Script. Not updating the database?

Ellie · September 16, 2012, 12:57am

So its a script to update your profile

(Based off Vauth)

So heres the main page PHP
[php]

<? $pagetitle = "Update Profile"; include_once ("header.inc.php"); include_once ("auth.php"); include_once ("authconfig.php"); include_once ("check.php"); ?> Update Profile

Update info

<td width="66%" bgcolor="#C0C0C0"><select name="gender"><option value="<? echo $check["gender"] ?>"> <? echo $check["gender"] ?>

    <option value="Female">Female
      
            <option value="Male">Male
    <option value="Both">Both
        
        
    <option value="Alien">Alien
          
                 <option value="Unknown">Unknown
    <option value="None">None
            
    </select></td>

<tr>
  <td width="34%" bgcolor="#C0C0C0"><b><font size="2" face="Arial">Location:</font></b></td>
  <td width="66%" bgcolor="#C0C0C0">
  <input type="text" name="location" value="<? echo $check["location"] ?>" size="25"></td>
</tr>
<tr>
  <td width="34%" bgcolor="#C0C0C0"><b><font size="2" face="Arial">Avatar url:</font></b></td>
  <td width="66%" bgcolor="#C0C0C0">
  <input type="text" name="avatar" value="<? echo $check["avatar"] ?> "size="25"></td>
</tr>
 <tr>


Old Password:
New Password:
Confirm:

Age:	">
Gender:
About You:	<? echo $check["about"] ?>
Your Site Tasks:	<? echo $check["tasks"] ?>

<? if (isset($_POST['submit'])) { $USERNAME = $_COOKIE['USERNAME']; $PASSWORD = $_COOKIE['PASSWORD']; $submit = $_POST['submit']; $oldpasswd = $_POST['oldpasswd']; $newpasswd = $_POST['newpasswd']; $confirmpasswd = $_POST['confirmpasswd']; $age = $_POST['age']; $gender = $_POST['gender']; $location = $_POST['location']; $avatar = $_POST['avatar']; $about = $_POST['about']; $tasks = $_POST['tasks']; } else { $submit = ""; } $user = new auth(); $connection = mysql_connect($dbhost, $dbusername, $dbpass); // REVISED CODE $SelectedDB = mysql_select_db($dbname); $userdata = mysql_query("SELECT * FROM staff WHERE username='$USERNAME' and passwd='$PASSWORD'"); if ($submit) { // Check if Old password is the correct if ($oldpasswd != $PASSWORD) { print "

"; print " "; print " Old password is wrong!"; print " "; print "

"; exit; } // Check if New password if blank if (trim($newpasswd) == "") { print "

"; print " "; print " Password Blank!"; print " "; print "

"; exit; } if (trim($age) == "") { print "

"; print " "; print " Age Blank!"; print " "; print "

"; exit; } if (trim($gender) == "") { print "

"; print " "; print " Gender Blank!"; print " "; print "

"; exit; } if (trim($location) == "") { print "

"; print " "; print " Location Blank!"; print " "; print "

"; exit; } if (trim($about) == "") { print "

"; print " "; print " About Blank!"; print " "; print "

"; exit; } if (trim($tasks) == "") { print "

"; print " "; print " Tasks Blank!"; print " "; print "

"; exit; } if (trim($avatar) == "") { print "

"; print " "; print " Avatar Blank!"; print " "; print "

"; exit; } if ($newpasswd != $confirmpasswd) { print "

"; print " "; print " New password was not confirmed!"; print " "; print "

"; exit; } // If everything is ok, use auth class to modify the record $update = $user->modify_user( $username, $password, $check["team"], $check["level"], $check["status"], $check["name"], $age, $gender, $location, $check["profile"], $about, $tasks, $avatar); if ($update) { print "

"; print " "; print " Profile Updated!
"; print " "; print "

"; } } ?>[/php]

This comes back as profile updated

But then I look at the database and It hasnt updated

This is the addon page auth.php code snippet to do with this script

[php]// MODIFY USERS
function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) {

    // If $password is blank, make no changes to the current password
    if (trim($password == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
	
	if (trim($age == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
	
	if (trim($gender == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
	
	if (trim($location == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
    
	
	if (trim($about == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
	
	if (trim($tasks == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }
	
	
	if (trim($avatar == ''))
    {
        $qUpdate = "UPDATE staff SET team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar' WHERE username='$username'";
    }
    else
    {
        $qUpdate = "UPDATE staff SET passwd=MD5('$password'), team='$team', level='$level', status='$status', name='$name', age='$age', gender='$gender', location='$location', profile='$profile',  about='$about', tasks='$tasks',  avatar='$avatar'
				    WHERE username='$username'";
    }

	if (trim($level)=="") {
		return "blank level";
	}
	else if (($username=="sa" AND $status=="inactive")) {
		return "sa cannot be inactivated";
	}
	else if (($username=="admin" AND $status=="inactive")) {
		return "admin cannot be inactivated";
	}
	else {
		$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
		$SelectedDB = mysql_select_db($this->DBNAME);
		$result = mysql_query($qUpdate); 
		return 1;
	}
	
} // End: function modify_user
[/php]

I am still learning php.

Please be clear on where Im going wrong so I can learn further.

Because my script is based from another Ive added the change password part as a base to go off. I Dont actually want member to have to change their password each time they update, So Can I remove that bit? If so what do I need to change for it still to work?

richei · September 16, 2012, 5:20am

I see what you’re trying to, since you’re essentially building individual parts of the query, there’s no need to keep sending the same query over and over again. Do something like
[php]
function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) {

$qupdate = array();
if (trim($password != ‘’)) {
$qUpdate[] = “passwd=MD5(’$password’)”
}
if (trim($age != ‘’)) {
$qUpdate[] = “age=’$age’”
}
if (trim($gender != ‘’)) {
$qUpdate[] = “gender=’$gender’”
}
if (trim($location != ‘’)) {
$qUpdate[] = “location=’$location’”
}
if (trim($about != ‘’)) {
$qUpdate[] = “about=’$about’”
}
if (trim($tasks != ‘’)) {
$qUpdate[] = “tasks=’$tasks’”
}
// rest of qupdates

if (trim($level)=="") {
return “blank level”;
} else if (($username==“sa” AND $status==“inactive”)) {
return “sa cannot be inactivated”;
} else if (($username==“admin” AND $status==“inactive”)) {
return “admin cannot be inactivated”;
} else {
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
for($i=0; $i < count($qupdate); $i++) {
$sqlfields = implode(’,’, $qupdate[$i]);
}
$result = mysql_query($sqlfields);
return 1;
}
} // End: function modify_user[/php]

Basically, i got rid of the double updates. There’s no need to run an update if nothing changed, its just wasted resources on the server… What i did was take all those out and only looked for what wasn’t empty (another way of doing that is if(!empty(trim($_POST[‘age’]))) { }). Then at the end, before the execution, i implode all those fields, what should end up with is just the things that need to be updated.

I’m glad i saw this, doing it this way would fix some of the issues i’m having with my member update page.

Ellie · September 16, 2012, 5:44pm

Thanks for the reply.

I had to put ; at the end of the trim’s as I got synax errors.

[php]function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) {

$qupdate = array();
if (trim($password != ‘’)) {
$qUpdate[] = “passwd=MD5(’$password’)”;
}
if (trim($age != ‘’)) {
$qUpdate[] = “age=’$age’”;
}
if (trim($gender != ‘’)) {
$qUpdate[] = “gender=’$gender’”;
}
if (trim($location != ‘’)) {
$qUpdate[] = “location=’$location’”;
}
if (trim($about != ‘’)) {
$qUpdate[] = “about=’$about’”;
}
if (trim($tasks != ‘’)) {
$qUpdate[] = “tasks=’$tasks’”;
}
// rest of qupdates

if (trim($level)=="") {
return “blank level”;
} else if (($username==“sa” AND $status==“inactive”)) {
return “sa cannot be inactivated”;
} else if (($username==“admin” AND $status==“inactive”)) {
return “admin cannot be inactivated”;
} else {
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
for($i=0; $i < count($qupdate); $i++) {
$sqlfields = implode(’,’, $qupdate[$i]);
}
$result = mysql_query($sqlfields);
return 1;
}
} [/php]

However, The script still does not work? ???

I tested the script on the password part and That does work (kinda) It recognizes when I enter an old password.

But still no update.

