Directly accessing a specific record - how?
05-04-2005, 05:51 AM
|
Directly accessing a specific record - how?
|
Posts: 36
|
Hi Guys,
Unfortunately, I can not program in PHP at all, and have been soley using dreamweaver for my purpose. As such, I am running into some problems....
For a few days now I have been trying to do what I suspected isn't too difficult - but have continually failed in my attempts 
I have a MySQL database of user profiles. I want my users to be able to access their profiles and update them (PHP). I only want them to be able to access and update their own profiles.
Basically I want to have the user log in (with their password and email address) and go directly to the update page of the record corresponding to their entered password and email.
I have managed to create the log-on page and have also created an update page, however when the user logs on they are not directed to their corresponding record, rather the first record on the database.....
I have tried a couple of things. (none of which worked).
Firstly I created a log-on screen using the dreamweaver new login server behaviour (using a password and email as the logon requirements).
This worked to an extent but when the user logged on, they were not directed to the record with the corresponding email and password, rather the first database record entry. After a bit of searching around, I came to gather that I need to send a URL Parameter and used a method similar to one I saw in the Master_detail tutorial in the dreamweaver developer area. However I could not get it to work to my needs.
My second attempt was to create a form with the following SQL Statement SELECT *
FROM TestTable
WHERE contactmail = '". $POST['email']. AND password = . $POST['password'].'"
But again, the URL parameter caused me problems.
Any suggestions or advice would be greatly appreciated.
Thanks |
|
|
|
|
05-04-2005, 03:27 PM
|
|
Posts: 548
Location: CT, USA
|
Normally when pulling a "specific" row from a table you would use a UNIQUE ID number.
Such as: SELECT * FROM TestTable where user_id='1'
In your case, You would want to have a unique identifier. Maybe the email address.
So for your sql it would be:
SELECT * FROM TestTable WHERE user_email='$_POST[email]';
Can You post your form?
__________________
Please login or register to view this content. Registration is FREE - 100 Satisfied Customers - Custom Programming and Web Development
|
|
|
|
|
05-05-2005, 08:16 AM
|
thanks
|
Posts: 36
|
Thanks ACJavascript!
I managed to figure it out using a lot of the Dreamweaver built in wizardry (although I know I should really try to work out some code).
Thanks for your feedback anyway - Much appreciated.
Have a good day!
|
|
|
|
|
05-06-2005, 08:02 AM
|
Aarrrghhhh...not...wroking...properly.....
|
Posts: 36
|
Eeeek, testing has revealed that my little set up isn't working properly. Basically, this is what I have done so far:
I created a simple form with 2 text areas.
One textfield called PasswordID and the other textfield called contactID
The form action specified in the property inspector goes to Update.php
In Update.php I created a another form, and in it, textfields corresponding to the values I would want the user to be able to edit.
I then created a recordset (Bindings, +, Recordset(query).
I selected the ADVANCED recordset view and entered the following SQL
SELECT *
FROM TestTable
WHERE password = 'colname' AND contactmail = 'colnames'
Under variables I entered the following:
Name Default Value Run-time Value
colname 1 $_POST['passwordID']
colnames 1 $_POST['contactID']
Now in order to ensure that anyone who entered incorrect password and email details gets directed to another page I put in this line
if($totalRows_rsupdate<1)
header("Location: http://www.example.com/rejected.php");
just before the php code ended.
So, this worked and if the user entered the correct email and password details they would be forwarded through to my update page. However, after making the updates, and pressing the update button, the user was then directed to :
("Location: http://www.example.com/rejected.php");
and not the page I had specified in the Update Record Set, using the UPdate Recordset behaviour .
Any help, as always, would be greatly appreciated...
Thanks |
|
|
|
|
05-06-2005, 09:34 AM
|
|
Posts: 548
Location: CT, USA
|
It would be great if you posted the whole code.
From what I gather, you should either
A: Set a cookie or session with the users ID number.
B: Put your second update if statement one higher to the check.
Whats happening is that you send the original form (email, password) to update.php.
Update.php verifies the user and the displays the second form. Now when you submit it again it tries to verify the user twice.
Heres an example of B:
PHP Code:
<?php
//Update code goes here
if($_POST[pageid]=="1"){
//update code
exit;
}
//Verify email and password
$sql=verify
//Update form
?>
<form name="update" action="<?PHP ECHO($PHP_SELF); ?>"> method="POST">
<input type="hidden" name="pageid" value="1>
OTHER FIELDS GO HERE.
<?php
exit;
?>
__________________
Please login or register to view this content. Registration is FREE - 100 Satisfied Customers - Custom Programming and Web Development
|
|
|
|
|
05-06-2005, 09:59 AM
|
|
Posts: 340
Name: Jon
Location: New York
|
your password fields when you deploy your db you should consider on md5 hashing them.
i think this is correct
PHP Code:
$passwordhs = md5($password);
with the db and php i had the same problem. but i hand coded the site not automaticlly with dreamweaver.
