Why isn't this updating???

[cturner01]

When I test the following code it doesn't update the email address. After I click on the save button it displays the original email address not the new email address. What have I done wrong? Can someone please help me? Thanks in advance.

// the save button
if (isset($_POST['save'])) {
// get the email address
$email = $_POST['email'];
// get the current password
$currentpassword = $_POST['currentpassword'];
// get the new password
$newpassword = $_POST['newpassword'];
// get the 
$newpassword2 = $_POST['newpassword2'];

if ($email == '') {
	$arrErrors['email'] = 'You have deleted the email address please refresh the page to display the email address again.';
}
if (strlen($currentpassword) < 6) {
	$arrErrors['currentpassword'] = 'Please enter a password that is 6 or more characters in length.';
}
if ((strlen($newpassword) > 6) AND ($newpassword2 == '')){
	$arrErrors['newpassword2'] = 'Please enter the password again in the confirm new password field.';
}

if (count($arrErrors) == 0) {
	$username = mysql_real_escape_string($_COOKIE['username']);
	$email = mysql_real_escape_string($_POST['email']);
	$currentpassword = mysql_real_escape_string($_POST['currentpassword']);
	$newpassword = mysql_real_escape_string($_POST['newpassword']);
	$newpassword2 = mysql_real_escape_string($_POST['newpassword2']);
	
	$update = "UPDATE `users` SET `email` = '$email', `password` = '$newpassword' WHERE `username` = '$username'";
		if (mysql_query($update)) {
			header ('Location: updated.php');
		} else {
			print "Could not add the entry because: " . mysql_error() . ". The query was $result.";
		}
} else {
        // The error array had something in it. There was an error.
        // Start adding error text to an error string.
        $strError = '<div class="formerror"><p>Please check the following and try again:</p><ul>';
        // Get each error and add it to the error string
        // as a list item.
        foreach ($arrErrors as $error) {
            $strError .= "<li>$error</li>";
        }
        $strError .= '</ul></div>';
    }
}

 

[jpadie]

most likely because the username is not being populated properly. echo out the query before you run it.

also you are not testing for password concordance, and there is a logic hole in your password length test (if the pwd is exactly 6 characters long you do not test the newpassword2 field).

also ... assuming this is a password change script, should you not also be checking to ensure that the user has got the "old" password correct? say by adding another where criterion to the sql call?

 

[cturner01]

I have tried echoing out the query but nothing happens. Have you got any other solutions?

 

[cturner01]

Would something in this be causing the problem:

require "config2.php";
$query = "SELECT * FROM `users` WHERE `username` = '$username'";
$result = mysql_query ($query) or die("Could not query because: " . mysql_error());
while($row = mysql_fetch_array($result)){
echo "<div align=left><table width=50%><tr><td>Username:</td><td>".$row['username']."</td></tr><tr><td>E-mail address:</td><td>";
echo "<input name=email type=text value=".$row['email']."></td></tr><tr><td>New e-mail address:</td><td><input name=email2 type=text value=".$row['email2']."></td></tr><tr><td>Current password:</td><td><input name=currentpassword type=password></td></tr><tr><td>New password:</td><td><input name=newpassword type=password></td></tr><tr><td>Confirm new password:</td><td><input name=newpassword2 type=password></td></tr><tr><td colspan=2></td></tr></table></div>";
}
mysql_close();

 

[jpadie]

if nothing happens then your code is not running.

i''m assuming that you have all error display and reporting switched on.

which leads to the conditional directive. this is looking for a form control called "save" (typically a submit button). in the snip above i cannot see such a control nor can I see any form tags, which would be required if you are submitting this as a form.

 

[cturner01]

I have placed the save button and the form tags in the html code part of the page.

 

[jpadie]

can you post the entire form here.

 

[cturner01]

Here is the entire form:

<form name=myaccountform method=post action="<?php echo $PHP_SELF; ?>">
<?php
require "config2.php";
$query = "SELECT * FROM `users` WHERE `username` = '$username'";
$result = mysql_query ($query) or die("Could not query because: " . mysql_error());
while($row = mysql_fetch_array($result)){
echo "<div align=left><table width=50%><tr><td>Username:</td><td>".$row['username']."</td></tr><tr><td>E-mail address:</td><td>";
echo "<input name=email type=text value=".$row['email']."></td></tr><tr><td>New e-mail address:</td><td><input name=email2 type=text value=".$row['email2']."></td></tr><tr><td>Current password:</td><td><input name=currentpassword type=password></td></tr><tr><td>New password:</td><td><input name=newpassword type=password></td></tr><tr><td>Confirm new password:</td><td><input name=newpassword2 type=password></td></tr><tr><td colspan=2></td></tr></table></div>";
}
mysql_close();
?>
<input name=save type=submit id=save value=SAVE></form>

 

[Vragabond]

Variables are case sensitive. Your submit button is called 'SAVE', however you're looking for an existence of 'save'. save does not exist, only SAVE does. Make sure both the button name and checking for the name use the same case.

In addition, I would really suggest you start putting all the html attribute values in quotes. It will save you a lot of headaches down the road.

 

[cturner01]

I have tried that and it is still not updating.

 

[jpadie]

I tweaked your receiving script a bit yesterday. here is the code. it contains some debugging code to help us fix your problem.

I agree with vragabond that you should properly enquote your html attributes. However this is not the problem as your submit button is called "save" (lower case) which is the test you are running. I remain of the view that the cookie username is not being retrieved. You have not shown us how you are setting this.

i am assuming that your database connect script is required or included somewhere else. if not, add the relevant stuff at the top of the script.

please post back the debugging messages that get produced by this script.

<?
//added code
//set error reporting
error_reporting(E_ALL);
//end added code

// the save button
if (isset($_POST['save'])) {
	
	//change code to refer to trimmed variables
	
	// get the email address
	$email = trim($_POST['email']);
	// get the current password
	$currentpassword = trim($_POST['currentpassword']);
	// get the new password
	$newpassword = trim($_POST['newpassword']);
	// get the
	$newpassword2 = trim($_POST['newpassword2']);

	//added code
	//.instantiate the errors collection.  Not necessary but good practice
	$arrErrors = array();
	//end added code	
	
	
	if ($email == '') {
		$arrErrors['email'] = 'You have deleted the email address please refresh the page to display the email address again.';
	}
	if (strlen($currentpassword) < 6) {
		$arrErrors['currentpassword'] = 'Please enter a password that is 6 or more characters in length.';
	}
	if (strlen($newpassword) >= 6){
		if (empty($newpassword2) == ''){
			$arrErrors['newpassword2'] = 'Please enter the password again in the confirm new password field.';
		//added code
		} elseif ($newpassword2 !== $newpassword) {
			$arrErrors['newpassword2'] = 'Passwords do not match';
		}
		//end added code
	}
	//added code
	if (	mysql_result(
				mysql_query("
								Select 
									count(*) 
								from 
									users 
								where 
									`username` = '{$_COOKIE['username']}' 
									AND 
									`password` = '$currentpassword'
								"
								),
				0,0
			) !== 1) {
		$arrErrors["currentpassword_2"] = 'Your current password is incorrect'; 
	}
	//end code

	if (count($arrErrors) === 0) {	//code changed to a precise comparison '==='
		$username = mysql_real_escape_string($_COOKIE['username']);
		$email = mysql_real_escape_string($_POST['email']);
		$currentpassword = mysql_real_escape_string($_POST['currentpassword']);
		$newpassword = mysql_real_escape_string($_POST['newpassword']);
		$newpassword2 = mysql_real_escape_string($_POST['newpassword2']);
		
		//reformatted code
		$update = "	UPDATE 
						`users` 
					SET 
						`email` = '$email', 
						`password` = '$newpassword' 
					WHERE 
						`username` = '$username'
						AND
						`password` = '$currentpassword'
					";
		//end reformatted code
		
		//changed code
		$result = mysql_query($update);
		if ($result === TRUE) {
			//code changed for debugging
			echo "<br/>success" ; // header ('Location: updated.php');
			//end code changed for debugging
		} elseif (mysql_affected_rows() == 0) {
			echo "No changes to the database were made.  Sql query was <br/>$update";
			dumpDebugInfo();
		} else {
			print "Could not add the entry because: " . mysql_error() . ". <br/>The query was $update.";
		}
		//end changed code
	} else {
			// The error array had something in it. There was an error.
			// Start adding error text to an error string.
			$strError = '<div class="formerror"><p>Please check the following and try again:</p><ul>';
			// Get each error and add it to the error string
			// as a list item.
			foreach ($arrErrors as $error) {
				$strError .= "<li>$error</li>";
			}
			$strError .= '</ul></div>';
	}
} else {
	echo 'the if($_POST["save"]) condition was not met<br/>';
	dumpDebugInfo();
}// end of master IF statement (if ($_POST['save'])

function dumpDebugInfo(){
echo "<br/>For debugging purposes:<br/>";
echo "	<pre>
<br/>
POST DATA
<br/>".
print_r($_POST,true).
"<br/>
SESSIONS
<br/>".
print_r($_SESSION, true).
"<br/>
COOKIES
<br/>".
print_r($_COOKIE, true).
"</pre>";
}
?>