SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Mar 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    add new table won't work. please help..

    Hi,
    I appreciated if some one there can help me out, i want to add new table 'config' but seem not work fine.
    PHP Code:
    <?php 
    /********************** config.PHP**************************/
    include 'dbc.php';
    page_protect();

    $err = array();
    $msg = array();

    if(
    $_POST['doSave'] == 'Save')  
    {

    // Filter POST data for harmful code (sanitize)
    foreach($_POST as $key => $value) {
        
    $data[$key] = filter($value);
    }

    if(empty(
    $err)) {

    mysql_query("UPDATE config SET
                `SITE_TITLE` = '
    $data[SITE_TITLE]',
                `SITE_KEYWORDS` = '
    $data[SITE_KEYWORDS]',
                `SITE_DESCRIPTIONS` = '
    $data[SITE_DESCRIPTIONS]',
                `SITE_MENUS` = '
    $data[SITE_MENUS]',
                `SITE_COPYRIGHT` = '
    $data[SITE_COPYRIGHT]',
                `SITE_METATAGS` = '
    $data[SITE_METATAGS]'
                 WHERE ID='
    $data[ID]") or die(mysql_error());

    $msg[] = "Profile Sucessfully saved";
     }
     }
    //$rs_edits = mysql_query("select * from users where ID='$_SESSION[user_id]'"); 
    $rs_edits mysql_query("select * from users where ID='$data[ID]'") or die(mysql_error()); 
    ?>
    <html>
    <head>
    <title>Profile Edit</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link href="styles.css" rel="stylesheet" type="text/css">
    </head>
    <body>
    <table width="100%" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="14%" valign="top">
    <?php
    /********************* MYACCOUNT MENU *******************/
    if (isset($_SESSION['user_id'])) {?>
      <div class="myaccount">
      <p><strong>My Account</strong></p>
      <a href="index.php">Home</a><br><br>
      <a href="profile_edit.php">Edit Profile</a><br><br>
      <a href="pwd_change.php">Change Password</a><br><br>
      <a href="logout.php">Logout </a><br><br>
      </div>
    <?php }
    /*****************************END************************/
    if (checkAdmin()) {
    /**********************ADMIN MENU************************/
    ?>
    <div class="myaccount"><br>
          <a href="admin_cp.php">Admin CP </a><br /><br>
          <a href="member_create.php">Add new Member</a><br><br>
      <a href="config.php">Site Configuration</a><br><br>
    </div>
    <?php 
    /*****************************END************************/
    ?>
        </td>
        <td width="74%" valign="top" style="padding: 10px;">

        <h2 class="titlehdr">Your Profile Edit Form</font></h2>
          <p> 
            <?php    
        
    if(!empty($err))  {
           echo 
    "<div class=\"msg\">";
          foreach (
    $err as $e) {
            echo 
    "* $e <br>";
            }
          echo 
    "</div>";    
           }
           if(!empty(
    $msg))  {
            echo 
    "<div class=\"msg\">" $msg[0] . "</div>";

           }
          
    ?>
          </p>
          <p>Hdff sdgsdgs g.</p>
          
            <?php while ($row_edits mysql_fetch_array($rs_edits)) {?>
          <form  name="myform" id="myform" method="post" action="">
          <table width="80%" border="0" cellpadding="5" cellspacing="2" class="myaccount">
              <tr> 
                <td>Site Title</td>
                <td><input name="SITE_TITLE" type="text" id="SITE_TITLE" value="<?php echo $row_edits['SITE_TITLE']; ?>"></td>
              </tr>
              <tr> 
                <td>Site Slogan</td>
                <td><textarea name="SITE_SLOGAN" cols="30" rows="1" id="SITE_SLOGAN"><?php echo $row_edits['SITE_SLOGAN']; ?></textarea></td>
              </tr>
              <tr> 
                <td>Site Keywords</td>
                <td><textarea name="SITE_KEYWORDS" cols="30" rows="1" id="SITE_KEYWORDS"><?php echo $row_edits['SITE_KEYWORDS']; ?></textarea>
                </td>
              </tr>
              <tr> 
                <td>Site Descriptions</td> 
                <td><textarea name="SITE_DESCRIPTIONS" cols="30" rows="1" id="SITE_DESCRIPTIONS"><?php echo $row_edits['SITE_DESCRIPTIONS']; ?></textarea></td>
              </tr>
              <tr> 
                <td>Site Menus</td> 
                <td><textarea name="SITE_MENUS" cols="30" rows="1" id="SITE_MENUS"><?php echo $row_edits['SITE_MENUS']; ?></textarea></td>
              </tr>
              <tr> 
                <td>Site Meta Tags</td> 
                <td><textarea name="SITE_METATAGS" cols="30" rows="1" id="SITE_METATAGS"><?php echo $row_edits['SITE_METATAGS']; ?></textarea></td>
              </tr>
              <tr> 
                <td>Site Copyright</td> 
                <td><textarea name="SITE_COPYRIGHT" cols="30" rows="1" id="SITE_COPYRIGHTS"><?php echo $row_edits['SITE_COPYRIGHT']; ?></textarea></td>
              </tr>
          </table>
                  <p>
                    <input name="doSave" type="submit" id="doSave" value="Save">
                  </p>
                </form>
          <?php ?>

