Jump to content

Edit Profile help

metalloid

By metalloid
in PHP Coding Help

 Share

Recommended Posts

metalloid Newbie

metalloid

Posted
Posted

Hi. I am working on a website that has restriction level. An admin, a staff, and ordinary user. In my admin page when I click the button "View Users" it shows all the listed users in a table, from admin to ordinary users. And on each entry is an option to either "Delete" or "Edit" the users account.

 

Now I have a problem with editing user profile because it appears blank fields. Not like in the admin side wherein if I click "Edit" the fields are filled with the users info.

 

How do I do this in the staff's page.

 

Here is the view users code from the admin's page:

if (@$_GET['action'] == "View Users") 
{	
     print "<font size=6 color=yellow><center>View User's Records</center><br></font>";
     
$result = mysql_query ("SELECT * FROM users order by user_lvl, lname asc");
     
$rows = mysql_num_rows($result);
     
if ($rows!=0) 
{
        print "<table border=1 align=center cellspacing=10>";

        print " <tr bgcolor=yellow align=center>

                <td>First Name</td>
  
                <td>Last Name</td>
    
                <td>Email</td>

       		<td>Username</td>

                <td>Password</td>

                <td>Phone Number</td>

	<td>User Privilege</td>

	<td>Options</td>


       </tr>";


        for ($i=0; $i< $rows; $i++)

         {
           $row = mysql_fetch_row ($result);

	           print "<tr bgcolor= white align=center>";

	           print "<td>$row[0]</td>";

          		   print "<td>$row[1]</td>"; 		           
		  
		   print "<td>$row[2]</td>";

	           print "<td>$row[3]</td>";

 		   print "<td>$row[4]</td>";

		   print "<td>$row[5]</td>";

		   print "<td>$row[6]</td>";

	 	   print "<td>[ <a href=admin_main.php?action=Delete&username=$row[3]>Delete</a> ]";

	           print "[ <a href=admin_main.php?action=Edit&username=$row[3]>Edit</a> ]";

	           print "</td>";

           print "</tr>";

  }
        
	print "</table>";

        print "<font size=1 color=yellow>Number of entries found: $rows";
     }

     else {
           print "No records found!";
          }

	     mysql_free_result ($result);

}

 

Now here is the code when I click "Edit" from the "View Users" table:

if (@$_GET['action'] == "Edit") {

$result = mysql_query ("Select * from users where username='$_GET[username]'");
$row = mysql_fetch_row ($result);

print "<font size=6 color=yellow><center>Edit Records </center></font>";
print "<form method = get> 
<table border = 1  align=center> 
<tr>	<td><font color=yellow>First Name:</font></td>
	<td><input type=text name=fname value=$row[0] ></td></tr>
<tr>	<td><font color=yellow>Last Name:</font></td>
<td><input type=text name=lname value=$row[1]></td></tr>
<tr>	<td><font color=yellow>Email Address: </font></td>
	<td><input type=text name=email value=$row[2] </td></tr>
<tr>	<td><font color=yellow>Username: </font></td>
	<td><input type = text name = username value=$row[3] ></td></tr>
<tr>	<td><font color=yellow>Password:</font></td>
	<td><input type=text name=password value=$row[4]></td></tr>
<tr>	<td><font color=yellow>Contact Number:</font></td>
     	<td><input type = text name = phone_number value=$row[5]></td></tr>
<tr>	<td><font color=yellow>User Privilege:</font></td>
<td><input type = txt name = user_lvl value=$row[6]></td></tr>

<tr><td><input type=submit value='Update Users' Submit name=action></td></tr>
</table>	  
</form> ";
}

  if (@$_GET['action']=="Update Users") {
     $result = mysql_query ("UPDATE users 
             SET 
             fname='$_GET[fname]',
             lname='$_GET[lname]',
             email='$_GET[email]',
             username='$_GET[username]',
             password='$_GET[password]',
             phone_number='$_GET[phone_number]',
     user_lvl='$_GET[user_lvl]'
     where username= '$_GET[username]'");
     print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>";
  }

 

Link to comment
Share on other sites
JKG Member

JKG

Posted
Posted

initially your sql isnt right.

you are using php to create the sql so you need to break out of the quotes to insert the php. and you were missing single quotes inside square brackets.

$result = mysql_query ("SELECT * FROM `users` WHERE username='".$_GET['username']."'");

secondly, dont print out the whole table with php, just use php where you need it.

thirdly, dont suppress errors with the @ symbol, they will just bite you later

fourth, using $_POST over $_GET is better. especially when your dealing with a user form, cos you are then posting the password into the url, and into the history.

fifth, you had your mysql_query in a variable, but never referred to $result.

sixth, again with the breaking out of your sql.

seventh, your mysql construction wasnt good, i have given you an update.

eighth: its best to carry the id of the row and use that as the sector, not the username.

here is some of the work done for you:

<?php
if ($_GET['action'] == "Edit") {

$query = "SELECT * FROM `users` WHERE username='".$_GET['username']."'";
	// Execute the query
	$result = mysql_query($query);
	if (!$result){
	die ("Could not query the database: 
	<br />". mysql_error());
	} while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
	$id = $row['id'];
	$fname = $row['fname'];
	} ?>

<font size="6" color="yellow"><center>Edit Records </center></font>
<form method="get"> 
<table border ="1"  align="center"> 
	<tr>	
		<td><font color="yellow">First Name:</font></td>
		<td><input type="text" name="fname" value="<?php echo $fname;?>"></td>
	</tr>
	...
<?php
}

  if ($_GET['action']=="Update Users") {
  mysql_query ("UPDATE users 
             SET 
             fname='".$_GET['fname']."',
             lname='".$_GET['lname']."',
             email='".$_GET['email']."',
             username='".$_GET['username']."',
             password='".$_GET['password']."',
             phone_number='".$_GET['phone_number']."',
     user_lvl='".$_GET['user_lvl']."'
     WHERE username= '".$_GET['username']."'");
     print "<font size=6 color=yellow><center><blink>Record of User successfully updated!</blink></center></font>";
  } ?>

 

also: dont use font tags, look into CSS styling your site. use double quotes in your html, not just the equals sign.

Finally: DONT USE BLINK! :P

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.