**Also, for best practice, make sure that your kirupa forums password isn’t the same as the password in your code example. **
Look i made an admin board it loads the objects it let me change its value but for example when i hit edit as save or ban button it dont changes anything on the db pleas help:
<?php
session_start();
mysql_connect('localhost','iiitttaa_italix','bolita1')or die ('Connection failed: '.mysql_error());
mysql_select_db('iiitttaa_login')or die ('Error selecting database: '.mysql_error());
if (isset($_SESSION['k_username'])) {
echo 'Welcome, ';
echo '<b>'.$_SESSION['a_username'].'</b>.';
?>
<?php
$res = mysql_query("SELECT password, usuario, active, bann, lastLogin, id, admin, email, bann_end FROM usuarios ORDER BY usuario");
if (mysql_num_rows($res)) {
echo "<table align='center' cellspacing='1' border='1'>";
echo "<tr>";
echo "<td with='50'>User</td>";
echo "<td with='50'>Active</td>";
echo "<td with='50'>Ban</td>";
echo "<td with='50'>Last Login</td>";
echo "<td with='50'>Admin</td>";
echo "<td with='50'>Email</td>";
echo "<td with='50'>Id</td>";
echo "<td with='50'>Ban End Date</td>";
echo "<td with='50'>Edit</td>";
echo "<td with='50'>Delete</td>";
echo "<td with='50'>Ban 24</td>";
echo "<td with='50'>Ban 72</td>";
echo "<td with='50'>Ban Forever</td>";
echo "</tr>";
while ($row = mysql_fetch_array($res)) {
echo "<tr>";
echo "<td>".$row['usuario']."</td>";
echo "<td>".$row['active']."</td>";
echo "<td>".$row['bann']."</td>";
echo "<td>".$row['lastLogin']."</td>";
echo "<td>".$row['admin']."</td>";
echo "<td>".$row['email']."</td>";
echo "<td>".$row['id']."</td>";
echo "<td>".$row['bann_end']."</td>";
echo "<td class='options'><a href='admin.php?usu=$row[usuario]&mode=e'>Edit</a></td>";
echo "<td class='options'><a href='admin.php?usu=$row[usuario]&mode=d'>Delete</a></td>";
echo "<td class='options'><a href='admin.php?usu=$row[usuario]&mode=b24'>Ban 24 hrs</a></td>";
echo "<td class='options'><a href='admin.php?usu=$row[usuario]&mode=b72'>Ban 72 hrs</a></td>";
echo "<td class='options'><a href='admin.php?usu=$row[usuario]&mode=bf'>Ban Forever</a></td>";
echo "</tr>";
}
echo "</table>";
}
if (count($_POST)) {
$array = $_POST;
}else{
if ($_GET[usu]) {
$res = mysql_query("SELECT password, usuario, active, bann, lastLogin, id, admin, email, bann_end FROM usuarios WHERE usuario = '$_GET[usu]'");
if (mysql_num_rows($res)) {
$array = mysql_fetch_array($res);
}
}
if (is_array($array)) {
foreach ($array as $c => $v) {
$array[$c] = htmlentities (stripslashes($v), ENT_QUOTES);
}
}
$user = $array[usuario];
$active = $array[active];
$ban = $array[bann];
$lastLogin = $array[lastLogin];
$id = $array[id];
$admin = $array[admin];
$email = $array[email];
$ban_end = $array[bann_end];
if ($_GET[mode] == 'e') $labelSubmit = 'Edit';
elseif ($_GET[mode] == 'd') $labelSubmit = 'Delete';
elseif ($_GET[mode] == 'b24') $labelSubmit = 'Ban_24';
elseif ($_GET[mode] == 'b72') $labelSubmit = 'Ban_72';
elseif ($_GET[mode] == 'bf') $labelSubmit = 'Ban_Forever';
$cancel = 'Cancel';
$userSubmit = $_GET[mode].'_user';
echo "<form method='post' action='?$_SERVER[QUERY_STRING]' enctype='multipart/form-data'>";
echo "<tr>";
echo "<td></td>";
echo "<td><input class='submit' type='submit' name='$userSubmit' value='$labelSubmit'> <input class='submit' type='button' value='$cancel'
onclick='window.location=\"admin.php\"'></td>";
echo "</tr>";
echo "</table>";
echo "</form>";
echo "<table align='center' cellspacing='1' border='1'>";
echo "<tr>";
echo "<td><input type='text' name='Username' value='$user'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Active' value='$active'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Ban' value='$ban'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Last Login' value='$lastLogin'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Id' value='$id'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Admin' value='$admin'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Email' value='$email'></td>";
echo "</tr>";
echo "<tr>";
echo "<td><input type='text' name='Bann end' value='$ban_end'></td>";
echo "</tr>";
$res = mysql_query("SELECT password, usuario, active, bann, lastLogin, id, admin, email, bann_end FROM usuarios ORDER BY usuario");
if (mysql_num_rows($res)) {
$select = "<select id='usuario' name='user'>";
$select .= "<option value=''></option>";
while ($row = mysql_fetch_array($res)) {
$selected = $user == $row[usuario] ? 'selected' : '';
$select .= "<option $selected value='$row[usuario]'>
$row[usuario] </option>";
}
$select .= "</select>";
}
echo "<tr>";
echo "<td>$select</td>";
echo "</tr>";
if ($_POST["e_user"] || $_POST["d_user"] || $_POST["b24_user"] || $_POST["b72_user"] || $_POST["bf_user"]) {
if ($_POST["e_user"]) {
$userGet = $_GET['usu'];
} elseif ($_POST["d_user"]) {
$res = mysql_query("DELETE FROM usuarios WHERE usuario = '$_GET[usu]'");
header ("location: admin.php?msg=4");
} elseif ($_POST["b24_user"]) {
$one = mktime(0,0,0,date("m"),date("d")+1,date("Y"));
$bone = date("Y-m-d", $one);
$res = mysql_query("UPDATE usuarios SET bann='1', bann_end='$bone') WHERE usuario = '$_GET[usu]'");
header ("location: admin.php?msg=3");
} elseif ($_POST["b72_user"]) {
$three = mktime(0,0,0,date("m"),date("d")+3,date("Y"));
$bthree = date("Y-m-d", $three);
$res = mysql_query("UPDATE usuarios SET bann='1', bann_end= '$bthree' WHERE usuario = '$_GET[usu]'");
header ("location: admin.php?msg=2");
} elseif {$_POST["bf_user"]) {
$res = mysql_query("UPDATE usuarios SET bann='1', bann_end='9999-12-31' WHERE usuario = '$_GET[usu]'");
header ("location: admin.php?msg=1");
}
}
echo '<p><a href="logout.php">Logout</a></p>';
}
?>
<?php
}else{
echo 'Invalid administrator access';
}
?>