        <td width="196" valign="top">&nbsp;</td>
      </tr>
      <tr> 
        <td colspan="3">&nbsp;</td>
      </tr>
    </table>
    </body>
    </html>
    and i got blank page, when i disabled
    PHP Code:
    <?php while ($row_edits mysql_fetch_array($rs_edits)) {?>
    the form appears but can't work fine.

    That is seem cause to use GET parameter or SESSION. it just wont work with data[id]

    any idea ? thanks in advance

  2. #2
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    North Carolina
    Posts
    63
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Are you passing an ID to this page in order to edit it? Something like:
    http://www.example.com/mypage.php?ID=1234

    If you are, try changing this:
    PHP Code:
    $rs_edits mysql_query("select * from users where ID='$data[ID]'") or die(mysql_error()); 
    ... To this:
    PHP Code:
    $rs_edits mysql_query("select * from users where ID='$_GET[ID]'") or die(mysql_error()); 

  3. #3
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    This would be even better:

    PHP Code:
    $rs_edits mysql_query("select * from users where ID='".mysql_real_escape_string($_GET[ID])."'") or die(mysql_error()); 
    That way the input is cleaned and the query is less susceptible to SQL injection attacks

  4. #4
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,216
    Mentioned
    58 Post(s)
    Tagged
    3 Thread(s)
    the last two posters are incorrectly quoting a numeric value which is to be compared to an assumed numeric column (ID)

    without the quotes, you'll pass a lot less garbage to the database

    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  5. #5
    SitePoint Enthusiast
    Join Date
    Oct 2001
    Location
    North Carolina
    Posts
    63
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by r937 View Post
    the last two posters are incorrectly quoting a numeric value which is to be compared to an assumed numeric column (ID)

    without the quotes, you'll pass a lot less garbage to the database

    I was offering a solution by copy/paste of the OP's code.

    If we wanted to get technical about it, that whole script needs to be deleted and rewritten.

  6. #6
    SitePoint Member
    Join Date
    Mar 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok mates, thanks a lot for your attention, after doing all of your code, i still get no luck.

    i was change

    PHP Code:
    $rs_edits mysql_query("select * from configs where ID='$_SESSION[user_id]'"); 
    to:
    PHP Code:
    $result mysql_query("SELECT * FROM configs") or die(mysql_error());  
    $rs_edits mysql_fetch_array$result ); 
    the configuration form work fine, but after log out then i can't log in any more...

    i tried use

    PHP Code:
    $rs_edits mysql_query("select * from configs where ID='$_GET[ID]'") or die(mysql_error()); 
    or

    PHP Code:
    $rs_edits mysql_query("select * from configs where ID='".mysql_real_escape_string($_GET[ID])."'") or die(mysql_error()); 
    and not different, i can not log in anymore...

    any idea please..?

  7. #7
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Are you getting any error messages?

