MANY thanks! Sorry I lost this thread over the weekend doing stuff with the kids.
Here is my new code.
useredit.php:
PHP Code:
<?php
require_once('../mysql_connect.php');
session_start();
if(isset($_SESSION['id']))
{
$mn = trim($_SESSION['id']);
$query = "SELECT * FROM shoppingmembers WHERE member_name = '$mn'";
$result = mysql_query($query) or die("Error: ".mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
echo'
<form name="form1" method="post" action="do-useredit.php?member_name=' . $row['member_name'] . '">
<input type="text" name="bill_fname" value="' . $row['bill_fname'] . '" style="font-size:9px"><br />
<input type="submit" name="submit" value="Update" />
<br /><br />';
echo $mn;
}
else
{
echo '<table width="100%" align="left" cellpadding="10"><tr><td>
<img src="images/my_account_graphic.gif" border="0" />
<br /><br /><span class="arial12graydarkBold">You must be logged into your account to view this page.<br /><a href="account_login.php">Click
here to log on.</a><br /><br />
<a href="account_signup_page.php">If you don\'t have an account and wish to create one, click here</a>.</span></td></tr></table>';
}
?>
do-useredit.php:
PHP Code:
<?php
require_once('../mysql_connect.php');
session_start();
extract($_POST);
if(isset($_SESSION['id']))
{
$mn = trim($_SESSION['id']);
$query = "SELECT * FROM shoppingmembers WHERE member_name = '$mn'";
$result = mysql_query($query) or die("Error: ".mysql_error());
$row = mysql_fetch_array($result, MYSQL_ASSOC);
mysql_query("UPDATE shoppingmembers SET bill_fname = '$bill_fname' WHERE member_name = '$mn'")or die(mysql_error());
echo "Record Updated";
echo $mn;
}
?>
Good news is it's working. Questions below:
1. How secure is the code? Tips appreciated.
2. See #1. ;)
Thanks again! Was pulling my hair out on this one for a while.