GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   PHP help anybody..please (https://gfy.com/showthread.php?t=823451)

halfpint 04-21-2008 03:02 PM
PHP help anybody..please
 
I have edited this preferences.php file and added two extra forms so that players can add both an avatar and a banner but the problem is when you add an avatar or sig and you already have a banner it takes the banner and quote away and vice versa. This is driving me crazy been trying to figure it out for the last 6 hours..lol

Does anybody know how to make these work independently of each other so that when you submit a new banner or avatar they do not affect each other..any help will be much appreciated

Code:
<?
include 'header.php';

if (isset($_POST['submit'])) {

  $avatar = $_POST["avatar"];
  $quote = $_POST["quote"];
  $banner = $_POST["banner"];
  $sig = $_POST["sig"];
  //insert the values
  if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
   
        die();
  }
}
?>
<?
if (isset($message)) {
echo Message($message);
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

mrkris 04-21-2008 03:21 PM
Nothing is more awesome than code being mixed with layout.

okok 04-21-2008 03:24 PM
This is what causes the prob:


Code:
if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
   
        die();
  }
You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.

halfpint 04-21-2008 03:25 PM
Quote:
Originally Posted by mrkris (Post 14094665)
Nothing is more awesome than code being mixed with layout.
yeah.. we bought this script and it had it also had html code mixed with php :(

halfpint 04-21-2008 03:29 PM
Quote:
Originally Posted by okok (Post 14094676)
This is what causes the prob:


Code:
if (!isset($message)){
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
   
        die();
  }
You are updating everything every time $message is not set, whether or not $avatar and/or $banner are set.
K thanks

Im not a php coder and only know bits and bobs so if I change it to this will it work

Code:
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");

okok 04-21-2008 03:36 PM
Quote:
Originally Posted by halfpint (Post 14094689)
K thanks

Im not a php coder and only know bits and bobs so if I change it to this will it work

Code:
    $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."'`banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
Try wrapping isset around the individual SQL statements, something like:


Code:
if (isset(_POST['avatar'])) { $result = ...... }
if (isset(_POST['banner'])) { $result = ...... }
Be warned that above is just a dirty bandaid on an already dirty wound.

halfpint 04-21-2008 03:39 PM
Quote:
Originally Posted by okok (Post 14094721)
Try wrapping isset around the individual SQL statements, something like:


Code:
if (isset(_POST['avatar'])) { $result = ...... }
if (isset(_POST['banner'])) { $result = ...... }
Be warned that above is just a dirty bandaid on an already dirty wound.
Ok thanks I will give it a try... appreciate your help thanks

halfpint 04-21-2008 04:36 PM
Is this the correct way to wrap the if (isset(_POST['avatar'])) { $result = ...... }

Code:
<?
include 'header.php';
if (isset($_POST['submit'])) {

if (isset($_POST['avatar'])){ $result = mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['quote'])){ $result = mysql_query("UPDATE `grpgusers` SET `quote`='".$quote."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['banner'])){ $result = mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', WHERE `id`='".$user_class->id."'");
}
if (isset($_POST['sig'])){ $result = mysql_query("UPDATE `grpgusers` SET `sig`='".$sig."', WHERE `id`='".$user_class->id."'");

 
 //insert the values
    echo Message('Your preferences have been saved.');
   
        die();

drocd 04-21-2008 06:04 PM
The most logical way:

Code:
<?
include 'header.php';

if($_POST['form_type'] == 'avatarquote') {
        $avatar = $_POST["avatar"];
        $quote = $_POST["quote"];
        $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");
                echo 'Your preferences have been saved.';
                die();
}
elseif($_POST['form_type'] == 'bannersig') {
        $banner = $_POST["banner"];
        $sig = $_POST["sig"];
        $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."' WHERE `id`='".$user_class->id."'");
                echo 'Your preferences have been saved.';
                die();
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
<input type="hidden" name="form_type" value="avatarquote" />
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
<input type="hidden" name="form_type" value="bannersig" />
  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

Smarty 04-21-2008 06:06 PM
Code:
$avatar = blah blah
$quote = blah Blah


mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)
make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

sarettah 04-21-2008 06:15 PM
A better solution would probably be to just run one form instead of 2. That way your vars are always filled out on the submit and it doesn't matter if your rewrite them each time.