  8. #8
    SitePoint Member
    Join Date
    Mar 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no error, the warning said:

    Invalid Login. Please try again with correct user email and password.

    and i'm sure my username and password correct because i never changed it, and also i was make sure the password sha1 in the correct character by editing from phpmyadmin

  9. #9
    SitePoint Member
    Join Date
    Mar 2010
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here the user table

    --
    -- Table structure for table `users`
    --

    CREATE TABLE IF NOT EXISTS `users` (
    `ID` bigint(20) NOT NULL auto_increment,
    `MD5ID` varchar(255) NOT NULL default '',
    `FULLNAME` varchar(255) NOT NULL,
    `USERNAME` varchar(255) NOT NULL default '',
    `EMAIL` varchar(255) NOT NULL default '',
    `USERLEVEL` tinyint(4) NOT NULL default '1',
    `PASSWORD` varchar(255) NOT NULL default '',
    `DATE` date NOT NULL default '0000-00-00',
    `USERSIP` varchar(255) NOT NULL default '',
    `STATUS` int(1) NOT NULL default '0',
    `ACTCODE` int(10) NOT NULL default '0',
    `BANNED` int(1) NOT NULL default '0',
    `CKEY` varchar(255) NOT NULL default '',
    `CTIME` varchar(255) NOT NULL default '',
    PRIMARY KEY (`ID`),
    UNIQUE KEY `EMAIL` (`EMAIL`),
    FULLTEXT KEY `IDXSEARCH` (`FULLNAME`,`EMAIL`,`USERNAME`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

    --
    -- Dumping data for table `users`
    --

    INSERT INTO `users` (`ID`, `MD5ID`, `FULLNAME`, `USERNAME`, `EMAIL`, `USERLEVEL`, `PASSWORD`, `DATE`, `USERSIP`, `STATUS`, `ACTCODE`, `BANNED`, `CKEY`, `CTIME`) VALUES
    (1, 'c4ca4238a0b923820dcc509a6f75849b', 'admin1', 'admin', 'xxxxx@yahoo.com', 5, '4c09e75fa6fe36038ac240e9e4e0126cedef6d8c85cf0a1ae', '2010-05-23', '', 1, 6456, 0, 'f1e24v0', '1277040960'),
    (2, 'c81e728d9d4c2f636f067f89cc14862c', 'user', 'user', 'xxxxxx@yahoo.com', 1, 'a49f6b86d798017209a205417c077d7241d8dc3663102f8b9', '2010-05-23', '', 1, 5185, 0, '', '');
    and the adding config table look like:
    --
    -- Table structure for table `configs`
    --

    CREATE TABLE IF NOT EXISTS `configs` (
    `ID` bigint(20) NOT NULL auto_increment,
    `SORT_THUMBS_BY` varchar(255) NOT NULL,
    `SORT_THUMBS_ORDER` varchar(255) NOT NULL,
    `THUMBS_PER_PAGE` varchar(255) NOT NULL default '0',
    `PHOTO_COMMENTS` varchar(255) NOT NULL default '0',
    `THUMBS_FOLDER` varchar(255) NOT NULL,
    `GALLERY_FOLDER` varchar(255) NOT NULL,
    `TEMPLATES` varchar(255) NOT NULL default '',
    `MAX_WIDTH` varchar(255) NOT NULL,
    `ADMIN_NOTE` varchar(255) NOT NULL,
    `TILE_STYLE` varchar(255) NOT NULL,
    `SITE_TITLE` varchar(255) NOT NULL,
    `SITE_SLOGAN` varchar(255) NOT NULL,
    `SITE_KEYWORDS` varchar(255) NOT NULL,
    `SITE_DESCRIPTIONS` varchar(255) NOT NULL,
    `SITE_MENUS` varchar(255) NOT NULL,
    `SITE_COPYRIGHT` varchar(255) NOT NULL,
    `SITE_METATAGS` varchar(255) NOT NULL,
    PRIMARY KEY (`ID`)
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

    --
    -- Dumping data for table `configs`
    --

    INSERT INTO `configs` (`ID`, `SORT_THUMBS_BY`, `SORT_THUMBS_ORDER`, `THUMBS_PER_PAGE`, `PHOTO_COMMENTS`, `THUMBS_FOLDER`, `GALLERY_FOLDER`, `TEMPLATES`, `MAX_WIDTH`, `ADMIN_NOTE`, `TILE_STYLE`, `SITE_TITLE`, `SITE_SLOGAN`, `SITE_KEYWORDS`, `SITE_DESCRIPTIONS`, `SITE_MENUS`, `SITE_COPYRIGHT`, `SITE_METATAGS`) VALUES
    (2, 'modified', 'asc', '10', '0', 'thumbs/', 'galeri/', 'default', '420', 'xxxx', 'table', 'DoHoZFoto Gallery', '', '', '', '', '', '');
    anyway thanks for your attention so far

  10. #10
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,495
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    Sorry, but what does this login problem have to do with the queries you posted? Is the password stored in the configs table?
    Where is the code that outputs that message?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •