I have a really stupid question. Before I start I know I am using the deprecated version of mysql, I haven't come around to learn MySqli or PDO yet, but I will soon.
I have been working on a whole administrative system, and I have gotten to the point where I'm creating the functions for administrators to edit other accounts. I've made the whole system on one page and my code is becoming a little messy (this could be why I'm getting an error).
Well I'll begin with my problem now: I have an Update Query but it doesn't seem to be working. My form is as follows:
<form action="" method="post">
<table class="table table-profile">
<thead>
<tr>
<th colspan="2">
<h4><?php echo $username; ?> <small><?php echo $fullname; ?></small></h4>
</th>
</tr>
</thead>
<tbody>
<tr>
<td colspan="2"><input type="hidden" name="id" value="<?php echo $id; ?>" /></td>
</tr>
<tr>
<td class="field">Username</td>
<td><input type="text" class="form-control input-xs" name="username" placeholder="" value="<?php echo $username; ?>" /></td>
</tr>
<tr>
<td class="field">Password</td>
<td><a href="#">Password Resets must be done through James/Hamish/Cryptic</a></td>
</tr>
<tr>
<td class="field">Full name</td>
<td><input type="text" class="form-control input-xs" name="fullname" placeholder="" value="<?php echo $fullname; ?>" /></td>
</tr>
<tr>
<td class="field">Email</td>
<td><input type="text" class="form-control input-xs" name="email" placeholder="" value="<?php echo $email; ?>" /></td>
</tr>
<tr>
<td class="divider" colspan="2"></td>
</tr>
<tr>
<td class="field">Membership</td>
<td>
<select class="form-control input-inline input-xs" name="membership">
<option value="Administrator"<?php if($membership == 'Administrator') { echo ' selected'; } ?>>Administrator</option>
<option value="Moderator"<?php if($membership == 'Moderator') { echo ' selected'; } ?>>Moderator</option>
<option value="Supporter"<?php if($membership == 'Supporter') { echo ' selected'; } ?>>Supporter</option>
<option value="PM|T"<?php if($membership == 'PM|T') { echo ' selected'; } ?>>Platinum Modding Team</option>
<option value="Paid"<?php if($membership == 'Paid') { echo ' selected'; } ?>>Paid User</option>
<option value="Free"<?php if($membership == 'Free') { echo ' selected'; } ?>>Free User</option>
<option value="None"<?php if($membership == 'None') { echo ' selected'; } ?>>None</option>
</select>
</td>
</tr>
<tr>
<td class="field">Plan Desription</td>
<td><input type="text" class="form-control input-xs" name="membership_type" placeholder="Membership Type" value="<?php echo $membership_type; ?>" /></td>
</tr>
<tr>
<td class="field">MaxTime</td>
<td>
<select class="form-control input-inline input-xs" name="membership_maxtime">
<option value="600"<?php if($membership_maxtime == '600') { echo ' selected'; } ?>>600 Seconds</option>
<option value="1800"<?php if($membership_maxtime == '1800') { echo ' selected'; } ?>>1800 Seconds</option>
<option value="3600"<?php if($membership_maxtime == '3600') { echo ' selected'; } ?>>3600 Seconds</option>
<option value="7200"<?php if($membership_maxtime == '7200') { echo ' selected'; } ?>>7200 Seconds</option>
<option value="4147200"<?php if($membership_maxtime == '4147200') { echo ' selected'; } ?>>4147200 Seconds</option>
</select>
</td>
</tr>
<tr>
<td class="field">Concurrents</td>
<td>
<select class="form-control input-inline input-xs" name="membership_concurrents">
<option value="1"<?php if($membership_concurrents == '1') { echo ' selected'; } ?>>1 Concurrent</option>
<option value="2"<?php if($membership_concurrents == '2') { echo ' selected'; } ?>>2 Concurrents</option>
<option value="3"<?php if($membership_concurrents == '3') { echo ' selected'; } ?>>3 Concurrents</option>
<option value="4"<?php if($membership_concurrents == '4') { echo ' selected'; } ?>>4 Concurrents</option>
<option value="4147200"<?php if($membership_concurrents == '4147200') { echo ' selected'; } ?>>4147200 Concurrents</option>
</select>
</td>
</tr>
<tr>
<td class="field">Expiration</td>
<td><input type="text" class="form-control input-xs" name="membership_expiration" placeholder="Membership Expiration: (format: yyyy-mm-dd)" value="<?php echo $membership_expiration; ?>" /></td>
</tr>
<tr>
<td class="divider" colspan="2"></td>
</tr>
<tr>
<td class="field">IP Address</td>
<td><a href="http://whatismyipaddress.com/ip/<?php echo $location_ip; ?>" target="new"><?php echo $location_ip; ?></td>
</tr>
<tr>
<td class="divider" colspan="2"></td>
</tr>
<tr>
<td class="field">Warning</td>
<td>
<select class="form-control input-inline input-xs" name="warning">
<option value="0"<?php if($warning == '0') { echo ' selected'; } ?>>Level 0 - No warning</option>
<option value="1"<?php if($warning == '1') { echo ' selected'; } ?>>Level 1 - First Offence</option>
<option value="2"<?php if($warning == '2') { echo ' selected'; } ?>>Level 2 - Strong Warning</option>
<option value="3"<?php if($warning == '3') { echo ' selected'; } ?>>Level 3 - Last Chance</option>
</select>
</td>
</tr>
<tr>
<td class="field">Warning Note</td>
<td><textarea class="form-control" rows="4" name="warning_note" placeholder="The warning note will be displayed after a level 1 warning."><?php echo $warning_note; ?></textarea></td>
</tr>
<tr>
<td class="divider" colspan="2"></td>
</tr>
<tr<?php if ($banned == 'true') { echo ' class="danger"'; } ?>>
<td class="field"><i class="fa fa-ban"></i> Banned</td>
<td>
<label class="radio-inline">
<input type="radio" name="banned" value="false"<?php if ($banned == 'false') { echo ' checked'; } ?> />
False
</label>
<label class="radio-inline">
<input type="radio" name="banned" value="true"<?php if ($banned == 'true') { echo ' checked'; } ?> />
True
</label>
</td>
</tr>
<tr<?php if ($banned == 'true') { echo ' class="danger"'; } ?>>
<td class="field">Banned Reason</td>
<td><textarea class="form-control" rows="4" name="banned_note" placeholder="Reason for account ban. (If the account is banned)"><?php echo $banned_note; ?></textarea></td>
</tr>
<tr>
<td class="divider" colspan="2"></td>
</tr>
<tr>
<td class="field">Acc Created</td>
<td><?php echo $created; ?></td>
</tr>
</tbody>
<tfoot>
<tr>
<td colspan="2">
<button type="submit" name="uploadAccount" class="btn btn-success"><i class="fa fa-upload"></i> Upload new changes</button>
<button type="reset" class="btn btn-warning"><i class="fa fa-refresh"></i> Reset Fields</button>
</td>
</tr>
</tfoot>
</table>
</form>
and my code to update the database is as follows:
if (isset($_REQUEST['uploadAccount'])) {
$id = $POST['id'];
$username = $_POST['username'];
$fullname = $_POST['fullname'];
$email = $_POST['email'];
$membership = $_POST['membership'];
$membership_type = $_POST['membership_type'];
$membership_maxtime = $_POST['membership_maxtime'];
$membership_concurrents = $_POST['membership_concurrents'];
$membership_expiration = $_POST['membership_expiration'];
$warning = $_POST['warning'];
$warning_note = $_POST['warning_note'];
$banned = $_POST['banned'];
$banned_note = $_POST['banned_note'];
$account_update = mysql_query("UPDATE members SET username='$username', fullname='$fullname', email='$email', membership='$membership', membership_type='$membership_type', membership_maxtime='$membership_maxtime', membership_concurrents='$membership_concurrents', membership_expiration='$membership_expiration', warning='$warning', warning_note='$warning_note', banned='$banned', banned_note='$banned_note' WHERE id='$id'", $con);
header('location: dashboard.php?admin&accounts&success=Account, '.$username.' successfully updated');
} else { }
I would much appreciate if you let me know what I am doing wrong. Thank you in advance to those who do.
Answer:
Dont use deprecated mysql_* use PDO.
Here you have an example.
$pdo = new PDO ($server, $user, $password);
$query = 'UPDATE members SET username= :username, fullname= :fullname';
$stmt = $pdo -> prepare($query);
$stmt->bindParam(":username", $username, PDO::PARAM_STR);
$stmt->bindParam(":fullname", $fullname, PDO::PARAM_STR);
$stmt->execute();
With PDO you can bind your params to the query.
No comments:
Post a Comment