Code:
<?
include 'header.php';

if (isset($_POST['submit'])) {

  $avatar = $_POST["avatar"];
  $quote = $_POST["quote"];
  $banner = $_POST["banner"];
  $sig = $_POST["sig"];
  //insert the values
  if (!isset($message)){

// kill this write and include it in the next   
// $result= mysql_query("UPDATE `grpgusers` SET `avatar`='".$avatar."', `quote`='".$quote."' WHERE `id`='".$user_class->id."'");

    $result= mysql_query("UPDATE `grpgusers` SET `banner`='".$banner."', `sig`='".$sig."',  avatar`='".$avatar."', `quote`='".$quote."'WHERE `id`='".$user_class->id."'");
    echo Message('Your preferences have been saved.');
   
        die();
  }
}
?>
<?
if (isset($message)) {
echo Message($message);
}
?>
<tr><td class="contenthead">
Account Preferences
</td></tr>
<tr><td class="contentcontent">
<form name='login' method='post'>
  <table width='50%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Avatar Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='avatar' value='<?= $user_class->avatar ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='quote' value='<?= $user_class->quote ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>

// kill this submit button here...
<!--  <input type='submit' name='submit' value='Save Preferences'> -->
 
      </font></td>
    </tr>
</table>
</form>
<br>
<tr><td class="contenthead">
Add Banner
</td></tr>
<tr><td class="contentcontent">

// kill this form line
<!-- <form name='login' method='post'> -->

  <table width='100%' border='0' align='center' cellpadding='0' cellspacing='0'>
          <tr>
      <td height='28'><font size='2' face='verdana'>Banner Image Location&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='banner' value='<?= $user_class->banner ?>'>
        </font></td>
    </tr>
    <tr>
    <tr>
      <td height='28' align="right"><font size='2' face='verdana'>Quote&nbsp;&nbsp;&nbsp;</font></td>
      <td><font size='2' face='verdana'>
        <input type='text' name='sig' value='<?= $user_class->sig ?>'>
        </font></td>
    </tr>
      <td>&nbsp;</td>
      <td><font size='2' face='verdana'>
        <input type='submit' name='submit' value='Save Preferences'>
        </font></td>
    </tr>
</table>
</form>
<?
include 'footer.php';
?>

PornGeneral 04-21-2008 06:16 PM
Code:
<?
include 'header.php';

//Add these lines to ensure you don't get hacked
$_POST = trim(array_map('mysql_real_escape_string', $_POST));
$_GET = trim(array_map('mysql_real_escape_string', $_GET));
$_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));

?>
You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...

halfpint 04-21-2008 06:19 PM
Quote:
Originally Posted by Smarty (Post 14095194)
Code:
$avatar = blah blah
$quote = blah Blah


mysql_query(UPDATE 'whatever' SET avatar = $avatar, quote = $quote and so on ... WHERE id = id ..)
make sure that when you show them teh form .. the values that are in teh database already shown in teh form .. and when they update something you just update all teh values.

Also teh script is a drama .. because you allow teh users to put everything in your database without any checking .. at least do a mysql escape on the posted vars.

The script has been a pain in the arse ever since we purchased it and the guy that scripted it has given us no support what so ever. We ended up having to pay another coder for a load of bug fixes in the end..but thats life and nothing is ever easy..lol

Thanks for all your help guys

halfpint 04-21-2008 06:28 PM
Quote:
Originally Posted by PornGeneral (Post 14095235)
Code:
<?
include 'header.php';

//Add these lines to ensure you don't get hacked
$_POST = trim(array_map('mysql_real_escape_string', $_POST));
$_GET = trim(array_map('mysql_real_escape_string', $_GET));
$_COOKIE = trim(array_map('mysql_real_escape_string', $_COOKIE));

?>
You sould add these three lines to your code to ensure your users don't inject arbitrary SQL statements ... Hacking...
Thanks should I add that before the if (isset($_POST['submit']))

sarettah 04-21-2008 06:31 PM
Quote:
Originally Posted by halfpint (Post 14095257)
Thanks should I add that before the if (isset($_POST['submit']))
You should put those right after the include header or if your header uses any POST statements, then put it before the include header.

halfpint 04-21-2008 06:34 PM
Quote:
Originally Posted by sarettah (Post 14095262)
You should put those right after the include header or if your header uses any POST statements, then put it before the include header.
Ok I will do that... thanks again you have all been a great help :thumbsup

halfpint 04-21-2008 08:21 PM
Finally got it working thanks to all of you :thumbsup
A big thanks to PornGeneral for your help and the links :thumbsup

brandonstills 04-21-2008 11:10 PM
Quote:
Originally Posted by mrkris (Post 14094665)
Nothing is more awesome than code being mixed with layout.
What about PHP mixed with SQL, mixed with Javascript, mixed with malformed HTML?


All times are GMT -7. The time now is 12:32 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123