All is working except if($_POST['submit']=='Update')

Posted by user1319909 on Stack Overflow See other posts from Stack Overflow or by user1319909
Published on 2012-04-08T05:16:03Z Indexed on 2012/04/08 5:28 UTC
Read the original article Hit count: 190

Filed under:
|

I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?

<?php 

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
    // If you are logged in, but you don't have the tzRemember cookie (browser restart)
    // and you have not checked the rememberMe checkbox:

    $_SESSION = array();
    session_destroy();

    // Destroy the session
}


if(isset($_GET['logoff']))
{
    $_SESSION = array();
    session_destroy();

    header("Location: index_login3.php");
    exit;
}

if($_POST['submit']=='Login')
{
    // Checking whether the Login form has been submitted

    $err = array();
    // Will hold our errors


    if(!$_POST['username'] || !$_POST['password'])
        $err[] = 'All the fields must be filled in!';

    if(!count($err))
    {
        $_POST['username'] = mysql_real_escape_string($_POST['username']);
        $_POST['password'] = mysql_real_escape_string($_POST['password']);
        $_POST['rememberMe'] = (int)$_POST['rememberMe'];

        // Escaping all input data

        $row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));

        if($row['usr'])
        {
            // If everything is OK login

            $_SESSION['usr']=$row['usr'];
            $_SESSION['id'] = $row['id'];
            $_SESSION['email'] = $row['email'];
            $_SESSION['first'] = $row['first'];
            $_SESSION['last'] = $row['last'];
            $_SESSION['address1'] = $row['address1'];
            $_SESSION['address2'] = $row['address2'];
            $_SESSION['city'] = $row['city'];
            $_SESSION['state'] = $row['state'];
            $_SESSION['zip'] = $row['zip'];
            $_SESSION['country'] = $row['country'];
            $_SESSION['product1'] = $row['product1'];
            $_SESSION['serial1'] = $row['serial1'];
            $_SESSION['product2'] = $row['product2'];
            $_SESSION['serial2'] = $row['serial2'];
            $_SESSION['product3'] = $row['product3'];
            $_SESSION['serial3'] = $row['serial3'];
            $_SESSION['rememberMe'] = $_POST['rememberMe'];

            // Store some data in the session

            setcookie('tzRemember',$_POST['rememberMe']);

        }


        else $err[]='Wrong username and/or password!';
    }

    if($err)
    $_SESSION['msg']['login-err'] = implode('<br />',$err);
    // Save the error messages in the session

    header("Location: index_login3.php");
    exit;

}
else if($_POST['submit']=='Register')
{
    // If the Register form has been submitted

    $err = array();

    if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
    {
        $err[]='Your username must be between 3 and 32 characters!';
    }

    if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
    {
        $err[]='Your username contains invalid characters!';
    }

    if(!checkEmail($_POST['email']))
    {
        $err[]='Your email is not valid!';
    }

    if(!count($err))
    {
        // If there are no errors

        $pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
        // Generate a random password

        $_POST['email'] = mysql_real_escape_string($_POST['email']);
        $_POST['username'] = mysql_real_escape_string($_POST['username']);
        $_POST['first'] = mysql_real_escape_string($_POST['first']);
        $_POST['last'] = mysql_real_escape_string($_POST['last']);
        $_POST['address1'] = mysql_real_escape_string($_POST['address1']);
        $_POST['address2'] = mysql_real_escape_string($_POST['address2']);
        $_POST['city'] = mysql_real_escape_string($_POST['city']);
        $_POST['state'] = mysql_real_escape_string($_POST['state']);
        $_POST['zip'] = mysql_real_escape_string($_POST['zip']);
        $_POST['country'] = mysql_real_escape_string($_POST['country']);
        // Escape the input data


        mysql_query("   INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt) 
                        VALUES(

                            '".$_POST['username']."',
                            '".md5($pass)."',
                            '".$_POST['email']."',
                            '".$_POST['first']."',
                            '".$_POST['last']."',
                            '".$_POST['address1']."',
                            '".$_POST['address2']."',
                            '".$_POST['city']."',
                            '".$_POST['state']."',
                            '".$_POST['zip']."',
                            '".$_POST['country']."',
                            '".$_SERVER['REMOTE_ADDR']."',
                            NOW()

                        )");

        if(mysql_affected_rows($link)==1)
        {
            send_mail(  '[email protected]',
                        $_POST['email'],
                        'Your New Electrix User Password',
                        'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);

            $_SESSION['msg']['reg-success']='We sent you an email with your new password!';
        }
        else $err[]='This username is already taken!';
    }

    if(count($err))
    {
        $_SESSION['msg']['reg-err'] = implode('<br />',$err);
    }   

    header("Location: index_login3.php");
    exit;
}

if($_POST['submit']=='Update')

{   

    {
      mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}' 
              VALUES(

              '".$_POST['product1']."',
              '".$_POST['serial1']."',
              '".$_POST['product2']."',
              '".$_POST['serial2']."',
              '".$_POST['product3']."',
              '".$_POST['serial3']."',                          

          )");          

        if(mysql_affected_rows($link)==1)
        {
            $_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
        }
        else $err[]='So Sad!';
    }

    if(count($err))
    {
        $_SESSION['msg']['upd-err'] = implode('<br />',$err);
    }   

    header("Location: index_login3.php");
    exit;

}

if($_SESSION['msg'])
{
    // The script below shows the sliding panel on page load

    $script = '
    <script type="text/javascript">

        $(function(){

            $("div#panel").show();
            $("#toggle a").toggle();
        });

    </script>';

}
?>

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql