PHP help anybody..please

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • halfpint
    GFY's Halfpint
    • Jun 2007
    • 15223

    #1

    PHP help anybody..please

    I have edited this preferences.php file and added two extra forms so that players can add both an avatar and a banner but the problem is when you add an avatar or sig and you already have a banner it takes the banner and quote away and vice versa. This is driving me crazy been trying to figure it out for the last 6 hours..lol

    Does anybody know how to make these work independently of each other so that when you submit a new banner or avatar they do not affect each other..any help will be much appreciated

    Code:
    <?
    include 'header.php';
    
    if (isset($_POST['submit'])) {
    
      $avatar = $_POST["avatar"];
      $quote = $_POST["quote"];
      $banner = $_POST["banner"];
      $sig = $_POST["sig"];
      //insert the values
      if (!isset($message)){
        $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
        $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
        echo Message('Your preferences have been saved.');
        
    	die();
      }
    }
    ?>
    <?
    if (isset($message)) {
    echo Message($message);
    }
    ?>
    <tr><td class="contenthead">
    Account Preferences
    </td></tr>
    <tr><td class="contentcontent">
    <form name='login' method='post'>
      <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
      	<tr>
          <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
          <td><font size='2' face='verdana'>
            <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
            </font></td>
        </tr>
        <tr>
        <tr>
          <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
          <td><font size='2' face='verdana'>
            <input type='text' name='quote' value='<?= $user_class->quote ?>'>
            </font></td>
        </tr>
          <td>&nbsp;</td>
          <td><font size='2' face='verdana'>
            <input type='submit' name='submit' value='Save Preferences'>
            </font></td>
        </tr>
    </table>
    </form>
    <br>
    <tr><td class="contenthead">
    Add Banner
    </td></tr>
    <tr><td class="contentcontent">
    <form name='login' method='post'>
      <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
      	<tr>
          <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
          <td><font size='2' face='verdana'>
            <input type='text' name='banner' value='<?= $user_class->banner ?>'>
            </font></td>
        </tr>
        <tr>
        <tr>
          <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
          <td><font size='2' face='verdana'>
            <input type='text' name='sig' value='<?= $user_class->sig ?>'>
            </font></td>
        </tr>
          <td>&nbsp;</td>
          <td><font size='2' face='verdana'>
            <input type='submit' name='submit' value='Save Preferences'>
            </font></td>
        </tr>
    </table>
    </form>
    <?
    include 'footer.php';
    ?>

    Get FREE website listings on Cryptocoinshops.net
  • mrkris
    Confirmed User
    • May 2005
    • 2737

    #2
    Nothing is more awesome than code being mixed with layout.

    PHP-MySQL-Rails | ICQ: 342500546

    Comment

    • okok
      Confirmed User
      • Jan 2003
      • 502

      #3
      This is what causes the prob:


      Code:
      if (!isset($message)){
          $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
          $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
          echo Message('Your preferences have been saved.');
          
      	die();
        }
      You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.

      Comment

      • halfpint
        GFY's Halfpint
        • Jun 2007
        • 15223

        #4
        Originally posted by mrkris
        Nothing is more awesome than code being mixed with layout.
        yeah.. we bought this script and it had it also had html code mixed with php

        Get FREE website listings on Cryptocoinshops.net

        Comment

        • halfpint
          GFY's Halfpint
          • Jun 2007
          • 15223

          #5
          Originally posted by okok
          This is what causes the prob:


          Code:
          if (!isset($message)){
              $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
              $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
              echo Message('Your preferences have been saved.');
              
          	die();
            }
          You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.
          K thanks

          Im not a php coder and only know bits and bobs so if I change it to this will it work

          Code:
              $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");

          Get FREE website listings on Cryptocoinshops.net

          Comment

          • okok
            Confirmed User
            • Jan 2003
            • 502

            #6
            Originally posted by halfpint
            K thanks

            Im not a php coder and only know bits and bobs so if I change it to this will it work

            Code:
                $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
            Try wrapping isset around the individual SQL statements, something like:


            Code:
            if (isset(_POST['avatar'])) { $result = ...... }
            if (isset(_POST['banner'])) { $result = ...... }
            Be warned that above is just a dirty bandaid on an already dirty wound.

            Comment

            • halfpint
              GFY's Halfpint
              • Jun 2007
              • 15223

              #7
              Originally posted by okok
              Try wrapping isset around the individual SQL statements, something like:


              Code:
              if (isset(_POST['avatar'])) { $result = ...... }
              if (isset(_POST['banner'])) { $result = ...... }
              Be warned that above is just a dirty bandaid on an already dirty wound.
              Ok thanks I will give it a try... appreciate your help thanks

              Get FREE website listings on Cryptocoinshops.net

              Comment

              • halfpint
                GFY's Halfpint
                • Jun 2007
                • 15223

                #8
                Is this the correct way to wrap the if (isset(_POST['avatar'])) { $result = ...... }

                Code:
                <?
                include 'header.php';
                if (isset($_POST['submit'])) {
                
                if (isset($_POST['avatar'])){ $result = mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', WHERE `id`='".$user_class->id."'");
                }
                if (isset($_POST['quote'])){ $result = mysql_query("UPDATE `grpgusers` SET `quote`='".$quote."', WHERE `id`='".$user_class->id."'");
                }
                if (isset($_POST['banner'])){ $result = mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', WHERE `id`='".$user_class->id."'");
                }
                if (isset($_POST['sig'])){ $result = mysql_query("UPDATE `grpgusers` SET `sig`='".$sig."', WHERE `id`='".$user_class->id."'");
                }  
                 
                 //insert the values
                    echo Message('Your preferences have been saved.');
                    
                	die();

                Get FREE website listings on Cryptocoinshops.net

                Comment

                • drocd
                  Confirmed User
                  • Aug 2007
                  • 128

                  #9
                  The most logical way:

                  Code:
                  <?
                  include 'header.php';
                  
                  if($_POST['form_type'] == 'avatarquote') {
                  	$avatar = $_POST["avatar"];
                  	$quote = $_POST["quote"];
                  	$result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
                  		echo 'Your preferences have been saved.';
                  		die();
                  }
                  elseif($_POST['form_type'] == 'bannersig') {
                  	$banner = $_POST["banner"];
                  	$sig = $_POST["sig"];
                  	$result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
                  		echo 'Your preferences have been saved.';
                  		die();
                  }
                  ?>
                  <tr><td class="contenthead">
                  Account Preferences
                  </td></tr>
                  <tr><td class="contentcontent">
                  <form name='login' method='post'>
                  <input type="hidden" name="form_type" value="avatarquote" />
                    <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
                    	<tr>
                        <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
                        <td><font size='2' face='verdana'>
                          <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
                          </font></td>
                      </tr>
                      <tr>
                      <tr>
                        <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
                        <td><font size='2' face='verdana'>
                          <input type='text' name='quote' value='<?= $user_class->quote ?>'>
                          </font></td>
                      </tr>
                        <td>&nbsp;</td>
                        <td><font size='2' face='verdana'>
                          <input type='submit' name='submit' value='Save Preferences'>
                          </font></td>
                      </tr>
                  </table>
                  </form>
                  <br>
                  <tr><td class="contenthead">
                  Add Banner
                  </td></tr>
                  <tr><td class="contentcontent">
                  <form name='login' method='post'>
                  <input type="hidden" name="form_type" value="bannersig" />
                    <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
                    	<tr>
                        <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
                        <td><font size='2' face='verdana'>
                          <input type='text' name='banner' value='<?= $user_class->banner ?>'>
                          </font></td>
                      </tr>
                      <tr>
                      <tr>
                        <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
                        <td><font size='2' face='verdana'>
                          <input type='text' name='sig' value='<?= $user_class->sig ?>'>
                          </font></td>
                      </tr>
                        <td>&nbsp;</td>
                        <td><font size='2' face='verdana'>
                          <input type='submit' name='submit' value='Save Preferences'>
                          </font></td>
                      </tr>
                  </table>
                  </form>
                  <?
                  include 'footer.php';
                  ?>
                  230-699

                  Comment

                  • Smarty
                    Registered User
                    • Nov 2006
                    • 11

                    #10
                    Code:
                    $avatar = blah blah
                    $quote = blah Blah
                    
                    
                    mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)
                    make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

                    Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

                    Comment

                    • sarettah
                      see you later, I'm gone
                      • Oct 2002
                      • 14297

                      #11
                      A better solution would probably be to just run one form instead of 2. That way your vars are always filled out on the submit and it doesn't matter if your rewrite them each time.

                      Code:
                      <?
                      include 'header.php';
                      
                      if (isset($_POST['submit'])) {
                      
                        $avatar = $_POST["avatar"];
                        $quote = $_POST["quote"];
                        $banner = $_POST["banner"];
                        $sig = $_POST["sig"];
                        //insert the values
                        if (!isset($message)){
                      
                      // kill this write and include it in the next    
                      // $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
                      
                          $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."',  avatar`='".$avatar."', `quote`='".$quote."'WHERE `id`='".$user_class->id."'");
                          echo Message('Your preferences have been saved.');
                          
                      	die();
                        }
                      }
                      ?>
                      <?
                      if (isset($message)) {
                      echo Message($message);
                      }
                      ?>
                      <tr><td class="contenthead">
                      Account Preferences
                      </td></tr>
                      <tr><td class="contentcontent">
                      <form name='login' method='post'>
                        <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
                        	<tr>
                            <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
                            <td><font size='2' face='verdana'>
                              <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
                              </font></td>
                          </tr>
                          <tr>
                          <tr>
                            <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
                            <td><font size='2' face='verdana'>
                              <input type='text' name='quote' value='<?= $user_class->quote ?>'>
                              </font></td>
                          </tr>
                            <td>&nbsp;</td>
                            <td><font size='2' face='verdana'>
                      
