Thread: PHP Gurus HELP!@#!!
View Single Post
Old 08-27-2007, 09:29 AM  
ServerGenius
Confirmed User
 
Join Date: Feb 2002
Location: Amsterdam
Posts: 9,377
Quote:
Originally Posted by dirtysouth View Post
MANY thanks! Sorry I lost this thread over the weekend doing stuff with the kids.

Here is my new code.

useredit.php:


PHP Code:
<?php
require_once('../mysql_connect.php');
session_start();

if(isset($_SESSION['id']))
{
    $mn trim($_SESSION['id']);
    $query "SELECT * FROM shoppingmembers WHERE member_name = '$mn'";
    $result mysql_query($query) or die("Error: ".mysql_error());  
    $row mysql_fetch_array($resultMYSQL_ASSOC);


echo'


<form name="form1" method="post" action="do-useredit.php?member_name=' $row['member_name'] . '">
<input type="text" name="bill_fname" value="' $row['bill_fname'] . '" style="font-size:9px"><br />
<input type="submit" name="submit" value="Update" />

<br /><br />';
echo $mn;


    }


else
{
    echo '<table width="100%" align="left" cellpadding="10"><tr><td>
            <img src="images/my_account_graphic.gif" border="0" />
            <br /><br /><span class="arial12graydarkBold">You must be logged into your account to view this page.<br /><a href="account_login.php">Click 
            here to log on.</a><br /><br />
            <a href="account_signup_page.php">If you don\'t have an account and wish to create one, click here</a>.</span></td></tr></table>';
            
            }




?>
do-useredit.php:

PHP Code:
<?php
require_once('../mysql_connect.php');
session_start();



extract($_POST);


if(isset($_SESSION['id']))
{
    $mn trim($_SESSION['id']);
    $query "SELECT * FROM shoppingmembers WHERE member_name = '$mn'";
    $result mysql_query($query) or die("Error: ".mysql_error());  
    $row mysql_fetch_array($resultMYSQL_ASSOC);


mysql_query("UPDATE shoppingmembers SET bill_fname = '$bill_fname' WHERE member_name = '$mn'")or die(mysql_error());


echo "Record Updated";
echo $mn;

}

?>
Good news is it's working. Questions below:

1. How secure is the code? Tips appreciated.
2. See #1. ;)

Thanks again! Was pulling my hair out on this one for a while.
I only looked at it very quickly.....so correct me if I'm wrong....

You only want to be able for authorized users to update the info from a query
result to the db.

So all you need is.....verify user is logged in by session...then
post the form to self. verify data and execute update query and return
result....

The whole second part is obsolete......unless I've missed something
__________________
| http://www.sinnerscash.com/ | ICQ: 370820 | Skype: SinnersCash | AdultWhosWho |
ServerGenius is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote