Results 1 to 2 of 2

Thread: php edit profile page issue

  1. #1
    Join Date
    May 2012
    Posts
    217
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default php edit profile page issue

    Hi

    I am building a edit profile page and got most of the data outputted into the input fields ready to update

    only bit I am stuck on is the multiple renewal dates I have in the database, I can't seem to output them into the input fields

    my coding is below

    PHP Code:
    <?php
     
    if (logged_in() == false) {
            
    redirect_to("login.php");
    } else {
            if (isset(
    $_GET['id']) && $_GET['id'] != "") {
                    
    $id $_GET['id'];
            } else {
                    
    $id $_SESSION['user_id'];
            }
           
            
    $db mysqli_connect("" """") or die("Check connection parameters!"); 
    // Optionally skip select_db and use: mysqli_connect(host,user,pass,dbname)  
    mysqli_select_db($db,"") or die(mysqli_error($db));

    if (
    mysqli_connect_error()) {
        die (
    'Failed to connect to MySQL');
    } else {
        echo 
    '';
    }
     
     
    // get value of id that sent from address bar
    $id=$_GET['id'];
     
     
    $sql "SELECT
            u.id
            , name
            , email
            , address1
            , address2
            , town
            , county
            , postcode
            , telnumber
            , mobnumber
            , model
            , numplate
            , DATE_FORMAT(renewal_date, '%e %M %Y')
            FROM users u
            INNER JOIN renewal USING (id)
            INNER JOIN item USING (item_id)
            WHERE id='
    $id'";
             
              
    $query mysqli_query($db$sql) or die (mysqli_error($db));
             
              
    var_dump ($sql);
             
            
    $row mysqli_fetch_array($query);
            
            
    $id $row['id'];
            
    $name $row['name'];
            
    $email $row['email'];
            
    $address1 $row['address1'];
            
    $address2 $row['address2'];
            
    $town $row['town'];
            
    $county $row['county'];
            
    $postcode $row['postcode'];
            
    $telnumber $row['telnumber'];
            
    $mobnumber $row['mobnumber'];
            
    $model $row['model'];
            
    $numplate $row['numplate'];    
                
        
    $insurance $row['insurance'];
            
    $mot$row['mot'];
            
    $tax$row['tax'];
              
            
    var_dump ($name);
        
    var_dump ($mot);
     
    ?>

    <form method="post" action="edit-data.php">
    <input type="hidden" name="id" value="<?php echo $row['id']; ?>">
    <label>Name :</label>
    <input type="text" name="name" required="required" placeholder="Please Enter Name" value="<?php echo $row['name']; ?>" />
    <br /><br />
    <label>Email :</label>
    <input type="email" name="email" required="required" placeholder="Please Enter Email" value="<?php echo $row['email']; ?>" />
    <br /><br />
    <label>Address Line 1 :</label>
    <input type="text" name="address1" required="required" placeholder="Please Enter Address Line 1" value="<?php echo $row['address1'];?>" />
    <br /><br />
    <label>Address Line 2 :</label>
    <input type="text" name="address2" required="required" placeholder="Please Enter Address Line 2" value="<?php echo $row['address2'];?>" />
    <br /><br />
    <label>Town :</label>
    <input type="text" name="town" required="required" placeholder="Please Enter Town" value="<?php echo $row['town'];?>" />
    <br /><br />
    <label>County :</label>
    <input type="text" name="county" required="required" placeholder="Please Enter County" value="<?php echo $row['county'];?>" />
    <br /><br />
    <label>Postcode :</label>
    <input type="text" name="postcode" required="required" placeholder="Please Enter Postcode" value="<?php echo $row['postcode'];?>" />
    <br /><br />
    <label>Telephone Number :</label>
    <input type="text" name="telnumber" required="required" placeholder="Please Enter Telephone Number" value="<?php echo $row['telnumber'];?>" />
    <br /><br />
    <label>Mobile Number :</label>
    <input type="text" name="mobnumber" required="required" placeholder="Please Enter Mobile Number" value="<?php echo $row['mobnumber'];?>" />
    <br /><br />
    <label>Model of Car/Van :</label>
    <input type="text" name="model" required="required" placeholder="Please Enter Model of Car/Van" value="<?php echo $row['model'];?>" />
    <br /><br />
    <label>Car Tax Renewal Date :</label>
    <input type="text" id="datepicker" name="tax" required="required" placeholder="Please Enter your Car Tax Renewal Date" value="<?php echo $row['tax'];?>" />
    <br /><br />
    <label>MOT Renewal Date :</label>
    <input type="text" id="datepicker2" name="mot" required="required" placeholder="Please Enter your Car MOT Renewal Date" value="<?php echo $row['mot'];?>" />
    <br /><br />
    <label>Insurance Renewal Date :</label>
    <input type="text" id="datepicker3" name="insurance" required="required" placeholder="Please Enter your Car Insurance Renewal Date" value="<?php echo $row['insurance'];?>" />
    <br />
    <input type="submit" name="submit value" value="Update">
    </form>
     
    <?php
    }
    ?>
     
    <?php
     
    //close the connection
    mysqli_close($db);
    ?>
    I am getting the following errors

    Notice: Undefined index: insurance in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/the-tax-elephants/edit-profile.php on line 88 Notice: Undefined index: mot in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/the-tax-elephants/edit-profile.php on line 89 Notice: Undefined index: tax in /home/sites/broadwaymediadesigns.co.uk/public_html/sites/the-tax-elephants/edit-profile.php on line 90

  2. #2
    Join Date
    Aug 2013
    Posts
    86
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Your problem is from query statement, you have to include

    insurance, mot, tax in the select statement as follow

    Code:
    
    
      
    $sql = "SELECT   insurance, mot, tax,
            u.id 
            , name 
            , email 
            , address1 
            , address2 
            , town 
            , county 
            , postcode 
            , telnumber 
            , mobnumber 
            , model 
            , numplate 
            , DATE_FORMAT(renewal_date, '%e %M %Y') 
            FROM users u 
            INNER JOIN renewal USING (id) 
            INNER JOIN item USING (item_id) 
            WHERE id='$id'";
    Again, you are making a direct insertion to database thus making your applications vulnerable to sql injection Attack.
    You can escape variable id with mysqli_real_escape_string() function. Since you are outputting your records, you have to prevent XSS Attack using either htmlspecialchars() or htmlentities().

    if this solve your problem, let me know. Thanks

Similar Threads

  1. Replies: 3
    Last Post: 01-11-2014, 05:16 PM
  2. PHP Page Access & Edit
    By jcdesigns in forum PHP
    Replies: 12
    Last Post: 01-06-2012, 06:06 AM
  3. Replies: 53
    Last Post: 01-26-2011, 08:14 PM
  4. Profile page help.
    By Jeffreyv1987 in forum PHP
    Replies: 2
    Last Post: 10-05-2010, 02:33 PM
  5. edit page
    By sukanya.paul in forum PHP
    Replies: 2
    Last Post: 04-02-2007, 05:27 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •