ok, couple of things:
[php]$q = “UPDATE users SET first_name=’$fn’, last_name=’$ln’, email=’$e’ --> , <-- WHERE user_id=$id LIMIT 1”; // comma here not needed![/php]
there is an equals sign missing from this line in the value element:
[php]<input type=“hidden” name=“id” value"’ . $id . '" />[/php]
it should be:
[php][/php]
i’ve copied and altered the script (see below) for you to take and compare with yours see if you can see how i changed what, and why…
[php]
<?php # Script 9.3 - edit_user.php
// This page is for editing a user record.
// This page is accessed through view_users.php
$page_title = 'Edit a User';
include('header.html');
echo '
Edit a User
';
//Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) )
{
//From view_users.php
$id = $_GET['id'];
}
elseif( (isset($_POST['id'])) && (is_numeric($_POST['id'])) )
{
// Form submission
$id = $_POST['id'];
}
else
{
// No valid ID . kill the script.
echo '
This is where the error occurs.
';
//include('footer.html');
//exit();
}
require_once($_SERVER['DOCUMENT_ROOT'] . '/connect.php'); // in public folder
//require_once($_SERVER['DOCUMENT_ROOT'] . '../../connect.php'); // above public folder
//Check if the form has been submitted:
if (isset($_POST['submitted']))
{
$errors = array();
echo $id;
//Check for a first name:
if(empty($_POST['first_name']))
{
$errors[] = 'You forgot to enter your first name.';
}
else
{
$fn = mysql_real_escape_string(trim($_POST['first_name']));
}
//Check for a last name:
if (empty($_POST['last_name']))
{
$errors[] = 'You forgot to enter your last name.';
}
else
{
$ln = mysql_real_escape_string(trim($_POST['last_name']));
}
//Check for an email address:
if (empty($_POST['email']))
{
$errors[] = 'You forgot to enter your email address.';
}
else
{
$e = mysql_real_escape_string(trim($_POST['email']));
}
//If everything's okay.
if (empty($errors))
{
//Test for unique email address:
$q = "SELECT user_id FROM users WHERE email='$e' AND user_id != $id";
$r = mysql_query($q);
if (mysql_num_rows($r) == 0)
{
//Make the query:
$q = "UPDATE users SET first_name='$fn', last_name='$ln', email='$e' WHERE user_id=$id LIMIT 1";
if (mysql_affected_rows($dbc) == 1)
{
// If it ran OK
//Print a message:
echo '
The user has been edited.
';
}
else
{
// If the query did not run OK
echo '
The user could not be edited due to a system error. We apologize for any inconvenience
'; // Public message.
echo '
' . mysql_error() . '
Query: ' . $q . '
'; //Debugging Message.
}
}
else
{
//Already Registered.
echo '
The email address has already been registered.
';
}
}
else
{
// Report the errors.
echo '
The following error(s) occured:
';
foreach($errors as $msg)
{
//Print each error.
echo " - $msg
\n";
}
echo '
Please try again.
';
} // End of if (empty($errors)) IF.
} //End of submit conditional.
//Always show the form...
//Retrieve the user's information:
$q = "SELECT first_name, last_name, email FROM users WHERE user_id=$id";
$r = @mysql_query ($q);
if (mysql_num_rows($r) ==1) { // Valid user ID shown in the form.
// Get the user's information:
$row = mysql_fetch_array ($r, MYSQL_NUM);
echo $id;
// Create the form:
echo '
First Name:
Last Name:
Email Address:
';
} else { // Not a valid user ID.
echo '
This page has been accessed in error.
';
}
mysql_close($dbc);
include('footer.html');
?>
[/php]
and here is your connect script: just add in your details (username, password etc)
[php]
<?php
/*********************************************************************/
/* Database connection settings */
/*********************************************************************/
// Mysql stuff
$db_con = ''; // Address of database
$db_sel = ''; // Select database
$db_user = ''; // Database username
$db_pass = ''; // Database password
// Attempt to connect to MySQL.
if ( mysql_connect ($db_con, $db_user, $db_pass) )
{
// Select the database
if ( !mysql_select_db ($db_sel) )
{
// If could not select database
die ( '
Could not select database !!
' );
}
}
else
{
// If could not connect to MySQL.
print '
Could not connect to database.
';
}
?>
[/php]
For the purpose of this script connect.php can be in your public folder, but for security reasons it shouldn’t be kept here. There is two lines (1 commented out) so you can choose where to put it.
I hope this helps
P.s: in the form anything AFTER the submit button won’t be sent so you can see i swapped the button to the bottom.