This is the whole auth.php page

[php]

<?php class auth{ // CHANGE THESE VALUES TO REFLECT YOUR SERVER'S SETTINGS var $HOST = "xxxxxxxxxxxxxxxxxxx"; var $USERNAME = "xxxxxxxxxxxx"; var $PASSWORD = "xxxxxxxxxxxxxxxxxxxxx"; var $DBNAME = "xxxxxxx"; // AUTHENTICATE function authenticate($username, $password) { $query = "SELECT * FROM staff WHERE username='$username' AND passwd=MD5('$password') AND status <> 'inactive'"; $UpdateRecords = "UPDATE staff SET lastlogin = NOW(), logincount = logincount + 1 WHERE username='$username'"; $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($query); $numrows = mysql_num_rows($result); $row = mysql_fetch_array($result); // CHECK IF THERE ARE RESULTS // Logic: If the number of rows of the resulting recordset is 0, that means that no // match was found. Meaning, wrong username-password combination. if ($numrows == 0) { return 0; } /* elseif ($row["level"]==1) { // ADMIN LOGIN $Update = mysql_query($UpdateRecords); return 1; } */ else { $Update = mysql_query($UpdateRecords); return $row; } } // End: function authenticate // PAGE CHECK // This function is the one used for every page that is to be secured. This is not the same one // used in the initial login screen function page_check($username, $password) { $query = "SELECT * FROM staff WHERE username='$username' AND passwd=MD5('$password') AND status <> 'inactive'"; $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($query); $numrows = mysql_num_rows($result); $row = mysql_fetch_array($result); // CHECK IF THERE ARE RESULTS // Logic: If the number of rows of the resulting recordset is 0, that means that no // match was found. Meaning, wrong username-password combination. if ($numrows == 0) { return false; } else { return $row; } } // End: function page_check // MODIFY USERS function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) { $qupdate = array(); if (trim($password != '')) { $qUpdate[] = "passwd=MD5('$password')"; } if (trim($age != '')) { $qUpdate[] = "age='$age'"; } if (trim($gender != '')) { $qUpdate[] = "gender='$gender'"; } if (trim($location != '')) { $qUpdate[] = "location='$location'"; } if (trim($about != '')) { $qUpdate[] = "about='$about'"; } if (trim($tasks != '')) { $qUpdate[] = "tasks='$tasks'"; } // rest of qupdates if (trim($level)=="") { return "blank level"; } else if (($username=="sa" AND $status=="inactive")) { return "sa cannot be inactivated"; } else if (($username=="admin" AND $status=="inactive")) { return "admin cannot be inactivated"; } else { $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); $SelectedDB = mysql_select_db($this->DBNAME); for($i=0; $i < count($qupdate); $i++) { $sqlfields = implode(',', $qupdate[$i]); } $result = mysql_query($sqlfields); return 1; } } // End: function modify_user // DELETE USERS function delete_user($username) { $qDelete = "DELETE FROM staff WHERE username='$username'"; if ($username == "sa") { return "User sa cannot be deleted."; } elseif ($username == "admin") { return "User admin cannot be deleted."; } elseif ($username == "test") { return "User test cannot be deleted."; } $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($qDelete); return mysql_error(); } // End: function delete_user // ADD USERS function add_user($username, $password, $team, $level, $status, $age, $gender, $location, $about, $tasks, $avatar, $name) { $qUserExists = "SELECT * FROM staff WHERE username='$username'"; $qInsertUser = "INSERT INTO staff(username, passwd, team, level, status, lastlogin, logincount) VALUES ('$username', MD5('$password'), '$team', '$level', '$status', '', 0)"; $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); // Check if all fields are filled up if (trim($username) == "") { return "blank username"; } // password check added 09-19-2003 elseif (trim($password) == "") { return "blank password"; } elseif (trim($level) == "") { return "blank level"; } // Check if user exists $SelectedDB = mysql_select_db($this->DBNAME); $user_exists = mysql_query($qUserExists); if (mysql_num_rows($user_exists) > 0) { return "username exists"; } else { // Add user to DB // OLD CODE - DO NOT REMOVE // $result = mysql_db_query($this->DBNAME, $qInsertUser); // REVISED CODE $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($qInsertUser); return mysql_affected_rows(); } } // End: function add_user // ***************************************************************************************** // ************************************** G R O U P S ************************************** // ***************************************************************************************** // ADD TEAM function add_team($teamname, $teamlead, $status="active") { $qGroupExists = "SELECT * FROM authteam WHERE teamname='$teamname'"; $qInsertGroup = "INSERT INTO authteam(teamname, teamlead, status) VALUES ('$teamname', '$teamlead', '$status')"; $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); // Check if all fields are filled up if (trim($teamname) == "") { return "blank team name"; } // Check if group exists // OLD CODE - DO NOT REMOVE // $group_exists = mysql_db_query($this->DBNAME, $qGroupExists); // REVISED CODE $SelectedDB = mysql_select_db($this->DBNAME); $group_exists = mysql_query($qGroupExists); if (mysql_num_rows($group_exists) > 0) { return "group exists"; } else { // Add user to DB // OLD CODE - DO NOT REMOVE // $result = mysql_db_query($this->DBNAME, $qInsertGroup); // REVISED CODE $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($qInsertGroup); return mysql_affected_rows(); } } // End: function add_group // MODIFY TEAM function modify_team($teamname, $teamlead, $status) { $qUpdate = "UPDATE authteam SET teamlead='$teamlead', status='$status' WHERE teamname='$teamname'"; $qUserStatus = "UPDATE staff SET status='$status' WHERE team='$teamname'"; if ($teamname == "Admin" AND $status=="inactive") { return "Admin team cannot be inactivated."; } elseif ($teamname == "Ungrouped" AND $status=="inactive") { return "Ungrouped team cannot be inactivated."; } else { $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); // UPDATE STATUS IF STATUS OF TEAM IS INACTIVATED // OLD CODE - DO NOT REMOVE //$userresult = mysql_db_query($this->DBNAME, $qUserStatus); // REVISED CODE $SelectedDB = mysql_select_db($this->DBNAME); $userresult = mysql_query($qUserStatus); // OLD CODE - DO NOT REMOVE // $result = mysql_db_query($this->DBNAME, $qUpdate); // REVISED CODE $result = mysql_query($qUpdate); return 1; } } // End: function modify_team // DELETE TEAM function delete_team($teamname) { $qDelete = "DELETE FROM authteam WHERE teamname='$teamname'"; $qUpdateUser = "UPDATE staff SET team='Ungrouped' WHERE team='$teamname'"; if ($teamname == "Admin") { return "Admin team cannot be deleted."; } elseif ($teamname == "Ungrouped") { return "Ungrouped team cannot be deleted."; } elseif ($teamname == "Temporary") { return "Temporary team cannot be deleted."; } $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD); // OLD CODE - DO NOTE REMOVE // $result = mysql_db_query($this->DBNAME, $qUpdateUser); // REVISED CODE $SelectedDB = mysql_select_db($this->DBNAME); $result = mysql_query($qUpdateUser); // OLD CODE - DO NOT REMOVE // $result = mysql_db_query($this->DBNAME, $qDelete); // REVISED CODE $result = mysql_query($qDelete); return mysql_error(); } // End: function delete_team } // End: class auth ?>

