Updating a restriced page
Hello all,
I have a site which allows members to enter their profile. The profile contents go into a MySQL database and are displayed as php pages in the site.
I want to allow my users to be able to update their profile - but want to allow them only to be able to access their particular page/profile on the database and not have access to the other profiles within the database.
Instead of a password and username, I want the person just to enter their email address and then be taken to the profile featuring that particulat email address in the database (their profile).
The email address would be the unique identifier in this case.
I have created a simple update record form but I don't know how I would create a page that asks for an email address and then (if a valid email address is supplied) takes the member to the database page with the matching email address.
Any thoughts or ideas on this one would be greatly appreciated.
Thanks
Adam
I have a site which allows members to enter their profile. The profile contents go into a MySQL database and are displayed as php pages in the site.
I want to allow my users to be able to update their profile - but want to allow them only to be able to access their particular page/profile on the database and not have access to the other profiles within the database.
Instead of a password and username, I want the person just to enter their email address and then be taken to the profile featuring that particulat email address in the database (their profile).
The email address would be the unique identifier in this case.
I have created a simple update record form but I don't know how I would create a page that asks for an email address and then (if a valid email address is supplied) takes the member to the database page with the matching email address.
Any thoughts or ideas on this one would be greatly appreciated.
Thanks
Adam
ASKER
Thanks alexhogan for the quality and detailed explaination. I am afraid to say, however, I only undertsood part of the detailed response, as I have a very limited understanding of programming in general. I have no doubt it is a fully workable and correct solution, only I am not skilled enough to implement it.
As I am in no way confident of my programming abilities here, I thought I could (as you mentioned some would suggest) go straight into the edit page using the code you provided and set up the following basic page trying to do just that ( For my immediate needs this will suffice -walk before you can run and all that).:
<?php require_once('Connections/
<?php
mysql_select_db($database_
$query_rsupdate = "SELECT * FROM TestTable WHERE TestTable.contactmail = $POST['email'];"
$rsupdate = mysql_query($query_rsupdat
$row_rsupdate = mysql_fetch_assoc($rsupdat
$totalRows_rsupdate = mysql_num_rows($rsupdate);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="post" action="updatetest.php">
<p>
<input name="email" type="text" id="email">
</p>
<p> </p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
<p> </p>
</form>
</body>
</html>
<?php
mysql_free_result($rsupdat
?>
On this example I had hoped to be directed to the updatetest.php page.
contactmail is the database row and email is form textfield name.
This however, returned the error;
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE,
The only actually coding I attempted (via the Dreamweaver recordset) was, as you instructed; $query_rsupdate = "SELECT * FROM TestTable WHERE TestTable.contactmail = $POST['email'];"
but I'm still failing to get that to work. I'm stopping for Lunch now, and hope to come back feed and inspired.
Thanks again.
As I am in no way confident of my programming abilities here, I thought I could (as you mentioned some would suggest) go straight into the edit page using the code you provided and set up the following basic page trying to do just that ( For my immediate needs this will suffice -walk before you can run and all that).:
<?php require_once('Connections/
<?php
mysql_select_db($database_
$query_rsupdate = "SELECT * FROM TestTable WHERE TestTable.contactmail = $POST['email'];"
$rsupdate = mysql_query($query_rsupdat
$row_rsupdate = mysql_fetch_assoc($rsupdat
$totalRows_rsupdate = mysql_num_rows($rsupdate);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="post" action="updatetest.php">
<p>
<input name="email" type="text" id="email">
</p>
<p> </p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
<p> </p>
</form>
</body>
</html>
<?php
mysql_free_result($rsupdat
?>
On this example I had hoped to be directed to the updatetest.php page.
contactmail is the database row and email is form textfield name.
This however, returned the error;
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE,
The only actually coding I attempted (via the Dreamweaver recordset) was, as you instructed; $query_rsupdate = "SELECT * FROM TestTable WHERE TestTable.contactmail = $POST['email'];"
but I'm still failing to get that to work. I'm stopping for Lunch now, and hope to come back feed and inspired.
Thanks again.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just ran it. Got :
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
I'm looking into it now.....
Thanks again
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
I'm looking into it now.....
Thanks again
ASKER
Mmm, I seem to be going round and round with this. I've tried using the Dreamweaver Log on Functionality and am able to log on using the email addresses, and arrive at the update screen - which updates. However, I can only arrive at the update screen for the record in the database which is at the top of the database. So basically, no matter who logs in, they get the update record for whoever is top of the database.
I've tried passing it as a URL and a number of different things but as of yet, no joy.
Thanks again for your help though. Calling it a day for today.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Havin_it,
I had it correct...
$query_rsupdate = "SELECT * FROM TestTable WHERE contactmail = ". $POST['email'];
The period (.) at the beginning of the $POST is a concaetenation. In PHP it is not necessary to encapsulate the query expression with quotes like it is in VB. The single quote encapsulated with double quotes does absolutely nothing.
As a follow up the expression;
if($totalRows_rsupdate<1)
header("Location: http://www.example.com/rejected.php");
Yes it needs to be sent before any echo statement but also before any header information is sent. To insure that you don't get a "header inforamation already sent" error you will need to use output buffering. This will allow you to trap any errors on the page and send the user to exactly where you want them.
Arbatrarily putting open ended branching statements with redirection is a bad idea. A better suggestion would've been to put these statements in a config file that controlled all of the redirection based on certain conditions. This will give the developer much more control and maintainability.
I had it correct...
$query_rsupdate = "SELECT * FROM TestTable WHERE contactmail = ". $POST['email'];
The period (.) at the beginning of the $POST is a concaetenation. In PHP it is not necessary to encapsulate the query expression with quotes like it is in VB. The single quote encapsulated with double quotes does absolutely nothing.
As a follow up the expression;
if($totalRows_rsupdate<1)
header("Location: http://www.example.com/rejected.php");
Yes it needs to be sent before any echo statement but also before any header information is sent. To insure that you don't get a "header inforamation already sent" error you will need to use output buffering. This will allow you to trap any errors on the page and send the user to exactly where you want them.
Arbatrarily putting open ended branching statements with redirection is a bad idea. A better suggestion would've been to put these statements in a config file that controlled all of the redirection based on certain conditions. This will give the developer much more control and maintainability.
Alex, It's not so much a question of PHP syntax as of MySQL syntax. In your example, the query string being sent to MySQL is
SELECT * FROM TestTable WHERE contactmail = adam@example.com
whereas mine makes it
SELECT * FROM TestTable WHERE contactmail = 'adam@example.com'
This is just how I've learned it by example in the past, but taking a glance through the MySQL manual section on SELECT queries, the string being searched for (here, the email address) always has single-quotes, which seems quite appropriate when dealing with strings.
You got me bang to rights on the other point, though; I admit it's a quick'n'dirty solution and could do with some form of exception-handling, though within the context of this skeleton script it seemed adequate.
SELECT * FROM TestTable WHERE contactmail = adam@example.com
whereas mine makes it
SELECT * FROM TestTable WHERE contactmail = 'adam@example.com'
This is just how I've learned it by example in the past, but taking a glance through the MySQL manual section on SELECT queries, the string being searched for (here, the email address) always has single-quotes, which seems quite appropriate when dealing with strings.
You got me bang to rights on the other point, though; I admit it's a quick'n'dirty solution and could do with some form of exception-handling, though within the context of this skeleton script it seemed adequate.
ASKER
Thanks both of you for the detailed feedback
Just to update you - I changed the line of code, as suggested and when I entered a valid email address, I was taken to my update page (The Error message did not appear).
Success....I thought.
However, it seems I was directed not to the profile with the corresponding email but still the first profile in the list.
I simply used the action text box in the form properties insepctor to link to my update page. I assume this is correct?
I have also checked and re-checked that my textfield names and columns are correct - they seem to be.
I will now try to find a similar tutorial to see if I can understand what's the problem.
Thanks again, for the ongoing help.
Regards
Adam
Just to update you - I changed the line of code, as suggested and when I entered a valid email address, I was taken to my update page (The Error message did not appear).
Success....I thought.
However, it seems I was directed not to the profile with the corresponding email but still the first profile in the list.
I simply used the action text box in the form properties insepctor to link to my update page. I assume this is correct?
I have also checked and re-checked that my textfield names and columns are correct - they seem to be.
I will now try to find a similar tutorial to see if I can understand what's the problem.
Thanks again, for the ongoing help.
Regards
Adam
Adam,
Are you sending a URL parameter? If you're not then you will always get the first record. You will need to use that URL parameter as your locator to the record you wish to retrieve.
Are you sending a URL parameter? If you're not then you will always get the first record. You will need to use that URL parameter as your locator to the record you wish to retrieve.
ASKER
Thanks Alexhogan
Okay, this I guess, is the problem. Not been doing anything like that...will look at how to that now....
Thanks for the guidance...
