I am trying to finish work on an edit page and having a problem with the UPDATE statement.
I am trying to make a page for user to edit their information and I have set up a hash encrytped password field that users can reset on their password page. I have made an if statemetent that will update the password cell in the DB if it is filled in or leave the password un touched if it is empty.
I think I have my statement almost correct but although I am getting a successful entry to the DB message nothing is being entered, can anyone help?
(PS. this edit statement is from a page that lists/add/edit and delete the DB info)
/** **
* EDIT ACTION *
** **/
elseif($_GET['action'] == "edit") {
if (($_GET['action'] == "edit") && (!isset($_POST['Submit']))) { //edit form is not being processed
?>
<?
$id = $_GET["id"];
$sql = "SELECT users.id, users.username AS username, users.email AS email, users.image AS image, users.description AS description, users.location AS userLocation, users.toptip AS toptip, users.topproduct AS topproduct, users.admin_level, locations.id AS locationID, locations.name AS locationName, admin_level.id AS adminID, admin_level.name AS adminLevel, admin_level.name AS adminName
FROM users, locations, admin_level
WHERE users.location = locations.id
AND users.admin_level = admin_level.id
AND users.id = $id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
?>
<h1>Edit a <? echo $page ; ?></h1>
<? echo $editMessage; ?>
<form action="<?php echo $_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']; ?>" name="edit" method="post">
<table width="560
">
<tr>
<td width="201"><strong>Username : </strong></td>
<td width="347"><INPUT TYPE="TEXT" class="input" NAME="username" VALUE="<?php echo $myrow["username"] ?>" SIZE=30></td>
</tr>
<tr>
<tr>
<td><strong>Reset Password : </strong></td>
<td><INPUT TYPE="password" class="input" NAME="password" VALUE="" SIZE=30 maxlength="6"></td>
</tr>
<tr>
<td><strong>Email : </strong></td>
<td><INPUT TYPE="TEXT" class="input" NAME="email" VALUE="<?php echo $myrow["email"] ?>" SIZE=30></td>
</tr>
<tr>
<td><strong>Image : </strong></td>
<td><INPUT TYPE="TEXT" class="input" NAME="image" VALUE="<?php echo $myrow["image"] ?>" SIZE=30></td>
</tr>
<tr>
<td><strong>Location : </strong></td>
<td><select name="location" size="1">
<option selected="selected">-Select a Category-</option>
<? $menu = mysql_query("SELECT id, name FROM locations ORDER BY name", $connection) or die("error querying database");
$i = 0;
while($dropMenu = mysql_fetch_array($menu)){
?>
<option value="<?= $dropMenu['id'];?>"
<?php if ($myrow['userLocation'] == $dropMenu['id']) {echo "selected=\"selected\"";} ?>><?= $dropMenu['name'];?></option>
<?php
$i+=1;
}
?>
</select> </td>
</tr>
<tr>
<td>Description :</td>
<td><textarea class="input" name="description" rows="10" cols="30"><?php echo $myrow["description"] ?></textarea></td>
</tr>
<tr>
<td>Top Tip :</td>
<td><textarea class="input" name="toptip" rows="5" cols="30"><?php echo $myrow["toptip"] ?></textarea></td>
</tr>
<tr>
<td>Top Product :</td>
<td><INPUT TYPE="TEXT" class="input" NAME="topproduct" VALUE="<?php echo $myrow["topproduct"] ?>" SIZE=30></td>
</tr>
<tr>
<td><strong>Admin Level : </strong></td>
<td><select name="admin_level" size="1">
<option selected="selected">-Select a Category-</option>
<? $menu = mysql_query("SELECT id, name FROM admin_level ORDER BY name", $connection) or die("error querying database");
$i = 0;
while($dropMenu = mysql_fetch_array($menu)){
?>
<option value="<?= $dropMenu['id'];?>"
<?php if ($myrow['adminID'] == $dropMenu['id']) {echo "selected=\"selected\"";} ?>><?= $dropMenu['name'];?></option>
<?php
$i+=1;
}
?>
</select> </td>
</tr>
<td colspan="2"><div align="center"><input name="Submit" class="button" type="submit" value="Edit this <? echo $page; ?>"></div></td>
</tr>
</table>
<? echo $back ; ?>
</form>
<?
} else { //edit form is being sent
//process edit form into database
if ($_POST['password']) {
$salt = "3423dfsae945";
$password = strip_tags($_POST['password']);
$secure_pass = md5(md5($password) . $salt);
$id = $_GET["id"];
$result=mysql_query("UPDATE users SET username='".strip_tags($_POST['username'])."', password='".$secure_pass."', email='".strip_tags($_POST['email'])."', image='".strip_tags($_POST['image'])."', description='".strip_tags($_POST['description'])."', location='".strip_tags($_POST['location'])."', toptip='".strip_tags($_POST['toptip'])."', topproduct='".strip_tags($_POST['topproduct'])."', admin_level='".strip_tags($_POST['admin_level'])."' WHERE id=$id");
echo "<p class=\"edit\">You have successfully edited this $page, click here to <a href=\"".$_SERVER['PHP_SELF']."\">go back</a></p>";// in php you escape " characters with the backslash.
}
//Insert the values into the correct database with secure password
else {
$id = $_GET["id"];
$result=mysql_query("UPDATE users SET username='".strip_tags($_POST['username'])."', email='".strip_tags($_POST['email'])."', image='".strip_tags($_POST['image'])."', description='".strip_tags($_POST['description'])."', location='".strip_tags($_POST['location'])."', toptip='".strip_tags($_POST['toptip'])."', topproduct='".strip_tags($_POST['topproduct'])."', admin_level='".strip_tags($_POST['admin_level'])."' WHERE id=$id");
echo "<p class=\"edit\">You have successfully edited this $page, click here to <a href=\"".$_SERVER['PHP_SELF']."\">go back</a></p>";// in php you escape " characters with the backslash.
}
}
}
