hi there sammysweetheart,

Welcome to the forum!

Couple of issues.

firstly

First Query:-

require_once('auth.php');

DATABASE INFO IS HERE....

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$sql = "SELECT * FROM `".$tbl_name."` WHERE `member_id`= '".$member_id."' ";
$result = mysql_query($sql) or die(mysql_error());

Change the query to what I have quoted there, your vars needed concatenating properly, assuming that those vars come from the require_once file call..

Secondly

I have rewritten this part correctly for you ;-p
For form processing, use the $_POST global to access the form submitted data.

if(isset($_POST['submit']) && ($_POST['submit'] == "submit")){
for($i=0;$i<$count;$i++){

$sql1 = "UPDATE `members` SET `firstname` = '".$firstname[$i]."', `middlename` = '".$middlename[$i]."', `lastname` = '".$lastname[$i]."', `street` = '".$street[$i]."', `street2` = '".$street2[$i]."', `city` = '".$city[$i]."', `state` = '".$state[$i]."', `zip` = '".$zip[$i]."', `country` = '".$country[$i]."', `primaryphone` = '".$primaryphone[$i]."', `otherphone` = '".$otherphone[$i]."', `fax` = '".$fax[$i]."', `email` = '".$email[$i]."', `login` = '".$login[$i]."', `emailopt` = '".$emailopt[$i]."', WHERE `member_id` = '".$member_id[$i]."' ";
$result1 = mysql_query($sql1) or die(mysql_error());
}
}

I have notice that all of the vars you have placed into the query are based on registered globals, which not all servers turn on in the ini file, you really had better access the global $_POST array by doing : $_POST['firstname'], etc, hopefully you can see what I mean there, but if your registered globals are set and the form is processed, that query might now work.

The form needs to be caught by the submit button, that's why I have done the isset() && clause.

Hopefully the form & post capture and update are all in the same file, as the action attribute in the <form> is not set, so by default it will post to itself (safer than $_SERVER['PHP_SELF'] anyway!)

Sorry if I have confused you at all there, I'm just trying to point out some good practise stuff there.

[EDIT] OOp's

Almost forgot to say (Apart from being quite tired and bleary eyed) when passing data from a form to mysql query, make sure that the data is cleaned/sanitised first, this will help prevent any malicious code injection to your site:-

mysql_real_escape_string(strip_tags($_POST['element_name_as _example']))

Just a pointer, check the functions out on php.net....

Cheers & good luck with the project,
MRb

Thanks, Matthew. Okay, I posted the two changes you asked me to make, but it still seems to not be working. Perhaps it's as you said, where hitting Submit is just posting to itself since the Form has no action. Am I missing something? It appears as if the page just refreshes.


Sorry to post it all again, but this is updated:

<?php
require_once('auth.php');

DATABASE INFO

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$sql = "SELECT * FROM `".$tbl_name."` WHERE `member_id`= '".$member_id."' ";
$result = mysql_query($sql) or die(mysql_error());

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Account Information</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Account Information</h1>

