PHP help anybody..please - GoFuckYourself.com

halfpint · 04-21-2008, 03:02 PM

I have edited this preferences.php file and added two extra forms so that players can add both an avatar and a banner but the problem is when you add an avatar or sig and you already have a banner it takes the banner and quote away and vice versa. This is driving me crazy been trying to figure it out for the last 6 hours..lol

Does anybody know how to make these work independently of each other so that when you submit a new banner or avatar they do not affect each other..any help will be much appreciated

Code:

<?
include 'header.php';

if (isset($_POST['submit'])) {

  $avatar = $_POST["avatar"];
  $quote = $_POST["quote"];
  $banner = $_POST["banner"];
  $sig = $_POST["sig"];
  //insert the values
  if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
    
	die();
  }
}
?>
<?
if (isset($message)) {
echo Message($message);
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

mrkris · 04-21-2008, 03:21 PM

Nothing is more awesome than code being mixed with layout.

okok · 04-21-2008, 03:24 PM

This is what causes the prob:

Code:

if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
    
	die();
  }

You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.

halfpint · 04-21-2008, 03:25 PM

Quote:

Originally Posted by mrkris

Nothing is more awesome than code being mixed with layout.

yeah.. we bought this script and it had it also had html code mixed with php

halfpint · 04-21-2008, 03:29 PM

Quote:

Originally Posted by okok

This is what causes the prob:

Code:

if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
    
	die();
  }

You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.

K thanks

Im not a php coder and only know bits and bobs so if I change it to this will it work

Code:

    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");

okok · 04-21-2008, 03:36 PM

Quote:

Originally Posted by halfpint

K thanks

Im not a php coder and only know bits and bobs so if I change it to this will it work

Code:

    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");

Try wrapping isset around the individual SQL statements, something like:

Code:

if (isset(_POST['avatar'])) { $result = ...... }
if (isset(_POST['banner'])) { $result = ...... }

Be warned that above is just a dirty bandaid on an already dirty wound.

halfpint · 04-21-2008, 03:39 PM

Quote:

Originally Posted by okok

Try wrapping isset around the individual SQL statements, something like:

Code:

if (isset(_POST['avatar'])) { $result = ...... }
if (isset(_POST['banner'])) { $result = ...... }

Be warned that above is just a dirty bandaid on an already dirty wound.

Ok thanks I will give it a try... appreciate your help thanks

halfpint · 04-21-2008, 04:36 PM

Is this the correct way to wrap the if (isset(_POST['avatar'])) { $result = ...... }

Code:

<?
include 'header.php';
if (isset($_POST['submit'])) {

if (isset($_POST['avatar'])){ $result = mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['quote'])){ $result = mysql_query("UPDATE `grpgusers` SET `quote`='".$quote."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['banner'])){ $result = mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['sig'])){ $result = mysql_query("UPDATE `grpgusers` SET `sig`='".$sig."', WHERE `id`='".$user_class->id."'");
}  
 
 //insert the values
    echo Message('Your preferences have been saved.');
    
	die();

drocd · 04-21-2008, 06:04 PM

The most logical way:

Code:

<?
include 'header.php';

if($_POST['form_type'] == 'avatarquote') {
	$avatar = $_POST["avatar"];
	$quote = $_POST["quote"];
	$result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
		echo 'Your preferences have been saved.';
		die();
}
elseif($_POST['form_type'] == 'bannersig') {
	$banner = $_POST["banner"];
	$sig = $_POST["sig"];
	$result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
		echo 'Your preferences have been saved.';
		die();
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
<input type="hidden" name="form_type" value="avatarquote" />
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
<input type="hidden" name="form_type" value="bannersig" />
  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

Smarty · 04-21-2008, 06:06 PM

Code:

$avatar = blah blah
$quote = blah Blah


mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)

make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

sarettah · 04-21-2008, 06:15 PM

A better solution would probably be to just run one form instead of 2. That way your vars are always filled out on the submit and it doesn't matter if your rewrite them each time.

Code:

<?
include 'header.php';

if (isset($_POST['submit'])) {

  $avatar = $_POST["avatar"];
  $quote = $_POST["quote"];
  $banner = $_POST["banner"];
  $sig = $_POST["sig"];
  //insert the values
  if (!isset($message)){

// kill this write and include it in the next    
// $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");

    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."',  avatar`='".$avatar."', `quote`='".$quote."'WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
    
	die();
  }
}
?>
<?
if (isset($message)) {
echo Message($message);
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>

// kill this submit button here... 
<!--  <input type='submit' name='submit' value='Save Preferences'> -->
 
       </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">

// kill this form line
<!-- <form name='login' method='post'> -->

  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
  	<tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

PornGeneral · 04-21-2008, 06:16 PM

Code:

<?
include 'header.php';

//Add these lines to ensure you don't get hacked
$_POST = trim(array_map('mysql_real_escape_string', $_POST));
$_GET = trim(array_map('mysql_real_escape_string', $_GET));
$_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));

?>

You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...

halfpint · 04-21-2008, 06:19 PM

Quote:

Originally Posted by Smarty

Code:

$avatar = blah blah
$quote = blah Blah


mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)

make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

The script has been a pain in the arse ever since we purchased it and the guy that scripted it has given us no support what so ever. We ended up having to pay another coder for a load of bug fixes in the end..but thats life and nothing is ever easy..lol

Thanks for all your help guys

halfpint · 04-21-2008, 06:28 PM

Quote:

Originally Posted by PornGeneral

Code:

<?
include 'header.php';

//Add these lines to ensure you don't get hacked
$_POST = trim(array_map('mysql_real_escape_string', $_POST));
$_GET = trim(array_map('mysql_real_escape_string', $_GET));
$_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));

?>

You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...

Thanks should I add that before the if (isset($_POST['submit']))

sarettah · 04-21-2008, 06:31 PM

Quote:

Originally Posted by halfpint

Thanks should I add that before the if (isset($_POST['submit']))

You should put those right after the include header or if your header uses any POST statements, then put it before the include header.

halfpint · 04-21-2008, 06:34 PM

Quote:

Originally Posted by sarettah

You should put those right after the include header or if your header uses any POST statements, then put it before the include header.

Ok I will do that... thanks again you have all been a great help

halfpint · 04-21-2008, 08:21 PM

Finally got it working thanks to all of you

A big thanks to PornGeneral for your help and the links

brandonstills · 04-21-2008, 11:10 PM

Quote:

Originally Posted by mrkris

Nothing is more awesome than code being mixed with layout.

What about PHP mixed with SQL, mixed with Javascript, mixed with malformed HTML?

04-21-2008, 03:21 PM	#2
mrkris Confirmed User Join Date: May 2005 Posts: 2,737	Nothing is more awesome than code being mixed with layout. __________________ PHP-MySQL-Rails \| ICQ: 342500546

04-21-2008, 06:06 PM	#10
Smarty Registered User Join Date: Nov 2006 Posts: 11	Code: $avatar = blah blah $quote = blah Blah mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..) make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values. Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars. __________________ The Best High Def Sites To Promote

04-21-2008, 06:16 PM	#12
PornGeneral Confirmed User Join Date: Sep 2004 Location: In front of computer Posts: 564	Code: <? include 'header.php'; //Add these lines to ensure you don't get hacked $_POST = trim(array_map('mysql_real_escape_string', $_POST)); $_GET = trim(array_map('mysql_real_escape_string', $_GET)); $_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE)); ?> You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking... __________________ "The object of war is not to die for your country but to make the other bastard die for his." -Patton "Only the dead have seen the end of war." -Plato

04-21-2008, 08:21 PM	#17
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	Finally got it working thanks to all of you A big thanks to PornGeneral for your help and the links __________________ Get FREE website listings on Cryptocoinshops.net