$result = mysql_query("UPDATE users SET password='$_POST['pass']', email='$_POST['email']', char1='$_POST['char1']', char2='$_POST['char2']' WHERE name = '$_COOKIE['uname']'") or die("custom error message here.");

Error:
"Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING"

This is one of the first times I've experimented with UPDATE, any syntax tips are helpful.

$result = mysql_query("UPDATE users SET password=$_POST['pass'], email=$_POST['email'], char1=$_POST['char1'], char2=$_POST['char2'] WHERE name = $_COOKIE['uname']") or die("custom error message here.");

Too many ' symbols.

Im getting varying answers on IRC, and btw grey, your script didnt work.

for example, someone said:
UPDATE table SET field=\''.$value.'\'
and
escape your variables, take them out of the scope of the string

O_o


----EDIT-----


okay, solved that, my script is:
$PASS1 = $_POST['pass'];
$PASS2 = $_POST['passverify'];
$EMAIL = $_POST['email'];
$CHAR1 = $_POST['char1'];
$CHAR2 = $_POST['char2'];
$USERCOOKIE = $_COOKIE['uname'];

if ($PASS1 == $PASS2)
{
mysql_query("UPDATE users SET password='$PASS1', email='$EMAIL', char1='$CHAR1', char2='$CHAR2' WHERE name = '$USERCOOKIE'") or die("moo");
echo "Your information has been changed. <br> <a href='usercp.php'> Continue </a> ";
}
else {
echo "Your passwords do not match";
}


But now, when I do the query, instead of it updating the fields, it deletes everything that was orignally set. Help?

You also need a WHERE statement to detirmine what line to update.

ex:
WHERE users = $user

The edit I gave you may have been wrong, but it had the correct idea.

I have a where statement O_o...

And it doesnt delete EVERYTHING. It deletes the data that I specify from the row of the user I specify, except what I specified wasnt supposed to be deleted, but updated.

I have a where statement O_o...

And it doesnt delete EVERYTHING. It deletes the data that I specify from the row of the user I specify, except what I specified wasnt supposed to be deleted, but updated.

Meh, I don't read so well.

What Is the script supposed to do? IE: what does the suer do to activate the script.

Make sure that you actually have values for yer varibles. Sometimes things don't quite transfer over from input feilds. It all depends on how you set it up.

Its a script for a clan site Im making that will change a users prefrences/profile. A simple UserCP, i guess.

Heres my form from which the code you looked at previously leeches from:

if (isset($_COOKIE["uname"]))
{
$username = ($_COOKIE['uname']);

$usercp = mysql_query("SELECT char1,char2,email,password,rank FROM users WHERE name='$username'") or die("Database error.");
while($userfind = mysql_fetch_array($usercp,MYSQL_ASSOC)) {
echo "<form action='userconfig.php' mode='post'>";
echo "To make changes, edit your values then click submit <br>";
echo "<br> Email <br>";
echo "<input type='text' value='" . $userfind['email'] . "' name='email'><br>";
echo "Main Character<br>";
echo "<input type='text' value='" . $userfind['char1'] . "' name='char1'><br>";
echo "Secondary Character<br>";
echo "<input type='text' value='" . $userfind['char2'] . "' name='char2'><br>";
echo "Password<br>";
echo "<input type='password' value='" . $userfind['password'] . "' name='pass'><br>";
echo "Verify Password<br>";
echo "<input type='password' value='" . $userfind['password'] . "' name='passverify'><br>";
echo "Your rank is currently: ";
echo $userfind['rank'];
echo "<br><br><input type='submit'>";
}
}
else {
echo "You are not logged in!";
}

If I can find It, I'll post the script I made. If not, I'll find a tutorial for you.

There are multiple issues with the script you have there, I think...

EDIT:

Here is the script I used:


<?php
require_once ('templates/siteinfo.php');

$page_title = 'User Controls';
include_once ('templates/header.tpl');
$user_rank = $_SESSION['user_rank'];

if ($user_rank > 0) {

require_once ('config.php');

$u = $_SESSION['username'];

$query = "SELECT email, pass FROM users WHERE username='$u'";
$result = @mysql_query ($query);
$row = mysql_fetch_array ($result, MYSQL_NUM);

if (isset($_POST['submit'])) {

$p = escape_data($_POST['password']);

$pass = $row[1];

if ( (crypt($p, $pass)) == $pass) {

if (eregi ("^[[:alnum:]][a-z0-9_.-]*@[a-z0-9.-]+\.[a-z]{2,4}$", stripslashes(trim($_POST['email'])))) {
$e = escape_data($_POST['email']);
} else {
$e = FALSE;
echo '<p>Please enter a valid email address.</p>';
}

if (errgi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))) {
if ($_POST['password1'] == $_POST['password2']) {
$p = escape_data($_POST['password1']);
} else {
$p = FALSE;
echo '<p>Your password did not match the confirmed password.</p>';
}
} else {
$p = FALSE;
echo '<p>Please enter a valid password.</p>';
}
} else {
$p = FALSE;
echo '<p>The pasword entered does not match the one on file. You must enter a valid password to change settings.</p>';
}

if ($p) {

$user_id = $_SESSION['user_id'];
$p = crypt($p);

$query1 = "UPDATE users SET email='$e', pass='$p' WHERE user_id='$user_id'";
$result1 = @mysql_query ($query1);
if (mysql_affected_rows() == 2) {

echo '<h3>Your settings have been changed.</h3>';
include ('templates/footer.tpl');
exit();

} else {

$message = '<p>Your settings could not be changes due to an error.</p>';

}
mysql_close();

} else {
echo '<p>Please try again.</p>';
}
}
?>

<h1>Change User Settings</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table class="form" cellspacing=2 cellpadding=1 border=0>
<tr>
<td class="" align=center><b>User Name:</b></td>
<td class="" align=center><?php echo $u; ?></td>
</tr>
<tr>
<td class="" colspan=2><hr size="1" width="75%" /></td>
</tr>
<tr>
<td class="" align=center><b>Curent Password:</b></td>
<td class="" align=center><input type="password" name="password" size=20 maxlength=20 /></td>
</tr>
<tr>
<td class="" colspan=2><hr size="1" width="75%"></td>
</tr>
<tr>
<td class="" align=center><b>New Password:</b></td>
<td class="" align=center><input type="password" name="password1" size=20 maxlength=20 /></td>
</tr>
<tr>
<td class="" align=center><b>Confirm New Password:</b></td>
<td class="" align=center><input type="password" name="password2" size=20 maxlength=20 /></td>
</tr>
<tr>
<td class="" align=center><b>Email:</b></td>
<td class="" align=center><input type="text" name="email" size=20 maxlength=40 value="<?php echo $row[0]; ?>" /></td>
</tr>
</table>
<div align="center"><input type="submit" name="submit" value="Change Settings" /></div>
</form>
<?php

} else {
echo '<p>You must log in to view this page</p>';
}

include ('templates/footer.tpl');

?>


Yes, this is based off a tutorial script.

Im just going to continue in this thread.

Okay, new problem-

With my logon feature, I need to use cookies. When I set the cookies, they're easily viewed.

1) Are cookies able to be edited
2) If so, is there a php function that can encrypt the data so it cannot be edited?


Thanks,
-MP

1A: yes, cookies are editable from the browser.
2A: no, but you can give the cookie a hash which is used to retrieve session data from, say, database. any incorrect hash wouldnt let the user be "logged in", only the correct one created when logging in properly. hard to explain accurately.

More questions.

Does a field have to be assigned as primary key to be used in the "WHERE" clause?
The reason Im asking this is because I have a script, and i keep getting a mysql error whenever I search for a particular field, a field which isnt assigned primary key. Of course, when I change the field im looking at to the field with primary key assigned to it, i dont get a error. script:

Doesnt work ('name' isnt the primary key)

$moo = mysql_query("SELECT * FROM users WHERE name = markpyro") or die(mysql_error());
$userdetails = mysql_fetch_array($moo,MYSQL_ASSOC);

Works (id is the primary key)

$moo = mysql_query("SELECT * FROM users WHERE id = 1") or die(mysql_error());
$userdetails = mysql_fetch_array($moo,MYSQL_ASSOC);

these two scripts are exactly the same except for the "id = 1" / "name = markpyro" parts.



Oh, and one more thing seal- by editing cookies I meant from the users system, say, clicking on the cookie and changing the details, not through code in the browser on the original site.

nevermind- got it working. all it required was a set of single quotes:

$moo = mysql_query("SELECT * FROM users WHERE name = '$geen'") or die(mysql_error());
$userdetails = mysql_fetch_array($moo,MYSQL_ASSOC);

Mysql has this "die" feature or die(mysql_error());
Which is useful in some cases but annoying in others, where I would want to submit other querys afterwords, but die makes it so they dont occur. Is there some function where I can just have it echo a message instead of cutting off?

O_o?

Anyone know?

bump ^_^

Mysql has this "die" feature
Which is useful in some cases but annoying in others, where I would want to submit other querys afterwords, but die makes it so they dont occur. Is there some function where I can just have it echo a message instead of cutting off?

die is actually a PHP built-in and is not part of the MySQL library. You can do exactly what you said, replace or die(mysql_error()); with or echo mysql_error();

That will cause the script to keep executing. Keep in mind that if anything beyond the point of failure relies on information that wasn't retrieved there will probably be some breakage.

Define breakage.

Let's say a query to get some user credentials fails and the page continues loading, then later you do checks against the missing user credentials. If the data isn't there you might get new unexpected errors. On the other hand, if the queries are unrelated then you should be fine.

Ahh, I see. I was picturing a database malfunction of the sort >.>

It doesnt like echo:
Parse error: syntax error, unexpected T_ECHO in /www/d/deathbycontr/dwarvenlegion/htdocs/usercp.php on line 102
where 102 is
$test = mysql_query("SELECT id,from,to,title,body,date FROM PM WHERE from = '$username' ORDER BY id desc LIMIT 5") or echo mysql_error();

Fixed, i used print and not echo:
mysql_query("SELECT id,from,to,title,body,date FROM PM WHERE from = '$username' ORDER BY id desc LIMIT 5") or print "error";

----------------------------------

I've never used include before (yes, sad), and I want to know whether this is the right situation in which to do so:

For the site Im making, i want to have a nav bar on every page, and I want it to be the same on every page. The nav bar includes php script and some mysql.

What would the include/script look like and what would the file look like?

---------------------
also, i get this error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from,to,title,body,date FROM PM WHERE to = markpyro ORDER BY id desc LIMIT 3' at line 1

where the line is:
$getnewpms = mysql_query("SELECT id,from,to,title,body,date FROM PM WHERE to = $username ORDER BY id desc LIMIT 3") or die(mysql_error());

use ''s around the $username.

Ick.

Parse error: syntax error, unexpected T_VARIABLE in /www/d/deathbycontr/dwarvenlegion/htdocs/usercp.php on line 102

where i added double quotes.

to='" . $username . "'

Problem solved. It was not the quotes, but the column name. "to" is restricted by mysql; thus giving me an error.

New Question:
I've posted this code here before, and it works, but it has a flaw:

$username = ($_POST['username']);
$username = strtolower($username);

$password = ($_POST['password']);
$password = strtolower($password);

$login = mysql_query("SELECT name FROM users") or die("Database error.");
while($item = mysql_fetch_array($login,MYSQL_ASSOC))
{

if ($username == $item['name'])
{
$psswrd = mysql_query("SELECT password, level FROM users WHERE name='$username'") or die("Database error.");
while($chkpass = mysql_fetch_array($psswrd,MYSQL_ASSOC))
{
if ($password == $chkpass['password'])
{
setcookie("uname", $username, time()+9000);
setcookie("level", $chkpass['level'], time()+9000);
} // end ifpassword

else
{
echo "Password is incorrect. ";
} // end else
} //end psswrd
} // end ifusername

else
{
echo "Username not recognised. ";
} // end else


} //end login
echo '<br><a href="index.php">continue</a>'
When you enter your CORRECT username and password on the previous page, and click submit, the resulting page always says "Username not recognized" but logs you in anyways, and I cant figure out why. Help?

Still need help with my previous question, but i have a new one as well.



EDIT- I'm an idiot >.<

MP, you need help with coding? Try going to www.youngcoders.com. Or I can try and get my friend on here, he is good with PHP.

Thanks, I'll take a look.