<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="form" method="post" action="">
<tr>
<td>
<table width="500" border="0" cellspacing="1" cellpadding="0">
<tr><td align="center"<strong>Member ID:</strong></td>
<td align="center"><? $member_id[]=$_SESSION['SESS_MEMBER_ID']; ?><? echo $_SESSION['SESS_MEMBER_ID']; ?></td>
</tr>
<tr><td align="center"><strong>First Name:</strong></td>
<td align="center"><input name="name" type="text" id="firstname" value="<?php echo $_SESSION['SESS_FIRST_NAME'];?>"></td>
</tr>
<tr><td align="center"><strong>Middle Name:</strong></td>
<td align="center"><input name="middlename" type="text" id="middlename" value="<?php echo $_SESSION['SESS_MIDDLE_NAME'];?>"></td>
</tr>
<tr><td align="center"><strong>Last Name:</strong></td>
<td align="center"><input name="lastname" type="text" id="lastname" value="<?php echo $_SESSION['SESS_LAST_NAME'];?>">
</tr>
<tr><td align="center"><strong>Street:</strong></td>
<td align="center"><input name="street" type="text" id="street" value="<?php echo $_SESSION['SESS_STREET'];?>"></td>
</tr>
<tr><td align="center"><strong>Street 2:</strong></td>
<td align="center"><input name="street2" type="text" id="street2" value="<?php echo $_SESSION['SESS_STREET2'];?>"></td>
</tr>
<tr><td align="center"><strong>City:</strong></td>
<td align="center"><input name="city" type="text" id="city" value="<?php echo $_SESSION['SESS_CITY'];?>"></td>
</tr>
<tr><td align="center"><strong>State:</strong></td>
<td align="center"><input name="state" type="text" id="state" value="<?php echo $_SESSION['SESS_STATE'];?>"></td>
</tr>
<tr><td align="center"><strong>Zip Code:</strong></td>
<td align="center"><input name="zip" type="text" id="zip" value="<?php echo $_SESSION['SESS_ZIP'];?>"></td>
</tr>
<tr><td align="center"><strong>Country:</strong></td>
<td align="center"><input name="country" type="text" id="country" value="<?php echo $_SESSION['SESS_COUNTRY'];?>"></td>
</tr>
<tr><td align="center"><strong>Birth Month:</strong></td>
<td align="center"><input name="birthmonth" type="text" id="birthmonth" value="<?php echo $_SESSION['SESS_BIRTH_MONTH'];?>"></td>
</tr>
<tr><td align="center"><strong>Birth Day:</strong></td>
<td align="center"><input name="birthday" type="text" id="birthday" value="<?php echo $_SESSION['SESS_BIRTH_DAY'];?>"></td>
</tr>
<tr><td align="center"><strong>Birth Year:</strong></td>
<td align="center"><input name="birthyear" type="text" id="birthyear" value="<?php echo $_SESSION['SESS_BIRTH_YEAR'];?>"></td>
</tr>
<tr><td align="center"><strong>Primary Phone:</strong></td>
<td align="center"><input name="primaryphone" type="text" id="primaryphone" value="<?php echo $_SESSION['SESS_PRIMARY_PHONE'];?>"></td>
</tr>
<tr><td align="center"><strong>Other Phone:</strong></td>
<td align="center"><input name="otherphone" type="text" id="otherphone" value="<?php echo $_SESSION['SESS_OTHER_PHONE'];?>"></td>
</tr>
<tr><td align="center"><strong>Fax:</strong></td>
<td align="center"><input name="fax" type="text" id="fax" value="<?php echo $_SESSION['SESS_FAX'];?>"></td>
</tr>
<tr><td align="center"><strong>E-mail:</strong></td>
<td align="center"><input name="email" type="text" id="email" value="<?php echo $_SESSION['SESS_EMAIL'];?>"></td>
</tr>
<tr><td align="center"><strong>Username:</strong></td>
<td align="center"><? echo $_SESSION['SESS_LOGIN']; ?></td>
</tr>
<tr><td align="center"><strong>E-MAIL Opt:</strong></td>
<td align="center"><input name="emailopt" type="text" id="emailopt" value="<?php echo $_SESSION['SESS_EMAIL_OPT'];?>"></td>
</tr>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
if(isset($_POST['submit']) && ($_POST['submit'] == "submit")){
for($i=0;$i<$count;$i++){

$sql1 = "UPDATE `members` SET `firstname` = '".$firstname[$i]."', `middlename` = '".$middlename[$i]."', `lastname` = '".$lastname[$i]."', `street` = '".$street[$i]."', `street2` = '".$street2[$i]."', `city` = '".$city[$i]."', `state` = '".$state[$i]."', `zip` = '".$zip[$i]."', `country` = '".$country[$i]."', `primaryphone` = '".$primaryphone[$i]."', `otherphone` = '".$otherphone[$i]."', `fax` = '".$fax[$i]."', `email` = '".$email[$i]."', `login` = '".$login[$i]."', `emailopt` = '".$emailopt[$i]."', WHERE `member_id` = '".$member_id[$i]."' ";
$result1 = mysql_query($sql1) or die(mysql_error());
}
}

if($result1){
header("location:member-account.php");
}
mysql_close();
?>


<br>
<a href="logout.php">Logout</a>
<p>This is a password protected area only accessible to members. </p>
</body>
</html>

hi there sammysweetheart,

Right then, debug time :-p

if(isset($_POST['submit']) && ($_POST['submit'] == "submit"))
{
print_r($_POST)
exit;

Use this to see if the submit actually sends the form, oh and as this posts to itself, just put the file name of the script into the action attribute of the form tag (action="thisfile.php") make sure as it is a php file extension and the name of the file contains the code your editing.

Doing this will then a) give the form a reference to exectute and b) the print_r() will print out all the elements in array format that have been sent to the if(isset($_POST['submit']) && ($_POST['submit'] == "submit")) clause in the script.

if there is nothing printed, there is a problem..the form isn't submitting, though I *hope* that's not the case.

and as you are using sessions, have you started the session anywhere? that might sound silly, but people forget every so often..

Hopefully that makes sense to you..

Start there, trace the data from source to end... One thing at a time ;-p

[EDIT] Are you just trying to update the sql from this form if so, why do you need a loop, it only needs a single UPDATE query, as the structure for the loop is wrong I think :/ I think I will read this again tomorrow to see what I am missing/overlooking now, but I'm pretty sure that the for($i = 0 $i<$count) is serving no purpose - though I could be wrong.

Cheers,
MRb

Thanks, Matthew for your patients. I have spent a long time on this and it's driving me insane. So you're saying replace:

if(isset($_POST['submit']) && ($_POST['submit'] == "submit")){
for($i=0;$i<$count;$i++){


with


if(isset($_POST['submit']) && ($_POST['submit'] == "submit"))
{
print_r($_POST)
exit;

Then put the filename.php in the form action. Am I right?

Here's a rundown of what I'm trying to do: A user signs up on a registration page. They then sign in and visit their account page, THIS PAGE, which features all of the info they registered with. This info can be updated as they see fit.

Also, thanks for the advice earlier on the security. Are you saying to do this?

mysql_real_escape_string(strip_tags($_POST['SESS_EMAIL_OPT']))

Then just do that for all my form elements. Should I add that at the end of the script or beginning?

Thanks for your patients. You really are helpful.

Hi there sammysweetheart,

Ok, understood, this now proves as my last thought was correct, there is no need at all for the loop, as you are submitting from a form, the data submitted then gets sent to a db to update the settings.

View database content before submit

//Call db info for user
require_once('auth.php');

DATABASE INFO

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$sql = "SELECT * FROM `".$tbl_name."` WHERE `member_id`= '".$member_id."' ";
$result = mysql_query($sql) or die(mysql_error());

//Data fetched and held in $result
//Now process data

while($user_data = mysql_fetch_object($result))
{
//Break tags just so that html is easier to format, please note as this is just an example so that you understand how the data is retrieved FROM the database to POPULATE the form in the first place
?>
<form action="filename.php" method="post">
<input type="text" name="member_id" value="<?php echo $user_data->member_id;?>"><br/>
<input type="text" name="firstname" value="<?php echo $user_data->firstname;?>"><br/>
<input type="submit" name="submit" value="submit">
</form>
<?php

}
This will pull two values from the DB and place them into the text area's, you should be able to add the rest of the form from this example

Now with the form & page constructed correctly, the submit will now hold the values (and the sessions you set are blank too by the looks of it - one step at a time)

Now for handling the submit:

if(isset($_POST['submit']) && ($_POST['submit'] == "submit")){
//print_r($_POST); uncomment to debug this process, just print the content of the array

$sql1 = "UPDATE `members` SET `firstname` = '".mysql_real_escape_string(strip_tags($_POST['firstname']))."', `middlename` = '".mysql_real_escape_string(strip_tags($_POST['middlename']))."' (... fill in the rest from the first example), WHERE `member_id` = '".mysql_real_escape_string(strip_tags($_POST['member_id']))."' ";
$result1 = mysql_query($sql1) or die(mysql_error());
}


if($result1){
header("location:member-account.php");
}
mysql_close();

From that example, you should be able to fill in the gaps from the examples above [anyone else reading this feel free to point out errors please ;-p]

Hopefully I have covered everything as you need to at least pull the data & then update.

There are many moments in coding (not just php, I struggle in C & Java) when you feel like throwing the laptop at the wall, but these moments are far out weighed by the feeling of getting somewhere when you succeed, perseverence, this is the key to success, as well as a pot of coffee ;-p

Good luck,

Cheers,

MRb

Thanks, Matthew. I'll try this and hopefully it works!

Hi there sammysweetheart,

I have over looked one thing from your first post:-

// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die(mysql_error());
mysql_select_db("$db_name",, $conn);

$sql = "SELECT * FROM `".$tbl_name."` WHERE `member_id`= '".$member_id."' ";
$result = mysql_query($sql, $conn) or die(mysql_error());

I hadn't noticed until just that the 'mysql_connect' wasn't attached to a reference, so the mysql_query hadn't got a reference to a connection. Subsequent mysql_query(); calls will 'inherit' the connection data from the first instance, if I'm wrong about this, someone will correct me ;-p But this method works on my own stuff.

Other than this point, good luck for the rest of the project.

Cheers,
MRb

yes, the connection portion of the function call is optional and will use the last opened connection, it isn't an issue unless you have more than one connection open at any given time.

Hi there Jatar_K,

Thanks for the clarification, I guessed as it was something like that.

Cheers,
MRb