WatsonN Posted September 1, 2010 Share Posted September 1, 2010 I have a post.php that is suposted to run a mysql query, and it used to, but it won't anymore and I don't have the old file. Can someone just look see if there is something i'm missing? <?php //header("Location: ./?p=UCP"); setcookie("Errors", 0, time()-3600); // Connects to your Database mysql_connect("SERVER", "USER", "PASS") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); if (isset($_POST['remove'])) { $id=$_POST['ID']; if($_POST['initals'] == "NLW") { if (is_numeric ($id)) { mysql_query("DELETE FROM `users` WHERE `users`.`ID` = $id LIMIT 1"); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "User Removed."; $error .="</span>"; setcookie(Errors, $error, time()+20); } else { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Please enter a valid ID"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } } else { $error="<span style="; $error .="color:red"; $error .=">"; $error .="Initials are not correct"; $error .="<span/>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } } elseif (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= 'Your passwords did not match.'; $error .="</span>"; setcookie(Errors, $error, time()+20); echo $error; } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); $_POST['pass2'] = $_POST['pass2']; } // now we insert it into the database $insert = "INSERT INTO users (username, password, Human-Readable) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['pass2']."')"; mysql_query("INSERT INTO users (username, password, Human-Readable) VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['pass2']."')"); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<h1>User Registered</h1> <p><h2>Thank you, the user has been registered - he/she may now login</a>.</h2></p>"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location: ./?p=UCP'); } else { header('Location: ./?p=UCP'); echo $error; } ?> The remove function works but its the submit. Thanks in advanced Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 1, 2010 Share Posted September 1, 2010 Are there any errors? Make the below changes, and see what happens, then post any errors produced. // now we insert it into the database $insert = "INSERT INTO `users` (`username`, `password`, `Human-Readable`) VALUES ('{$_POST['username']}', '{$_POST['pass']}', '{$_POST['pass2']}')"; mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); Quote Link to comment Share on other sites More sharing options...
sasa Posted September 1, 2010 Share Posted September 1, 2010 change line if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { to if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2'] ) { Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 1, 2010 Author Share Posted September 1, 2010 Thanks yall. Made the changes recommended and worked perfectly. <?php //header("Location: ./?p=UCP"); setcookie("Errors", 0, time()-3600); // Connects to your Database mysql_connect("SERVER", "USER", "PASS") or die(mysql_error()); mysql_select_db("DB") or die(mysql_error()); if (isset($_POST['remove'])) { $id=$_POST['ID']; if($_POST['initals'] == "NLW") { if (is_numeric ($id)) { mysql_query("DELETE FROM `users` WHERE `users`.`ID` = $id LIMIT 1"); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "User Removed."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location: ./?p=UCP'); } else { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Please enter a valid ID"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } } else { $error="<span style="; $error .="color:red"; $error .=">"; $error .="Initials are not correct"; $error .="<span/>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } } elseif (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] || !$_POST['pass'] || !$_POST['pass2'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= 'Your passwords did not match.'; $error .="</span>"; setcookie(Errors, $error, time()+20); echo $error; header('Location: ./?p=UCP'); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); $_POST['pass2'] = $_POST['pass2']; } // now we insert it into the database $insert = "INSERT INTO `users` (`username`, `password`, `Human-Readable`) VALUES ('{$_POST['username']}', '{$_POST['pass']}', '{$_POST['pass2']}')"; mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<h1>User Registered</h1> <p><h2>Thank you, the user has been registered - he/she may now login</a>.</h2></p>"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location: ./?p=UCP'); echo $error; } else { header('Location: ./?p=UCP'); echo $error; } ?> Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 2, 2010 Author Share Posted September 2, 2010 Back again I'm adding a update field and not sure exactly how. I've read the manual and searched google. UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']" and I'm getting Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123 Line 123 is $insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; I'm sure its something I'm just skipping over but php + mysql is something I'm still trying to learn. Quote Link to comment Share on other sites More sharing options...
sasa Posted September 2, 2010 Share Posted September 2, 2010 change $insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; to $insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 2, 2010 Author Share Posted September 2, 2010 Changed but still getting the same error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123 Quote Link to comment Share on other sites More sharing options...
sasa Posted September 2, 2010 Share Posted September 2, 2010 cen you post 3 lines of code before this line Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 2, 2010 Author Share Posted September 2, 2010 heres all of this section: elseif (isset($_POST['YB-Info'])); { //This makes sure they did not leave any fields blank if (!$_POST['UID'] || !$_POST['PWD'] || !$_POST['ID'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // now we insert it into the database $insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` =$_POST['ID']"; mysql_query($insert) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<h1>User Updated</h1> <p><h2>Thank you, the user has successfully updated yearbook login information.</a>.</h2></p>"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location: ./?p=UCP'); echo $error; } Quote Link to comment Share on other sites More sharing options...
sasa Posted September 2, 2010 Share Posted September 2, 2010 you did not remove single qoutes around indexes in $_POST array Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 2, 2010 Author Share Posted September 2, 2010 I fixed the quote issue and now i have another error: Parse error: syntax error, unexpected '{' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 123 but i pulled out the brackets and it went back to the first error. I'm sorry if this is a simple issue, I'm still Learning this stuff. Quote Link to comment Share on other sites More sharing options...
sasa Posted September 3, 2010 Share Posted September 3, 2010 line elseif (isset($_POST['YB-Info'])); { shoud be elseif (isset($_POST['YB-Info'])) { remove ; Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 5, 2010 Author Share Posted September 5, 2010 Thanks, I changed it now I get Parse error: syntax error, unexpected '`' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 125 elseif (isset($_POST['YB-Info'])) { //This makes sure they did not leave any fields blank if (!$_POST['UID'] || !$_POST['PWD'] || !$_POST['ID'] ) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "You did not complete all of the required fields"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); } // now we insert it into the database else{ //$insert = "UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}"; @mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); $error="<span style="; $error .="color:green"; $error .=">"; $error .= "<h1>User Updated</h1> <p><h2>Thank you, the user has successfully updated yearbook login information.</a>.</h2></p>"; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location: ./?p=UCP'); echo $error; } } 125 is @mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); I changed them all to ' but that didn't work either. Quote Link to comment Share on other sites More sharing options...
Rustywolf Posted September 5, 2010 Share Posted September 5, 2010 change @mysql_query(UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}) or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); to mysql_query("UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = '{$_POST['ID']}'") or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 5, 2010 Author Share Posted September 5, 2010 I changed it to that and got an error so I changed it to mysql_query("UPDATE `users` (`UID`, `PWD`) VALUES ('{$_POST['UID']}', '{$_POST['PWD']}') WHERE `ID` = "{$_POST['ID']}'") or die( 'Query string: ' . $insert . '<br />Produced an error: ' . mysql_error() . '<br />' ); With the " at the beginning of "{$_POST['ID']}'" Parse error: syntax error, unexpected '{' in /home/content/n/a/t/nathanwatson/html/admin/post.php on line 125 Could it be the one at the beginning of $_POST['ID'] ? Quote Link to comment Share on other sites More sharing options...
sasa Posted September 5, 2010 Share Posted September 5, 2010 change WHERE `ID` = "{$_POST['ID']}'") to WH to ' ERE `ID` = '{$_POST['ID']}'") change " to ' before { Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 5, 2010 Author Share Posted September 5, 2010 i changed it to WH to ' ERE `ID` = '{$_POST['ID']}'") and it gave a SQL error would I put WHERE `ID` = '{$_POST['ID']}'") Quote Link to comment Share on other sites More sharing options...
sasa Posted September 5, 2010 Share Posted September 5, 2010 WHERE `ID` = '{$_POST['ID']}'") something gone wrong in copy paste Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 7, 2010 Author Share Posted September 7, 2010 I did that and I'm sure at this point i'm just confusing myself but i get the error: Query string: Produced an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`UID`, `PWD`) VALUES ('TestName', 'TestPass') WHERE `ID` = '24'' at line 1 Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 7, 2010 Share Posted September 7, 2010 That's not the syntax for an UPDATE query - UPDATE [LOW_PRIORITY] [iGNORE] table_reference SET col_name1={expr1|DEFAULT} [, col_name2={expr2|DEFAULT}] ... [WHERE where_condition] [ORDER BY ...] [LIMIT row_count] Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 7, 2010 Share Posted September 7, 2010 That syntax is for an INSERT query, not an UPDATE query. The values in the query string may or may not need single quotes added to them. If they are expected to be string type data, they do need the quotes added. Also, you should be sanitizing all form data before using it in a query, by using mysql_real_escape_string(), typecasting, etc. Anyhow, try this and see what happens. $query = "UPDATE `users` SET `UID` = {$_POST['UID']}, `PWD` = '{$_POST['PWD']}' WHERE `ID` = {$_POST['ID']}"; $result = mysql_query( $query ) or die( 'Query string: ' . $query . '<br />Produced error: ' . mysql_error() . '<br />') Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 7, 2010 Author Share Posted September 7, 2010 Pikachu2000, Thanks, but i'm not worried about sanitizing it as I am the only one that will use this, but I will keep that in mind. So I used your code and it came back with: Query string: UPDATE `users` SET `UID` = TestName, `PWD` = 'TestPass' WHERE `ID` = 24 Produced error: Unknown column 'TestName' in 'field list' Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 7, 2010 Share Posted September 7, 2010 Adding the single quotes to that value will take care of that error. I (mistakenly) assumed it would be an integer ID field. SET `UID` = '{$_POST['UID']}', Quote Link to comment Share on other sites More sharing options...
WatsonN Posted September 7, 2010 Author Share Posted September 7, 2010 That fixed it perfectly! It looks like it would be one, its all good. Thank yall for the help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.