row['id'];
		$login = $row['login'];
		$email = $row['email'];
		$password = $row['password'];
		$firstname = $row['firstname'];
		$lastname = $row['lastname'];
		$job = $row['job'];
		$domain = $row['domain'];

		$modifier = true;

		

	}

	if(isset($_POST['submit']))
	{

		$login = $_POST['login'];
		$email = $_POST['email'];
		$password = $_POST['password'];
		$firstname = $_POST['firstname'];
		$lastname = $_POST['lastname'];
		$job = $_POST['job'];
		$domain = $_POST['domain'];

		$sql="UPDATE m2lm_user SET login='$login', email='$email', password ='$password', firstname='$firstname', lastname='$lastname', job='$job', domain='$domain' WHERE id ='$id'";
		$query = mysqli_query($con,$sql);
		if($query) {
			echo "yesss";
		}

	}
	
}
?>

<!DOCTYPE html>
<html>
<head>
	<title>Edit Result</title>
	<link href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
  <link rel="stylesheet" href="css/indexnavbar.css">
  <link rel="stylesheet" href="css/indexbody.css">
</head>
<body>
	
	<form action="modifier.php" method="post">
	<div class="container">
		<div class="row">
			<a href="admin.php" class="btn btn-success" style="margin:10px;">Revenir </a>
		</div>
		<div class="row">
   		<?php if(isset($_REQUEST['error'])){ ?>
   		<div class="col-lg-12">
   			<span class="alert alert-danger" style="display: block;"><?php echo $_REQUEST['error']; ?></span>
   		</div>
	   	<?php } ?>
	   	</div>

	   	<div class="row">
   		<?php if(isset($_REQUEST['success'])){ ?>
   		<div class="col-lg-12">
   			<span class="alert alert-success" style="display: block;"><?php echo $_REQUEST['success']; ?></span>
   		</div>
	   	<?php } ?>
	   	</div>
		<div class="row">
			<h2 style="margin:15px;" class="text-center">Modifier un utilisateur</h2>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="hidden" name="id"  value="<?php $_GET['edit'] ?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="login" placeholder="login" required="required" value="<?php echo$login;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="email" placeholder="email" required="required" value="<?php echo $email;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="password" name="password" placeholder="Password" required="required" value="<?php echo $password;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="firstname" placeholder="firstname" required="required" value="<?php echo $firstname;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="lastname" placeholder="lastname" required="required" value="<?php echo $lastname;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="job" placeholder="job" required="required" value="<?php echo $job;?>" class="form-control">
			</div>
		</div>
		<div class="row">
			<div class="col-lg-12 form-group">
				<input type="text" name="domain" placeholder="domain" required="required" value="<?php echo $domain;?>" class="form-control">
			</div>
		</div>
	
		<?php if($modifier==true){?>
		<div class="row">
			<div class="col-lg-12 form-group">
				<button name="submit" type="submit" class="btn btn-success btn-block" value="modifier">Modifier</button>
			</div>
		<?php } ?>
		</div>
	</div>
	</form>

</body>
</html>
#5

You need to validate ALL inputs to a page before using them, either setting up user error messages or redirecting elsewhere. Doing this will provide a better User eXperience (UX) and it will get your code to tell you why it isn’t working. You won’t have to guess if the problem is the id, the edit action, the user rank,…

Next, you have too much code. Why does that matter? You end up with a wall of code that you cannot figure out and others don’t want to wade through trying to identify what’s actually causing the problem. Some specific things -

  1. Don’t write out line after line of code for each form field. Instead, keep the set of form data as an array variable, then just operate on elements of the array. You can initialize or trim/copy all elements in the array using one single statement, regardless of how many elements there are.
  2. Don’t store the user’s rank, permissions, user information… in session variables, since this means that those values cannot be changed without requiring the user to log in again. Instead, just store the user’s id (auto-increment integer primary index) in a session variable to identify who the logged in user is, then query on each page request to get the other user information. This will cause any change/edit in the values to take effect immediately (on the next page request.)
  3. Since you are apparently letting a user edit their own information, you should get the id for both the SELECT and UPDATE queries from the session variable, not from an external value.
  4. Every header() redirect needs an exit/die statement after it to stop program execution. Your current code will let anyone update any record even if they are not logged in, since all the code runs after the header() statement.
  5. Don’t copy variables to other variables without any reason, This is just a waste of typing and server memory.
  6. As already mentioned, you need to use prepared queries when supplying external/unknown/dynamic values to an sql query statement.
  7. Also, as already mentioned, you need to use password_hash(), when inserting/updating the password value, and password_verify() in the login code.
  8. You also need logic to detect if the password is not being updated, so that you don’t replace the existing password hash with the hash of an empty value.
  9. You should switch to the much simpler PDO extension.
  10. You should list out the columns you are SELECTing. This helps to make your code/query self-documenting and insures you are only retrieving the data you need.
  11. Since any query may not match any data, you need to test if there is data before using it, setting up a user error message if a query that was expected to match data, didn’t.
  12. You should only execute the SELECT query if the form has not been submitted. The simplest way of doing this is to define an array variable to hold a (trimmed) working copy of the form data or the initial data from the select query. Inside the form processing code, trim and copy the submitted $_POST data to this array variable. After the end of the form processing code, if this array variable is empty, you would query for the initial data and store it into this array variable. Elements of this array variable would be used throughout the rest of the code.
  13. Your post method form processing code should detect if a post method form was submitted before referencing any of the form data.
  14. You need error handling for all the database statements that can fail - connection, query, prepare, and execute. The simplest way of doing this is to use exceptions for errors and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) You can then remove any error handling logic you have for these statements now.
  15. Don’t use $_REQUEST. Use the correct $_POST, $_GET, or $_COOKIE variable you expect data to be in.
  16. Any dynamic value that you output in a html context needs to have htmlentities() applied to it to help prevent cross site scripting.
  17. To get a form to submit to the same page, leave the action=’…’ attribute out of the form tag. This has the added advantage of causing the browser to ‘automatically’ propagate any existing get parameters when the form is submitted (which is part of the problem you are having now.)
Sponsor our Newsletter | Privacy Policy | Terms of Service