I use a combo of Zend Studio & Dreamweaver MX 2004
__________________
AMW_Drizz
Dev Machine:: Apache 2.2.6 PHP 5.2.6 MySQL 5.1
|
|
|
|
|
05-06-2005, 11:30 AM
|
|
Posts: 36
|
Hi, thanks for the response
I'll quickly stick up the code and then take another look at it with view to your comments:
UPDATE PAGE
PHP Code:
<?php require_once('Connections/connectiona.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE TestTable SET autonumber=%s, sex=%s, firstname=%s, fullname=%s, OthLanguage=%s, LangSchls=%s, LangQual=%s, qualifications=%s, likes=%s, dislikes=%s, areas=%s, contactmail=%s, contactnum=%s WHERE password=%s",
GetSQLValueString($_POST['firstname'], "int"),
GetSQLValueString($_POST['sex'], "text"),
GetSQLValueString($_POST['firstname'], "text"),
GetSQLValueString($_POST['fullname'], "text"),
GetSQLValueString($_POST['OthLanguage'], "text"),
GetSQLValueString($_POST['LangSchls'], "text"),
GetSQLValueString($_POST['LangQual'], "text"),
GetSQLValueString($_POST['qualifications'], "text"),
GetSQLValueString($_POST['likes'], "text"),
GetSQLValueString($_POST['dislikes'], "text"),
GetSQLValueString($_POST['areas'], "text"),
GetSQLValueString($_POST['contactmail'], "text"),
GetSQLValueString($_POST['contactnum'], "text"),
GetSQLValueString($_POST['password'], "text"));
mysql_select_db($database_connectiona, $connectiona);
$Result1 = mysql_query($updateSQL, $connectiona) or die(mysql_error());
$updateGoTo = "thankyou for updating.htm";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
$colname_rslogin = "1";
if (isset($_POST['passwordID'])) {
$colname_rslogin = (get_magic_quotes_gpc()) ? $_POST['passwordID'] : addslashes($_POST['passwordID']);
}
$colnames_rslogin = "1";
if (isset($_POST['contactID'])) {
$colnames_rslogin = (get_magic_quotes_gpc()) ? $_POST['contactID'] : addslashes($_POST['contactID']);
}
mysql_select_db($database_connectiona, $connectiona);
$query_rslogin = sprintf("SELECT * FROM TestTable WHERE password = '%s' AND contactmail = '%s'", $colname_rslogin,$colnames_rslogin);
$rslogin = mysql_query($query_rslogin, $connectiona) or die(mysql_error());
$row_rslogin = mysql_fetch_assoc($rslogin);
$totalRows_rslogin = mysql_num_rows($rslogin);
if($totalRows_rslogin<1)
header("Location: http://www.orangutanenglish.com/sorry.htm");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body bgcolor="#FF6600" text="#FFFFFF">
test update page
<form name="form1" method="POST" action="<?php echo $editFormAction; ?>">
<table width="88%" border="0" align="center">
<tr>
<td width="51%">first name</td>
<td width="49%"><input name="firstname" type="text" id="firstname" value="<?php echo $row_rslogin['firstname']; ?>"></td>
</tr>
<tr>
<td>full name </td>
<td><input name="fullname" type="text" id="fullname" value="<?php echo $row_rslogin['fullname']; ?>"></td>
</tr>
<tr>
<td>Sex</td>
<td><select name="sex" id="sex" title="<?php echo $row_rslogin['sex']; ?>">
<option value="M" <?php if (!(strcmp("M", $row_rslogin['sex']))) {echo "SELECTED";} ?>>M</option>
<option value="F" <?php if (!(strcmp("F", $row_rslogin['sex']))) {echo "SELECTED";} ?>>F</option>
</select></td>
</tr>
<tr>
<td>Age</td>
<td> </td>
</tr>
<tr>
<td>Nationality</td>
<td> </td>
</tr>
<tr>
<td>Native Language </td>
<td> </td>
</tr>
<tr>
<td>Other Languages you can speak </td>
<td><input name="OthLanguage" type="text" id="OthLanguage" value="<?php echo $row_rslogin['OthLanguage']; ?>"></td>
</tr>
<tr>
<td>Teaching Experience </td>
<td> </td>
</tr>
<tr>
<td><DIV align=left><FONT face="Arial, Helvetica, sans-serif" color=#ffffff
size=2>Language Schools Taught at <FONT color=#ffcc00 size=1>(Nova, EEC etc.)</FONT></FONT></DIV></td>
<td><input name="LangSchls" type="text" id="LangSchls" value="<?php echo $row_rslogin['LangSchls']; ?>"></td>
</tr>
<tr>
<td><DIV align=left><FONT face="Arial, Helvetica, sans-serif" color=#ffffff
size=2>Language Teaching Qualifications<FONT color=#ffcc00 size=1> (if none leave
blank)</FONT></FONT></DIV></td>
