Hi ppl,
i have a website with a msql database, and i was trying to have a page where users can update their existing information in the database.
Here is my code for the page with the form on:
Code:
<?php
require('db_connect.php');
if($logged_in == 0) {
die('<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="Stylesheets/index.css">
<link rel="shortcut icon" href="favicon.ico">
</head>
<body>
<center>
<p>Not logged in! <a class="nav" href="login.php>Login</a></p>
</center>
</body>
</html>');
}
$id = $_REQUEST['id'];
$query = "SELECT * FROM `users` WHERE `id`='$id'";
$result = mysql_query( $query );
if( $result && $contact = mysql_fetch_object( $result ) )
{
$username = $contact -> username;
$email = $contact -> email;
$name = $contact -> real_name;
$favourite_weapon = $contact -> favourite_weapon;
$favourite_map = $contact -> favourite_map;
$favourite_class = $contact -> favourite_class;
}
?>
<html>
<head>
<title>Update your Account</title>
<link rel="stylesheet" href="Stylesheets/iframes.css">
<link rel="shortcut icon" href="favicon.ico">
<style>
<!--
body
{
color: #ff0000;
font-family: monospace;
}
-->
</style>
</head>
<body>
<center>
<table align="center" border="0" width="325">
<tr>
<td>
<center>
<font color="#ff0000" face="monospace"><h1>Update Your Profile!</h1></font>
<p><h2>Warning!</h2> If you do not fill in one of the fields and click "update" then that field will be blank in the database. So if your going to update your profile, don't leave a field blank (unless you don't want to update your password, in which case leave the password fields blank!).</p>
<form action="update.php" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td>Username (name on game):</td><td>
<input type="text" name="uname2" maxlength="40" class="field" value="<?php echo $_SESSION['username']; ?>">
</td></tr>
<tr><td>Current Password (enter if necessary):</td><td>
<input type="password" name="passwd2" maxlength="50" class="field" value="">
</td></tr>
<tr><td>Confirm Password(enter if entered above):</td><td>
<input type="password" name="passwd_again2" maxlength="50" class="field" value="">
</td></tr>
<tr><td>E-Mail:</td><td>
<input type="text" name="email2" maxlength="100" class="field" value="<?php echo($email) ?>">
</td></tr>
<tr><td><p>Real (first) name:</p></td><td><input type="text" name="name2" class="field" value="<?php echo($name) ?>"></td></tr>
<br>
<tr><td><p>Favourite weapon:</p></td><td><input type="text" name="favwep2" class="field" value="<?php echo($favourite_weapon) ?>"></td></tr>
<br>
<tr><td><p>Favourite map:</p></td><td><input type="text" name="favmap2" class="field" value="<?php echo($favourite_map) ?>"></td></tr>
<br>
<tr><td><p>Favourite class:</p></td><td><input type="text" name="favclaz2" class="field" value="<?php echo($favourite_class) ?>"></td></tr>
<tr class="tbl">
<td colspan="2">
<tr><td colspan="2" align="right">
<input type="submit" name="submit2" value="Update" class="field">
</td></tr>
</table>
</form>
</center>
</tr>
</td>
</table>
</body>
</html>
Now this all works, with their current data in the box. Now for the 'update.php' script:
Code:
<?php
require('db_connect.php');
if($logged_in == 0) {
die('<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="Stylesheets/index.css">
<link rel="shortcut icon" href="favicon.ico">
</head>
<body>
<center>
<p>Not logged in! <a class="nav" href="login.php>Login</a></p>
</center>
</body>
</html>');
}
if (empty($_REQUEST['passwd2'])) {
if (!get_magic_quotes_gpc()) {
$_REQUEST['uname2'] = addslashes($_REQUEST['uname2']);
}
$name_check = $db_object->query("SELECT username FROM users WHERE username = '".$_REQUEST['uname2']."'");
if (DB::isError($name_check)) {
die($name_check->getMessage());
}
$name_checkk = $name_check->numRows();
if ($name_checkk != 0) {
die('<p>Sorry, the username: <strong>'.$_REQUEST['uname2'].'</strong> is already taken, please pick another one.</p>');
}
if (!preg_match("/.*@.*..*/", $_REQUEST['email2']) | preg_match("/(<|>)/", $_REQUEST['email2'])) {
header( "Location: error-email.htm" );
die();
}
$_REQUEST['uname2'] = strip_tags($_REQUEST['uname2']);
$query="UPDATE users SET username='$_REQUEST['uname2']', email='$_REQUEST['email2']', favourite_weapon='$_REQUEST['favwep2']', favourite_map='$_REQUEST['favmap2']', favourite_class=$'$_REQUEST['favclaz2']' WHERE username = '".$_SESSION['username']."'";
mysql_query($query);
echo "<center><font color="red" face="monospace"><h1>Updated</h1></font>
<p>Thank you, your information has been updated in the database.</p></center>";
mysql_close();
}
else {
if (!get_magic_quotes_gpc()) {
$_REQUEST['uname2'] = addslashes($_REQUEST['uname2']);
}
$name_check = $db_object->query("SELECT username FROM users WHERE username = '".$_REQUEST['uname2']."'");
if (DB::isError($name_check)) {
die($name_check->getMessage());
}
$name_checkk = $name_check->numRows();
if ($name_checkk != 0) {
die('<p>Sorry, the username: <strong>'.$_REQUEST['uname2'].'</strong> is already taken, please pick another one.</p>');
}
if ($_REQUEST['passwd2'] != $_REQUEST['passwd_again2']) {
header( "Location: error-pwverify.htm" );
die();
}
if (!preg_match("/.*@.*..*/", $_REQUEST['email2']) | preg_match("/(<|>)/", $_REQUEST['email2'])) {
header( "Location: error-email.htm" );
die();
}
$_REQUEST['uname2'] = strip_tags($_REQUEST['uname2']);
$_REQUEST['passwd2'] = strip_tags($_REQUEST['passwd2']);
$_REQUEST['passwd2'] = md5($_REQUEST['passwd2']);
$query="UPDATE users SET username='$_REQUEST['uname2']', password='$_REQUEST['passwd2']', email='$_REQUEST['email2']', favourite_weapon='$_REQUEST['favwep2']', favourite_map='$_REQUEST['favmap2']', favourite_class=$'$_REQUEST['favclaz2']' WHERE username = '".$_SESSION['username']."'";
mysql_query($query);
echo "<center><font color="red" face="monospace"><h1>Updated</h1></font>
<p>Thank you, your information has been updated in the database.</p></center>";
mysql_close();
}
?>
What i've done is if they've entered a new password, it performs a different query to if they havn't.
When i submit the form, it just sgows a blank screen.
PLEASE HELP!