My "edit_user.php"page isn't working

Beginners - Learning PHP
#1

First of all. I am a beginner. I have been trying to self-teach myself php and mysql for the last three months. It’s a lot of fun but now I am stuck trying to update a database. I am using a similar method to another update page that I have (which, btw is working fine) but when I put the two pages side-by-side I can’t see where I went wrong.

Every time when I hit the submit button, it displays the error message “User update failed.”

Would anybody be able to help me out please? Again, please bare in mind that I am new to coding and that my mistake might be quite simple or obvious to you but not to me. Any constructive criticism welcome :smiley:

I’m not sure if the information in the code below is enough. Let me know if I need to post anything else.

Thanks very much for your time

[php]

<?php require_once("../includes/session.php"); ?> <?php require_once("../includes/db_connection.php"); ?> <?php require_once("../includes/functions.php"); ?> <?php require_once("../includes/validation_functions.php"); ?> <?php confirm_logged_in(); ?> <?php $user = find_user_by_id($_GET["id"]); ?> <?php if (!$user) { redirect_to("manage_users.php"); } ?> <?php if (isset($_POST['submit'])) { $required_fields = array("username", "password", "job_title", "level", "first_name", "last_name"); validate_presences($required_fields); $fields_with_max_lengths = array("username" => 30); validate_max_lengths($fields_with_max_lengths); if (empty($errors)) { $id = $user["id"]; $username = mysql_prep($_POST["username"]); $hashed_password = password_encrypt($_POST["password"]); $job_title = mysql_prep($_POST["job_title"]); $level = mysql_prep($_POST["level"]); $first_name = mysql_prep($_POST["first_name"]); $last_name = mysql_prep($_POST["last_name"]); $query = "UPDATE users SET "; $query .= "username = '{$username}', "; $query .= "hashed_password = '{$hashed_password}' "; $query .= "job_title = '{$job_title}', "; $query .= "level = '{$level}', "; $query .= "first_name = '{$first_name}', "; $query .= "last_name = '{$last_name}', "; $query .= "WHERE id = {$id} "; $query .= "LIMIT 1"; $result = mysqli_query($connection, $query); if ($result && mysqli_affected_rows($connection) >= 0) { $_SESSION["message"] = "User updated."; redirect_to("manage_admins.php"); } else { $_SESSION["message"] = "User update failed."; } } } else { } ?> <?php include("../includes/layout/head.php"); ?> <?php include("../includes/layout/header.php"); ?> <?php $user = find_user_by_id($_GET["id"]); ?>
 
<?php echo message(); ?> <?php echo form_errors($errors); ?>

Edit User: <?php echo htmlentities($user["username"]); ?>

" method="post"> 
<p>Username:
	<input type="text" name="username" value="<?php echo htmlentities($user["username"]); ?>" />
</p>

<p>First Name:
  <input type="text" name="first_name" value="<?php echo htmlentities($user["first_name"]); ?>" />
</p>

<p>Last Name:
  <input type="text" name="last_name" value="<?php echo htmlentities($user["last_name"]); ?>" />
</p>

<p>Job Title:
  <select name="job_title" size="1">
    <option selected="selected" value="<?php echo htmlentities($user["job_title"]); ?>"><?php echo htmlentities($user["job_title"]); ?></option>
    <option value="Dispatcher">Dispatcher</option>
    <option value="Senior">Senior</option>
    <option value="Duty Officer">Duty Officer</option>
  </select>
</p>

<p>Level:
  <select name="level" size="1">
    <option selected="selected" value="<?php echo htmlentities($user["level"]); ?>"><?php echo htmlentities($user["level"]); ?></option>
    <option value="Dispatcher">Dispatcher</option>
    <option value="Mentor">Mentor</option>
    <option value="Senior">Senior</option>
    <option value="Duty Officer">Duty Officer</option>
    <option value="Administrator">Administrator</option>
  </select>
</p>

<p>Password:
  <input type="password" name="password" value="<?php echo htmlentities($user["hashed_password"]); ?>" />
</p>
<input type="submit" name="submit" value="Edit User" />

Cancel
<?php include("../includes/layout/footer.php"); ?>

[/php]

#2

I could be wrong, but ditch mysql_prep for that just sends shivers done my spine when I do a Google search and see magic quotes attached to it. Anyways you should be using prepared statements that way you really won’t have to worry too much in securing the code.

I’ll get back to you or someone else will in the mean time, but updating is one of the easiest thing to do in PHP, that is once you learn how to do it. You have to crawl before you walk.

Anyways this is just and example how I update in PDO ->

[php] public function update($data) {

$db = Database::getInstance();
$pdo = $db->getConnection();
/* Update the edited blog */
$this->query = 'UPDATE blog SET title=:title, message_post=:message_post, date_updated=NOW() WHERE id=:id';
/* Prepare the statement */
$this->stmt = $pdo->prepare($this->query);
/* Execute the statement */
$this->result = $this->stmt->execute(array(':title' => $data['title'], ':message_post' => $data['message_post'], ':id' => $data['id']));

return ($this->result) ? true : false;

}[/php]

This is just an example in OOP usin PDO, but like I said I will get back to you or some who is more familiar with mysqli will probably beat me to the punch. There are also a few other issues that hopefully will be addressed.

#3

Strider64

Thanks for your reply. So, now I have to learn Object Orientated PHP… This scares me a little lol.

I’ve seen a few videos on it but it seems to to the next level of programming, so I haven’t tackled it yet. It looks like I might have to man up and delve into the murky waters of more advanced programming.

BTW, my mysql_prep function looks like this:

[php]
function mysql_prep($string) {
global $connection;

    $escaped_string = mysqli_real_escape_string($connection, $string);
    return $escaped_string;
}

[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service