<td><input name="LangQual" type="text" id="LangQual" value="<?php echo $row_rslogin['qualifications']; ?>"></td>
</tr>
<tr>
<td><DIV align=left><FONT face="Arial, Helvetica, sans-serif" color=#ffffff
size=2>Other (Univ. / </FONT><FONT face="Arial, Helvetica, sans-serif"
size=2><FONT color=#ffffff>College) Qualifications<FONT color=#ffcc00 size=1> (if
none leave blank)</FONT></FONT></FONT></DIV></td>
<td><input name="qualifications" type="text" id="qualifications" value="<?php echo $row_rslogin['qualifications']; ?>"></td>
</tr>
<tr>
<td><DIV align=left><FONT face="Arial, Helvetica, sans-serif" color=#ffffff
size=2>Other (Work etc.) Experience<FONT color=#ffcc00 size=1> (if none leave
blank)</FONT></FONT></DIV></td>
<td><input name="textfield" type="text" value="<?php echo $row_rslogin['otherexper']; ?>"></td>
</tr>
<tr>
<td><DIV align=left><FONT face="Arial, Helvetica, sans-serif" color=#ffffff
size=2>Japanese Ability</FONT></DIV></td>
<td> </td>
</tr>
<tr>
<td>Likes</td>
<td><input name="likes" type="text" id="likes" value="<?php echo $row_rslogin['likes']; ?>"></td>
</tr>
<tr>
<td>Dislikes</td>
<td><input name="dislikes" type="text" id="dislikes" value="<?php echo $row_rslogin['dislikes']; ?>"></td>
</tr>
<tr>
<td>Favourite Movie </td>
<td> </td>
</tr>
<tr>
<td>Prefecture</td>
<td><input name="prefectures" type="text" id="prefectures" value="<?php echo $row_rslogin['prefecture']; ?>"></td>
</tr>
<tr>
<td>Teaching Areas </td>
<td><input name="areas" type="text" id="areas" value="<?php echo $row_rslogin['areas']; ?>"></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td>Teaching Times </td>
<td> </td>
</tr>
<tr>
<td>MONDAY</td>
<td> </td>
</tr>
<tr>
<td>TUESDAY</td>
<td> </td>
</tr>
<tr>
<td>WEDNESDAY</td>
<td> </td>
</tr>
<tr>
<td>THURSDAY</td>
<td> </td>
</tr>
<tr>
<td>FRIDAY</td>
<td> </td>
</tr>
<tr>
<td>SATURDAY</td>
<td> </td>
</tr>
<tr>
<td>SUNDAY</td>
<td> </td>
</tr>
<tr>
<td> </td>
<td><font color="#FF0000" face="Arial, Helvetica, sans-serif"> </font></td>
</tr>
<tr>
<td>private lesson price </td>
<td> </td>
</tr>
<tr>
<td>group lesson price </td>
<td> </td>
</tr>
<tr>
<td>message to your student </td>
<td> </td>
</tr>
<tr>
<td>email address </td>
<td><input name="contactmail" type="text" id="contactmail" value="<?php echo $row_rslogin['contactmail']; ?>"></td>
</tr>
<tr>
<td>phone number</td>
<td><input name="contactnum" type="text" id="contactnum" value="<?php echo $row_rslogin['contactnum']; ?>"></td>
</tr>
<tr>
<td>PASSWORD</td>
<td><input name="password" type="text" id="password" value="<?php echo $row_rslogin['password']; ?>"></td>
</tr>
<tr>
<td><input name="passwordID" type="hidden" id="passwordID">
<input name="contactID" type="hidden" id="contactID"></td>
<td> </td>
</tr>
</table>
<p> </p>
<p>
<input type="submit" name="Submit" value="update">
</p>
<p> </p>
<input type="hidden" name="MM_update" value="form1">
</form>
</body>
</html>
<?php
mysql_free_result($rslogin);
?>
AND THE LOGIN PAGE
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<p>login Page</p>
<form action="testupdate2.php" method="post" name="loginform" id="loginform">
<p>this is a password
<input name="passwordID" type="text" id="passwordID">
</p>
<p>this is a contactmail
<input name="contactID" type="text" id="contactID">
</p>
<p>
<input type="submit" name="Submit" value="logon">
</p>
</form>
<p> </p>
<p> </p>
</body>
</html>
Last edited by 0beron; 05-06-2005 at 07:34 PM..
|
|
|
|
|
05-06-2005, 01:18 PM
|
|
Posts: 36
|
sorry... a tad excessive with my posted code....
|
|
|
|
|
05-06-2005, 07:34 PM
|
|
Posts: 1,832
Location: Somewhere else entirely
|
You know there are tags for html and php code?
[php ]<?php ?>[/php ] without the spaces gets you: and [html ]<html>[/html ] gets you:
__________________
UPDATE 0beron SET talkupation = talkupation + lots WHERE post = 'helpful';
Please login or register to view this content. Registration is FREE (aka MSN handwriting for forums)
|
|
|
|
|
« Reply to Directly accessing a specific record - how?
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