[/php]

Didnt know if posting this would help further?

malasho · September 16, 2012, 7:30pm

See if the following works for you:[php]function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) {

$qUpdate = array();
if (trim($password != ‘’)) {
$qUpdate[] = “passwd=MD5(’$password’)”;
}
if (trim($age != ‘’)) {
$qUpdate[] = “age=’$age’”;
}
if (trim($gender != ‘’)) {
$qUpdate[] = “gender=’$gender’”;
}
if (trim($location != ‘’)) {
$qUpdate[] = “location=’$location’”;
}
if (trim($about != ‘’)) {
$qUpdate[] = “about=’$about’”;
}
if (trim($tasks != ‘’)) {
$qUpdate[] = “tasks=’$tasks’”;
}
// rest of qupdates

if (trim($level)=="") {
return “blank level”;
} else if (($username==“sa” AND $status==“inactive”)) {
return “sa cannot be inactivated”;
} else if (($username==“admin” AND $status==“inactive”)) {
return “admin cannot be inactivated”;
} else {
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
$sqlfields = ‘UPDATE staff SET ‘;
$sqlfields .= implode(’,’, $qUpdate);
$sqlfields .= " WHERE username=’$username’";
$result = mysql_query($sqlfields);
return 1;
}

} // End: function modify_user[/php]

Ellie · September 16, 2012, 7:42pm

Nope

It claims its updating but it isnt.

richei · September 16, 2012, 8:13pm

at this point, we need to see what’s contained in the query. Also need to finish the script. You can’t expect it to work when you keep changing what we’re giving you (unless its giving errors).

after the $sqlfields, add this

echo $sqlfields;

malasho · September 16, 2012, 8:20pm

Lets see what is going on…

Insert[php]echo $sqlfields;[/php]
immediately before
[php]return 1;[/php]

This should show you the query that is being sent to the database. At least we will know if it that is the problem or if we need to be looking somewhere else.

Ellie · September 16, 2012, 8:22pm

Sorry,

Like this?

[php] $sqlfields = implode(’,’, $qupdate[$i]);
}
$result = mysql_query($sqlfields);

echo $sqlfields;
return 1;
}
[/php]

richei · September 16, 2012, 8:25pm

no

[php]
echo $sqlfields;
$result = mysql_query($sqlfields);
return 1;[/php]

Ellie · September 16, 2012, 8:29pm

Ive got this

[php] for($i=0; $i < count($qupdate); $i++) {
$sqlfields = implode(’,’, $qupdate[$i]);
}
echo $sqlfields;
$result = mysql_query($sqlfields);
return 1;
}[/php]

Still nothing happening though …

malasho · September 16, 2012, 8:36pm

Ellie,

Did you cut and paste the function that I posted in its entirety? The snippet that you just posted has some issues that will prevent it from working. There were other issues in the rest of the function, so it would need to be completely replace to ensure that they are all caught.

Could you try the code I posted for the function, with the[php]echo $sqlfields;[/php]added at the same place.

Thanks.

PS Sorry Richei for posting on top of yours regarding echoing the $sqlfields. I hadn’t refreshed the screen and didn’t see your post until after I had posted. (Good minds think alike) You were correct though, it should be inserted before the query, not after.

Ellie · September 16, 2012, 9:59pm

I will put this on the page now and see what happens

[php]function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar) {

$qUpdate = array();
if (trim($password != ‘’)) {
$qUpdate[] = “passwd=MD5(’$password’)”;
}
if (trim($age != ‘’)) {
$qUpdate[] = “age=’$age’”;
}
if (trim($gender != ‘’)) {
$qUpdate[] = “gender=’$gender’”;
}
if (trim($location != ‘’)) {
$qUpdate[] = “location=’$location’”;
}
if (trim($about != ‘’)) {
$qUpdate[] = “about=’$about’”;
}
if (trim($tasks != ‘’)) {
$qUpdate[] = “tasks=’$tasks’”;
}
// rest of qupdates

if (trim($level)=="") {
return “blank level”;
} else if (($username==“sa” AND $status==“inactive”)) {
return “sa cannot be inactivated”;
} else if (($username==“admin” AND $status==“inactive”)) {
return “admin cannot be inactivated”;
} else {
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
$sqlfields = ‘UPDATE staff SET ‘;
$sqlfields .= implode(’,’, $qUpdate);
$sqlfields .= " WHERE username=’$username’";
echo $sqlfields;
$result = mysql_query($sqlfields);
return 1;
}

} // End: function modify_user[/php]

Ellie · September 16, 2012, 10:11pm

It reads

UPDATE staff SET age=‘23’,gender=‘Female’,location=‘Uk’,about=‘f’,tasks=‘f’ WHERE username=’’
Profile Updated!

But its not update?

richei · September 16, 2012, 10:29pm

oh its updating, but its updating every record in there, i hope that wasn’t a live server. The username isn’t in the where clause. Like i’ve been saying, you need to finish the if statements. When i gave you that code, it didn’t contain everything that was in the original. I stopped where the double slashes are (where it says “rest of updates”.

I don’t know how you’re making the function call, but the username isn’t getting passed.

Ellie · September 16, 2012, 10:38pm

Im Sorry you just completely lost me.

Im really confused

Edit:
I just re-read that
Do you mean its updating all records in that database table?
I will go check the db

Edit:
Checked my Database, Everything is still the same as it was

malasho · September 16, 2012, 11:39pm

Ellie,

Give this a try[php]function modify_user($username, $password, $team, $level, $status, $name, $age, $gender, $location, $profile, $about, $tasks, $avatar)
{
$items = array(‘team’,‘level’,‘status’,‘name’,‘age’,‘gender’,‘location’,‘profile’,‘about’,‘tasks’,‘avatar’);

  if(trim($password != ''))
    {
        $qUpdate[] = "passwd=MD5('$password')";
    }
  
  foreach($items as $item)
    {
        if(trim(${$item}) != '')
          {
              $qUpdate[] = "$item='".${$item}."'"; 
          }
    }

  if(trim($level)=='')
    {
        return 'blank level';
    }
  elseif($username=='sa' && $status=='inactive')
    {
        return 'sa cannot be inactivated';
    }
  elseif($username=='admin' && $status=='inactive')
    {
        return 'admin cannot be inactivated';
    }
  else
    {
        $connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
        $SelectedDB = mysql_select_db($this->DBNAME);
        $sqlfields  = 'UPDATE staff SET ';
        $sqlfields .= implode(',', $qUpdate);
        $sqlfields .= "  WHERE username='$username'";
        echo $sqlfields; // Remove this once code is working
        $result = mysql_query($sqlfields);
        return 1;
    }

} // End: function modify_user[/php]

Make sure that each of the items in the $items matches the correct column name in your table.

Let us know what the output query looks like.

Ellie · September 17, 2012, 12:23am

Thank you richei Who Looked at my script for me!

I didnt know PHP was cap sensitive.

I had $USERNAME and was updating $username

Thank you guys for helping me out

richei · September 17, 2012, 5:53am

Not a problem ellie. Now that you know what the problem is, you can probably go back to the original code if you wanted to.

Only one problem with your example there malasho, all you’re doing is echoing what’s in the items array, not what’s being passed to the function.

As for her problem, it was just a simple mistake of the call code using $username and the initial code using $USERNAME

malasho · September 17, 2012, 1:14pm

Ellie,

Now that you have the code working, you need to make sure to sanitize the data before using it in your database. Right now, you are storing values that can be directly manipulated by a user and it would be trivial to perform an SQL injection (and other attacks). Please do a search for something like “php mysql sanitize” and you should find several explanations and techniques.

Also, if you have decided you use your original code as it was presented (with the $username-$USERNAME) fix, please be aware that you will find that any fields that are left blank will be re-written as blank in the database. For example, if the user leaves the ‘about’ empty, your code will properly identify this and leave it out of the query ($qUpdate) when it reaches the line[PHP]if (trim($about == ‘’))[/PHP](please see my comments below regarding this syntax). However, your next if statement (looking at $tasks) will set the same $qUpdate variable to about=’$about’ in both cases. If you follow this down, in the end, only the ‘avatar’ value would have a chance of being excluded. (Since it is included in both the if and the else, it will actually be included either way).

Richei,

I don’t know about your environment, but the code I posted works perfectly on mine. You will note that I am using variable variables and that I setup the array to mirror the variables being received by the function. Before posting it, I executed the code as presented by calling the function with made up values. They were handled properly.

I presented this option for a couple of reasons. First, it removes many of the opportunities for the code to get inadvertently broken. This includes errant parenthesis, capitalization, brackets, etc. I wanted to eliminate as many potential problems as possible and I felt this accomplished that. You will note in the code that you originally suggested, you have several instances of $gUpdate and several of $gupdate. As Ellie discovered, php is case-sensitive and the code could not work this way unless you were treating them as separate variables, which you weren’t. In addition, you were building your “SET” clause by doing the following:[php]for($i=0; $i < count($qupdate); $i++) {
$sqlfields = implode(’,’, $qupdate[$i]);
}[/php]Other than the variable name, the other problem here is that $qUpdate[$i] is not an array, it is a one-dimensional element so there is nothing to implode. In addition, this would simply replace any previous value that was set for $sqlfields with the last occurrence.

The second reason I wrote it this way is that it is easily adaptable - in my opinion. There is far less to add or delete if a new element is introduced or one is removed down the road.

A last point is that most of the code that was presented in this thread contained the following format for the if…thens[PHP] if (trim($password != ‘’)) {…[/PHP]This doomed everything, as it should have been[php]if (trim($password) != ‘’) {…[/PHP]This applies to every one of the trims. This was fixed in the final version I posted.