Add new table won't work. please help

Hi,
I appreciated if some one there can help me out, i want to add new table ‘config’ but seem not work fine.

<?php 
/********************** config.PHP**************************/
include 'dbc.php';
page_protect();

$err = array();
$msg = array();

if($_POST['doSave'] == 'Save')  
{

// Filter POST data for harmful code (sanitize)
foreach($_POST as $key => $value) {
    $data[$key] = filter($value);
}

if(empty($err)) {

mysql_query("UPDATE config SET
            `SITE_TITLE` = '$data[SITE_TITLE]',
            `SITE_KEYWORDS` = '$data[SITE_KEYWORDS]',
            `SITE_DESCRIPTIONS` = '$data[SITE_DESCRIPTIONS]',
            `SITE_MENUS` = '$data[SITE_MENUS]',
            `SITE_COPYRIGHT` = '$data[SITE_COPYRIGHT]',
            `SITE_METATAGS` = '$data[SITE_METATAGS]'
             WHERE ID='$data[ID]") or die(mysql_error());

$msg[] = "Profile Sucessfully saved";
 }
 }
//$rs_edits = mysql_query("select * from users where ID='$_SESSION[user_id]'"); 
$rs_edits = mysql_query("select * from users where ID='$data[ID]'") or die(mysql_error()); 
?>
<html>
<head>
<title>Profile Edit</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="14%" valign="top">
<?php
/********************* MYACCOUNT MENU *******************/
if (isset($_SESSION['user_id'])) {?>
  <div class="myaccount">
  <p><strong>My Account</strong></p>
  <a href="index.php">Home</a><br><br>
  <a href="profile_edit.php">Edit Profile</a><br><br>
  <a href="pwd_change.php">Change Password</a><br><br>
  <a href="logout.php">Logout </a><br><br>
  </div>
<?php }
/*****************************END************************/
if (checkAdmin()) {
/**********************ADMIN MENU************************/
?>
<div class="myaccount"><br>
      <a href="admin_cp.php">Admin CP </a><br /><br>
      <a href="member_create.php">Add new Member</a><br><br>
  <a href="config.php">Site Configuration</a><br><br>
</div>
<?php } 
/*****************************END************************/
?>
    </td>
    <td width="74%" valign="top" style="padding: 10px;">

    <h2 class="titlehdr">Your Profile Edit Form</font></h2>
      <p> 
        <?php    
    if(!empty($err))  {
       echo "<div class=\\"msg\\">";
      foreach ($err as $e) {
        echo "* $e <br>";
        }
      echo "</div>";    
       }
       if(!empty($msg))  {
        echo "<div class=\\"msg\\">" . $msg[0] . "</div>";

       }
      ?>
      </p>
      <p>Hdff sdgsdgs g.</p>
      
        <?php while ($row_edits = mysql_fetch_array($rs_edits)) {?>
      <form  name="myform" id="myform" method="post" action="">
      <table width="80%" border="0" cellpadding="5" cellspacing="2" class="myaccount">
          <tr> 
            <td>Site Title</td>
            <td><input name="SITE_TITLE" type="text" id="SITE_TITLE" value="<?php echo $row_edits['SITE_TITLE']; ?>"></td>
          </tr>
          <tr> 
            <td>Site Slogan</td>
            <td><textarea name="SITE_SLOGAN" cols="30" rows="1" id="SITE_SLOGAN"><?php echo $row_edits['SITE_SLOGAN']; ?></textarea></td>
          </tr>
          <tr> 
            <td>Site Keywords</td>
            <td><textarea name="SITE_KEYWORDS" cols="30" rows="1" id="SITE_KEYWORDS"><?php echo $row_edits['SITE_KEYWORDS']; ?></textarea>
            </td>
          </tr>
          <tr> 
            <td>Site Descriptions</td> 
            <td><textarea name="SITE_DESCRIPTIONS" cols="30" rows="1" id="SITE_DESCRIPTIONS"><?php echo $row_edits['SITE_DESCRIPTIONS']; ?></textarea></td>
          </tr>
          <tr> 
            <td>Site Menus</td> 
            <td><textarea name="SITE_MENUS" cols="30" rows="1" id="SITE_MENUS"><?php echo $row_edits['SITE_MENUS']; ?></textarea></td>
          </tr>
          <tr> 
            <td>Site Meta Tags</td> 
            <td><textarea name="SITE_METATAGS" cols="30" rows="1" id="SITE_METATAGS"><?php echo $row_edits['SITE_METATAGS']; ?></textarea></td>
          </tr>
          <tr> 
            <td>Site Copyright</td> 
            <td><textarea name="SITE_COPYRIGHT" cols="30" rows="1" id="SITE_COPYRIGHTS"><?php echo $row_edits['SITE_COPYRIGHT']; ?></textarea></td>
          </tr>
      </table>
              <p>
                <input name="doSave" type="submit" id="doSave" value="Save">
              </p>
            </form>
      <?php } ?>