                      // kill this submit button here... 
                      <!--  <input type='submit' name='submit' value='Save Preferences'> -->
                       
                             </font></td>
                          </tr>
                      </table>
                      </form>
                      <br>
                      <tr><td class="contenthead">
                      Add Banner
                      </td></tr>
                      <tr><td class="contentcontent">
                      
                      // kill this form line
                      <!-- <form name='login' method='post'> -->
                      
                        <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
                        	<tr>
                            <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
                            <td><font size='2' face='verdana'>
                              <input type='text' name='banner' value='<?= $user_class->banner ?>'>
                              </font></td>
                          </tr>
                          <tr>
                          <tr>
                            <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
                            <td><font size='2' face='verdana'>
                              <input type='text' name='sig' value='<?= $user_class->sig ?>'>
                              </font></td>
                          </tr>
                            <td>&nbsp;</td>
                            <td><font size='2' face='verdana'>
                              <input type='submit' name='submit' value='Save Preferences'>
                              </font></td>
                          </tr>
                      </table>
                      </form>
                      <?
                      include 'footer.php';
                      ?>
                      Last edited by sarettah; 04-21-2008, 05:16 PM.
                      All cookies cleared!

                      Comment

                      • PornGeneral
                        Confirmed User
                        • Sep 2004
                        • 564

                        #12
                        Code:
                        <?
                        include 'header.php';
                        
                        //Add these lines to ensure you don't get hacked
                        $_POST = trim(array_map('mysql_real_escape_string', $_POST));
                        $_GET = trim(array_map('mysql_real_escape_string', $_GET));
                        $_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));
                        
                        ?>
                        You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...
                        "The object of war is not to die for your country but to make the other bastard die for his." -Patton
                        "Only the dead have seen the end of war." -Plato

                        Comment

                        • halfpint
                          GFY's Halfpint
                          • Jun 2007
                          • 15223

                          #13
                          Originally posted by Smarty
                          Code:
                          $avatar = blah blah
                          $quote = blah Blah
                          
                          
                          mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)
                          make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

                          Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

                          The script has been a pain in the arse ever since we purchased it and the guy that scripted it has given us no support what so ever. We ended up having to pay another coder for a load of bug fixes in the end..but thats life and nothing is ever easy..lol

                          Thanks for all your help guys

                          Get FREE website listings on Cryptocoinshops.net

                          Comment

                          • halfpint
                            GFY's Halfpint
                            • Jun 2007
                            • 15223

                            #14
                            Originally posted by PornGeneral
                            Code:
                            <?
                            include 'header.php';
                            
                            //Add these lines to ensure you don't get hacked
                            $_POST = trim(array_map('mysql_real_escape_string', $_POST));
                            $_GET = trim(array_map('mysql_real_escape_string', $_GET));
                            $_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));
                            
                            ?>
                            You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...
                            Thanks should I add that before the if (isset($_POST['submit']))

                            Get FREE website listings on Cryptocoinshops.net

                            Comment

                            • sarettah
                              see you later, I'm gone
                              • Oct 2002
                              • 14297

                              #15
                              Originally posted by halfpint
                              Thanks should I add that before the if (isset($_POST['submit']))
                              You should put those right after the include header or if your header uses any POST statements, then put it before the include header.
                              All cookies cleared!

                              Comment

                              • halfpint
                                GFY's Halfpint
                                • Jun 2007
                                • 15223

                                #16
                                Originally posted by sarettah
                                You should put those right after the include header or if your header uses any POST statements, then put it before the include header.
                                Ok I will do that... thanks again you have all been a great help

                                Get FREE website listings on Cryptocoinshops.net

                                Comment

                                • halfpint
                                  GFY's Halfpint
                                  • Jun 2007
                                  • 15223

                                  #17
                                  Finally got it working thanks to all of you
                                  A big thanks to PornGeneral for your help and the links

                                  Get FREE website listings on Cryptocoinshops.net

                                  Comment

                                  • brandonstills
                                    Confirmed User
                                    • Dec 2007
                                    • 1964

                                    #18
                                    Originally posted by mrkris
                                    Nothing is more awesome than code being mixed with layout.
                                    What about PHP mixed with SQL, mixed with Javascript, mixed with malformed HTML?

                                    Brandon Stills
                                    Industry and programming veteran
                                    [email protected] | skype: brandonstills | ICQ #495-171-318

                                    Comment

                                    Working...