Okay, this I guess, is the problem. Not been doing anything like that...will look at how to that now....
Thanks for the guidance...
My post above will guide you through the process.
ASKER
thanks again alexhogan....
However, unfortunately I can't program and really only do things through the Dreamweaver interface so am struggling with your above post.
I've since set up a password function and now use it and the email address to try to log into the specific account(cheers for the advice Havin_it). I have also (I have been failing this all day) set up a simple log-on screen using the dreamweaver login Server Behaviour. I am happy with this and don't really want anything more advanced, but still cant set up the url parameter correctly. Still I'm going to the first profile in the database
I was trying
Update.php?recordID=<?php echo $row_rs1['autonumber']; ?>
With rs1 my record set and autonumber the identifier.
On Update.php I created a filtered recordset selecting the URL as recordID.
Anyway, this also didn't work - no dynamic data appears on the recordset. I've got the feeling that it's only one line of code (the URL Parameter) put in the right place, but I've had that feeling for a few days now (and it's not much of a help)
Anyway, thanks for the continued help, and apologies for not being able to follow your posting.
Regards
Adam
However, unfortunately I can't program and really only do things through the Dreamweaver interface so am struggling with your above post.
I've since set up a password function and now use it and the email address to try to log into the specific account(cheers for the advice Havin_it). I have also (I have been failing this all day) set up a simple log-on screen using the dreamweaver login Server Behaviour. I am happy with this and don't really want anything more advanced, but still cant set up the url parameter correctly. Still I'm going to the first profile in the database
I was trying
Update.php?recordID=<?php echo $row_rs1['autonumber']; ?>
With rs1 my record set and autonumber the identifier.
On Update.php I created a filtered recordset selecting the URL as recordID.
Anyway, this also didn't work - no dynamic data appears on the recordset. I've got the feeling that it's only one line of code (the URL Parameter) put in the right place, but I've had that feeling for a few days now (and it's not much of a help)
Anyway, thanks for the continued help, and apologies for not being able to follow your posting.
Regards
Adam
This is actually pretty easy..,
Create a page with a form that allows the user to enter their email address.
Have the form point to a processing page.
(Some would say that you could go straight to the edit page here but I would disagree. What if you needed to expand the functionality?)
The processing page will use the $POST in the WHERE clause.
example:
"SELECT *
FROM myTable
WHERE emailaddress = ".$POST['emailaddress'];
Now you have a recordset that contains all the users information. You will need to pass that to the page that will be displaying that information, so lets loop through the fields in the recordset.
while($row = mysql_fetch_assoc($stmt)){
$fieldone = $row['fieldone'];
$fieldtwo = $row['fieldtwo'];
$fieldthree = $row['fieldthree'];
....
}
Now you have the contents of the fields in the recordset in variables.
But you need to pass them to another page, so you might consider this;
while($row = mysql_fetch_assoc($stmt)){
$_SESSION['fieldone'] = $row['fieldone'];
$_SESSION['fieldtwo'] = $row['fieldtwo'];
$_SESSION['fieldthree'] = $row['fieldthree'];
....
}
Now you have the values in session objects that you can access from any page.
From here create an edit page that has all the fields that the user can modify and place the values of the corresponding session objects in those page objects. You will probably want to do some validation prior to getting this far but I'm just showing you the basics.
Now when your user makes a change to any of the fields on the edit form you will pass that to a processing page, preferrably the same on you're already using, to do the updating to the database.
I know what you're about to say.., "How can I use the same page? Won't it just do the same thing it did when I first accessed it?"
What we're going to do is have that processing page present different functionality based on what is passed to it.
So, we'll start by writing a switch statement and the first case will be our default. That default case will fire whenever none of the other case requirements are met. What are the case requirements? Its going to be a URL parameter. When you come in from the first page your not going to pass a parameter in the action method of the form tag. When, however you come in from the edit page let's pass a parameter of 1. So the action method of the form tag would look something like this, action="myProcessingPage.p
In the processing page we have the following;
if(!empty($_GET['param']))
$param = $_GET['param'];
}
Now remember empty() will register a 0 as a value, so param=0 will return as not empty.
Our switch statement would look like this;
switch($param){
default:
// This will process the initial values of the users email address
break;
case 1:
// Here you will place the code to process the updates from the user
break;
}
And that about wraps it up...
As you can see you can now use the same processing page to process a number of requests to the database from any number of your forms. This will allow you greater flexibility when modifying the code and expanding functionality. Plus now you only have to look in one place to see your code for database transactions.