    <td width="196" valign="top"> </td>
  </tr>
  <tr> 
    <td colspan="3"> </td>
  </tr>
</table>
</body>
</html>

and i got blank page, when i disabled

<?php while ($row_edits = mysql_fetch_array($rs_edits)) {?>

the form appears but can’t work fine.

That is seem cause to use GET parameter or SESSION. it just wont work with data[id]

any idea ? thanks in advance

no error, the warning said:

Invalid Login. Please try again with correct user email and password.

and i’m sure my username and password correct because i never changed it, and also i was make sure the password sha1 in the correct character by editing from phpmyadmin

Sorry, but what does this login problem have to do with the queries you posted? Is the password stored in the configs table?
Where is the code that outputs that message?

Here the user table


– Table structure for table users

CREATE TABLE IF NOT EXISTS users (
ID bigint(20) NOT NULL auto_increment,
MD5ID varchar(255) NOT NULL default ‘’,
FULLNAME varchar(255) NOT NULL,
USERNAME varchar(255) NOT NULL default ‘’,
EMAIL varchar(255) NOT NULL default ‘’,
USERLEVEL tinyint(4) NOT NULL default ‘1’,
PASSWORD varchar(255) NOT NULL default ‘’,
DATE date NOT NULL default ‘0000-00-00’,
USERSIP varchar(255) NOT NULL default ‘’,
STATUS int(1) NOT NULL default ‘0’,
ACTCODE int(10) NOT NULL default ‘0’,
BANNED int(1) NOT NULL default ‘0’,
CKEY varchar(255) NOT NULL default ‘’,
CTIME varchar(255) NOT NULL default ‘’,
PRIMARY KEY (ID),
UNIQUE KEY EMAIL (EMAIL),
FULLTEXT KEY IDXSEARCH (FULLNAME,EMAIL,USERNAME)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;


– Dumping data for table users

INSERT INTO users (ID, MD5ID, FULLNAME, USERNAME, EMAIL, USERLEVEL, PASSWORD, DATE, USERSIP, STATUS, ACTCODE, BANNED, CKEY, CTIME) VALUES
(1, ‘c4ca4238a0b923820dcc509a6f75849b’, ‘admin1’, ‘admin’, ‘xxxxx@yahoo.com’, 5, ‘4c09e75fa6fe36038ac240e9e4e0126cedef6d8c85cf0a1ae’, ‘2010-05-23’, ‘’, 1, 6456, 0, ‘f1e24v0’, ‘1277040960’),
(2, ‘c81e728d9d4c2f636f067f89cc14862c’, ‘user’, ‘user’, ‘xxxxxx@yahoo.com’, 1, ‘a49f6b86d798017209a205417c077d7241d8dc3663102f8b9’, ‘2010-05-23’, ‘’, 1, 5185, 0, ‘’, ‘’);

and the adding config table look like:


– Table structure for table configs

CREATE TABLE IF NOT EXISTS configs (
ID bigint(20) NOT NULL auto_increment,
SORT_THUMBS_BY varchar(255) NOT NULL,
SORT_THUMBS_ORDER varchar(255) NOT NULL,
THUMBS_PER_PAGE varchar(255) NOT NULL default ‘0’,
PHOTO_COMMENTS varchar(255) NOT NULL default ‘0’,
THUMBS_FOLDER varchar(255) NOT NULL,
GALLERY_FOLDER varchar(255) NOT NULL,
TEMPLATES varchar(255) NOT NULL default ‘’,
MAX_WIDTH varchar(255) NOT NULL,
ADMIN_NOTE varchar(255) NOT NULL,
TILE_STYLE varchar(255) NOT NULL,
SITE_TITLE varchar(255) NOT NULL,
SITE_SLOGAN varchar(255) NOT NULL,
SITE_KEYWORDS varchar(255) NOT NULL,
SITE_DESCRIPTIONS varchar(255) NOT NULL,
SITE_MENUS varchar(255) NOT NULL,
SITE_COPYRIGHT varchar(255) NOT NULL,
SITE_METATAGS varchar(255) NOT NULL,
PRIMARY KEY (ID)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;


– Dumping data for table configs

INSERT INTO configs (ID, SORT_THUMBS_BY, SORT_THUMBS_ORDER, THUMBS_PER_PAGE, PHOTO_COMMENTS, THUMBS_FOLDER, GALLERY_FOLDER, TEMPLATES, MAX_WIDTH, ADMIN_NOTE, TILE_STYLE, SITE_TITLE, SITE_SLOGAN, SITE_KEYWORDS, SITE_DESCRIPTIONS, SITE_MENUS, SITE_COPYRIGHT, SITE_METATAGS) VALUES
(2, ‘modified’, ‘asc’, ‘10’, ‘0’, ‘thumbs/’, ‘galeri/’, ‘default’, ‘420’, ‘xxxx’, ‘table’, ‘DoHoZFoto Gallery’, ‘’, ‘’, ‘’, ‘’, ‘’, ‘’);

anyway thanks for your attention so far

Are you getting any error messages?

I was offering a solution by copy/paste of the OP’s code.

If we wanted to get technical about it, that whole script needs to be deleted and rewritten. :wink:

the last two posters are incorrectly quoting a numeric value which is to be compared to an assumed numeric column (ID)

without the quotes, you’ll pass a lot less garbage to the database

:slight_smile:

ok mates, thanks a lot for your attention, after doing all of your code, i still get no luck.

i was change

$rs_edits = mysql_query("select * from configs where ID='$_SESSION[user_id]'");   

to:

$result = mysql_query("SELECT * FROM configs") or die(mysql_error());  
$rs_edits = mysql_fetch_array( $result );

the configuration form work fine, but after log out then i can’t log in any more…

i tried use

$rs_edits = mysql_query("select * from configs where ID='$_GET[ID]'") or die(mysql_error()); 

or

$rs_edits = mysql_query("select * from configs where ID='".mysql_real_escape_string($_GET[ID])."'") or die(mysql_error()); 

and not different, i can not log in anymore…

any idea please…?

Are you passing an ID to this page in order to edit it? Something like:
http://www.example.com/mypage.php[B]?ID=1234[/B]

If you are, try changing this:

$rs_edits = mysql_query("select * from users where ID='$data[ID]'") or die(mysql_error());

… To this:

$rs_edits = mysql_query("select * from users where ID='$_GET[ID]'") or die(mysql_error());

This would be even better:


$rs_edits = mysql_query("select * from users where ID='".mysql_real_escape_string($_GET[ID])."'") or die(mysql_error()); 

That way the input is cleaned and the query is less susceptible to SQL injection attacks :slight_smile: