Link to home
Start Free TrialLog in
Avatar of TimDunton
TimDuntonFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Update record form by username and password

I'm new to Dreamweaver and Iweb-dev, 'm sure I'm overlooking something really simple and need some help please. I have created a user login form, an update record form, a delete record form etc in Dreamweaver CS$. All the functionality is working fine but I'm stuck on something and can't seem to find an answer anywhere.

I would like users to be able to update their own records without the user_id.

Ideally I would like users to enter their username and password (as with the login form) then retrieve their own details by automatically populating the update record form so they can make their amendments then click update.

At the moment, the update record form can only be populated by linking to it from a user list and obviously I don't want an individual user to see all other users' details.

I'm guessing I'm missing something very simple but maybe that's because I am very simple!

In simple terms, I would like to use a user-defined variable(his/her own user_id) to populate the client record form and for that variable to be defined by entering username and password. (I hope that makes sense!).

Thanks in advance for any help you can offer.
SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TimDunton
TimDunton
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hello again Jason, thanks.

Unfortunately, I've been sitting here pulling my hair out for hours trying to work this out.  I've used the login behaviour  and can get the data to the update form (I can echo it) but I can't work out how to populate the form automatically. As you know I've never done this before so I'm not sure if I'm even doing the basic stuff right.I've now cleared most of the php that was entered through a DW wizrd from the update record form page but I can't work it out.

As mentioned, I would like to auto-populate the form by user_id

Advice in simple terms would be good, I've posted the code.... Please help, thanks.   
USER LOGIN PAGE:
 
 
<?php require_once('Connections/connpbw.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
 
mysql_select_db($database_connpbw, $connpbw);
$query_rsUsers = "SELECT * FROM users";
$rsUsers = mysql_query($query_rsUsers, $connpbw) or die(mysql_error());
$row_rsUsers = mysql_fetch_assoc($rsUsers);
$totalRows_rsUsers = mysql_num_rows($rsUsers);
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}
 
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
 
if (isset($_POST['email'])) {
  $loginUsername=$_POST['email'];
  $password=$_POST['pwd'];
  $MM_fldUserAuthorization = "admin_priv";
  $MM_redirectLoginSuccess = "home.html";
  $MM_redirectLoginFailed = "loginform.php";
  $MM_redirecttoReferrer = true;
  mysql_select_db($database_connpbw, $connpbw);
  	
  $LoginRS__query=sprintf("SELECT email, pwd, admin_priv, user_id FROM users WHERE email=%s AND pwd=%s",
  GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $connpbw) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
    
    $loginStrGroup  = mysql_result($LoginRS,0,'admin_priv');
	$loginUserID  = mysql_result($LoginRS,0,'user_id');
    
    //declare two session variables and assign them I ADDED USER_ID
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	  
	$_SESSION['MM_User_ID'] = $loginUserID;	
 
    if (isset($_SESSION['PrevUrl']) && true) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PBW SITE</title>
<script type="text/javascript">
function mypopup(video)
 {
     mywindow = window.open("player.html?v=" + video, "mywindow", "toolbar=no,location=no,status=no,scrollbars=no, width=425,height=344");
 
 }
</script>
<script src="Scripts/AC_ActiveX.js" type="text/javascript"></script>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<link href="pbw site.css" rel="stylesheet" type="text/css" />
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
#wineList {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 14px;
	margin-top: 0px;
	margin-right: 0px;
	margin-bottom: 10px;
	margin-left: 0px;
}
body {
	margin-top: 0px;
}
.content_div {
	background-color: #E8E8E8;
}
#wrap #content_div {
	background-color: #E8E8E8;
	white-space: nowrap;
}
#content_div {
	background-color: #E8E8E8;
}
 
-->
</style>
<!-- TemplateParam name="width" type="text" value="475" -->
</head>
 
<body>
 
<div id="wrap">
<script type="text/javascript">
 
</script>
<?php include("includes/header.php"); ?>
 
<div id="content_div">
  <p class="content">Please Log In. </p>
<form id="form1" name="form1" method="POST" action="<?php echo $loginFormAction; ?>">
    <table border="0">
      <tr>
        <td class="content">Email:</td>
        <td><input type="text" name="email" id="email" tabindex="10" /></td>
      </tr>
      <tr>
        <td><span class="content">Password</span>:</td>
        <td><input type="password" name="pwd" id="pwd" tabindex="20" /></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><input name="submit" type="submit" class="content" id="submit" tabindex="30" value="Log In" /></td>
      </tr>
    </table>
  </form>
<p><a href="register.php">Not a registered user? Click here to REGISTER</a></p>
<p>&nbsp;</p>
  
</div>
 
<?php include("includes/footer.php"); ?>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($rsUsers);
?>
 
 
 
UPDATE RECORD PAGE:
 
 
<?php require_once('Connections/connpbw.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
 
$colname_Recordset1 = "-1";
if (isset($_SESSION['user_id'])) {
  $colname_Recordset1 = $_SESSION['user_id'];
}
mysql_select_db($database_connpbw, $connpbw);
$query_Recordset1 = sprintf("SELECT * FROM users WHERE user_id = %s", GetSQLValueString($colname_Recordset1, "int"));
$Recordset1 = mysql_query($query_Recordset1, $connpbw) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php session_start(); ?>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PBW SITE</title>
<script type="text/javascript">
function mypopup(video)
 {
     mywindow = window.open("player.html?v=" + video, "mywindow", "toolbar=no,location=no,status=no,scrollbars=no, width=425,height=344");
 
 }
</script>
<script src="Scripts/AC_ActiveX.js" type="text/javascript"></script>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<link href="pbw site.css" rel="stylesheet" type="text/css" />
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
 
-->
</style>
<!-- TemplateParam name="width" type="text" value="475" -->
</head>
 
<body>
 
<div id="wrap">
<script type="text/javascript">
 
</script>
<?php include("includes/header.php"); ?>
<form action="<?php echo $editFormAction; ?>" method="POST" name="userUpdateRecord" class="form_background" id="userUpdateRecord">
  <table width="982" border="0" class="form_background">
    <tr>
      <td bgcolor="#CCCCCC" class="form_background">&nbsp;</td>
    </tr>
  </table>
  <table align="center" class="form_format">
    <tr valign="baseline">
      <td height="25" colspan="2" align="center"  fontsize="18" nowrap="nowrap" class="form_Title">  User Account Updater </td>
      </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">User ID:</td>
      <td width="250">=       <input name="title_id" type="hidden" id="title_id" value="<?php echo $row_Recordset1['user_id']; ?>" /></td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Date Registered:</td>
      <td width="250" >       <input name="hiddenField" type="hidden" id="hiddenField" /></td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Email:</td>
      <td width="250">        <input name="email" type="text" value="<?php echo $row_Recordset1['email']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Pwd:</td>
      <td width="250">        <input type="password" name="pwd" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">First Name:</td>
      <td width="250">        <input type="text" name="first_name" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Last Name:</td>
      <td width="250">        <input type="text" name="last_name" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Country:</td>
      <td width="250">        <input type="text" name="country" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Telephone:</td>
      <td width="250">        <input type="text" name="telephone" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250" valign="baseline"><input name="wineExperience" type="hidden" id="wineExperience" />
        <input name="news" type="hidden" id="news" />
        <input name="offers" type="hidden" id="offers" />
        <input name="advice" type="hidden" id="advice" />
        <input name="hiddenField2" type="hidden" id="hiddenField2" /></td>
    </tr>
    <tr valign="baseline">
<td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250">&nbsp;</td>
    </tr>
    <tr valign="baseline">
      <td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250"><input type="submit" value="Update record" /></td>
    </tr>
    <tr valign="baseline">
      <td align="right" nowrap="nowrap">&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
  <p>&nbsp;</p>
  <p>
    <input type="hidden" name="user_id" value="<?php echo $row_rsUser['user_id']; ?>" />
  </p>
  <input type="hidden" name="MM_update" value="userUpdateRecord" />
</form>
<?php echo $_SESSION['MM_Username'];
?>
<br />
<?php echo $_SESSION['MM_UserGroup'];
?>
<br />
<?PHP echo $_SESSION['MM_User_ID'];
?>
 
 
<?php include("includes/footer.php"); ?>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Open in new window

SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TimDunton
TimDunton
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Thanks Jason,

I had the <?php session_start(); ?> in the head section, the form is populating but I have another issue... The form is no longer updating the database. What have I done now?

The form seems to be submitting but the records aren't changing

By the way, thank God for you... My question was on there for many painful hours until you came on. Thanks again.
<?php session_start(); ?>
<?php require_once('Connections/connpbw.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }
 
  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
 
  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
 
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
 
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "userUpdateRecord")) {
  $updateSQL = sprintf("UPDATE users SET email=%s, pwd=%s, first_name=%s, last_name=%s, country=%s, telephone=%s, wineExperience=%s, news=%s, offers=%s, advice=%s WHERE user_id=%s",
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['pwd'], "text"),
                       GetSQLValueString($_POST['first_name'], "text"),
                       GetSQLValueString($_POST['last_name'], "text"),
                       GetSQLValueString($_POST['country'], "text"),
                       GetSQLValueString($_POST['telephone'], "text"),
                       GetSQLValueString($_POST['wineExperience'], "text"),
                       GetSQLValueString($_POST['news'], "text"),
                       GetSQLValueString($_POST['offers'], "text"),
                       GetSQLValueString($_POST['advice'], "text"),
                       GetSQLValueString($_POST['user_id'], "int"));
 
  mysql_select_db($database_connpbw, $connpbw);
  $Result1 = mysql_query($updateSQL, $connpbw) or die(mysql_error());
 
  $updateGoTo = "userupdate.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}
 
$colname_Recordset1 = "-1";
if (isset($_SESSION['MM_User_ID'])) {
  $colname_Recordset1 = $_SESSION['MM_User_ID'];
}
mysql_select_db($database_connpbw, $connpbw);
$query_Recordset1 = sprintf("SELECT * FROM users WHERE user_id = %s", GetSQLValueString($colname_Recordset1, "int"));
$Recordset1 = mysql_query($query_Recordset1, $connpbw) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
 
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PBW SITE</title>
<script type="text/javascript">
function mypopup(video)
 {
     mywindow = window.open("player.html?v=" + video, "mywindow", "toolbar=no,location=no,status=no,scrollbars=no, width=425,height=344");
 
 }
</script>
<script src="Scripts/AC_ActiveX.js" type="text/javascript"></script>
<script src="Scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<link href="pbw site.css" rel="stylesheet" type="text/css" />
<link href="SpryAssets/SpryValidationTextField.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
body {
	margin-top: 0px;
}
 
-->
</style>
<!-- TemplateParam name="width" type="text" value="475" -->
</head>
 
<body>
 
<div id="wrap">
<script type="text/javascript">
 
</script>
<?php include("includes/header.php"); ?>
<form action="<?php echo $editFormAction; ?>" method="POST" name="userUpdateRecord" class="form_background" id="userUpdateRecord">
  <table width="982" border="0" class="form_background">
    <tr>
      <td bgcolor="#CCCCCC" class="form_background">&nbsp;</td>
    </tr>
  </table>
  <table align="center" class="form_format">
    <tr valign="baseline">
      <td height="25" colspan="2" align="center"  fontsize="18" nowrap="nowrap" class="form_Title">  User Account Updater </td>
      </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">User ID:</td>
      <td width="250"><?php echo $row_Recordset1['user_id']; ?></td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Date Registered:</td>
<td width="250" ><?php echo $row_Recordset1['date_registered']; ?></td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Email:</td>
      <td width="250">        <input name="email" type="text" value="<?php echo $row_Recordset1['email']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Pwd:</td>
      <td width="250">        <input name="pwd" type="password" value="<?php echo $row_Recordset1['pwd']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">First Name:</td>
      <td width="250">        <input name="first_name" type="text" value="<?php echo $row_Recordset1['first_name']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Last Name:</td>
      <td width="250">        <input name="last_name" type="text" value="<?php echo $row_Recordset1['last_name']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Country:</td>
      <td width="250">        <input name="country" type="text" value="<?php echo $row_Recordset1['country']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" height="25" align="right" nowrap="nowrap">Telephone:</td>
      <td width="250">        <input name="telephone" type="text" value="<?php echo $row_Recordset1['telephone']; ?>" size="32" />      </td>
    </tr>
    <tr valign="baseline">
      <td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250" valign="baseline"><input name="wineExperience" type="hidden" id="wineExperience" value="<?php echo $row_Recordset1['wineExperience']; ?>" />
        <input name="news" type="hidden" id="news" value="<?php echo $row_Recordset1['news']; ?>" />
        <input name="offers" type="hidden" id="offers" value="<?php echo $row_Recordset1['offers']; ?>" />
        <input name="advice" type="hidden" id="advice" value="<?php echo $row_Recordset1['advice']; ?>" />
        <input name="hiddenField2" type="hidden" id="hiddenField2" /></td>
    </tr>
    <tr valign="baseline">
<td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250">&nbsp;</td>
    </tr>
    <tr valign="baseline">
      <td width="250" align="right" nowrap="nowrap">&nbsp;</td>
      <td width="250"><input name="update" type="submit" id="update" value="Update record" /></td>
    </tr>
    <tr valign="baseline">
      <td align="right" nowrap="nowrap">&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
  </table>
  <p>&nbsp;</p>
  <p>
    <input type="hidden" name="user_id" value="<?php echo $row_rsUser['user_id']; ?>" />
  </p>
  <input type="hidden" name="MM_update" value="userUpdateRecord" />
</form>
<?php echo $_SESSION['MM_Username'];
?>
<br />
<?php echo $_SESSION['MM_UserGroup'];
?>
<br />
<?PHP echo $_SESSION['MM_User_ID'];
?>
 
 
<?php include("includes/footer.php"); ?>
<p>&nbsp;</p>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of TimDunton
TimDunton
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

I suppose that's what happens when you' start tampering with things you don't understand!

Many thanks you've done it again, you should wear a cloak!