Help creating php/msql update page!!!

[Agenator]

Okay so I need some help create an update page for a site that I'm working on so that if someone registers they can update their address to recieve a newsletter. I have the form all put together but I'm just having trouble on getting the php code to work properly. Specifically I need help getting the query to update all of the fields into all of their respective tables. How would I go about doing this? Also I dont know how to make sure that they query doesn't update blank boxes, so how can I get the query to skip over these?
Thanks
Heres the code:

<?php
session_start();
include 'config.php';
include 'opendb.php';


mysql_select_db($dbname) or die(mysql_error());

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = $_POST['password'];
$address = $_POST['address'];
$state = $_POST['state'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$country = $_POST['country'];
$currentemail = $_SESSION['currentemail'];
$edit = $_POST['edit'];
$delete = $_POST['delete'];
$value = arry("email", "firstname", "lastname", "email", "password", "address", "state", "city", "zip", "country");
$arr = arry("$email", "$firstname", "$lastname", "$email", "$password", "$address", "$state", "$city", "$zip", "$country");


$query = "UPDATE information SET (FirstName, LastName, Email, Password, Address, State, City, Zip, Country)
Values
('$firstname', '$lastname', '$email', '$password', '$address', '$state', '$city', '$zip', '$country') WHERE email = '$currentemail'";

$query4 = "UPDATE information SET admin = '$edit' WHERE email = '$currentemail'";
$deletequery = "DELETE FROM information WHERE email = '$email'";
$result = mysql_query($query);

echo $currentemail;

if ($delete=="1"){

mysql_query($deletequery) or die ('crap');
echo "success";
}
else

mysql_query($query) or die ('crap');

include 'closedb.php';



?>

(ignore the part where It actually runs the query since this is where I need help anyway)

 

[MasterMax1313]

$query = "UPDATE information SET (FirstName, LastName, Email, Password, Address, State, City, Zip, Country)
Values
('$firstname', '$lastname', '$email', '$password', '$address', '$state', '$city', '$zip', '$country') WHERE email = '$currentemail'";


should probably look like this for multiple entries

UPDATE Person
SET Address = 'Stien 12', City = 'Stavanger'
WHERE LastName = 'Rasmussen'

you have it set up like an insert query.

 

[marshian]

To make the query not update blank boxes, you should get the old info out of the database and use the empty function to determine wether the new value is set, if not, use the old value.

I think this should solve that problem:

$currentemail = $_SESSION['currentemail']; 
$oldquery = "SELECT * FROM information WHERE email = '$currentemail'";
$old = mysql_fetch_array(mysql_query($oldquery));
$firstname = empty($_POST['firstname']) ? $old['firstname'] : $_POST['firstname'];
$lastname = empty($_POST['lastname']) ? $old['lastname'] : $_POST['lastname']; 
$email = empty($_POST['email']) ? $old['email'] : $_POST['email']; 
$password = empty($_POST['password']) ? $old['password'] : $_POST['password']; 
$address = empty($_POST['address']) ? $old['address'] : $_POST['address']; 
$state = empty($_POST['state']) ? $old['state'] : $_POST['state']; 
$city = empty($_POST['city']) ? $old['city'] : $_POST['city']; 
$zip = empty($_POST['zip']) ? $old['zip'] : $_POST['zip']; 
$country = empty($_POST['country']) ? $old['country'] : $_POST['country']; 
$edit = empty($_POST['edit']) ? $old['edit'] : $_POST['country']; 
$delete = empty($_POST['delete']) ? $old['delete'] : $_POST['delete'];

(instead of your old variable declarations)

 

[woiwky]

Feeling sleepy, marshian? You put 'GET' in that query instead of 'SELECT'

Anyway, you can update different fields in different tables like this:

UPDATE table1 t1, table2 t2
SET t1.field1 = 'value1',
t2.field1 = 'value2'
WHERE t1.field2 = 'value3'
AND t2.field2 = 'value4'

By the way, at the very least you should be sanitizing that post data with mysql_real_escape_string() and htmlspecialchars() to avoid sql/html injections.

 

[marshian]

true, i don't use a lot of mysql lately, and since i posted that not long after i got home from school, i might just be sleepy =p
btw, get used more often in languages other then mysql queries

 

[Agenator]

so here is my update code. the query seems to run fine, but when I check in phpmyadmin, nothing changes in the query.... so I still need some help. any suggestions?

<?php
session_start();
include 'config.php';
include 'opendb.php';


mysql_select_db($dbname) or die(mysql_error());

$currentemail = $_GET['currentemail'];
$oldquery = "SELECT * FROM information WHERE email = '$currentemail'";
$old = mysql_fetch_array(mysql_query($oldquery));
$firstname = empty($_POST['firstname']) ? $old['firstname'] : $_POST['firstname'];
$lastname = empty($_POST['lastname']) ? $old['lastname'] : $_POST['lastname'];
$email = empty($_POST['email']) ? $old['email'] : $_POST['email'];
$password = empty($_POST['password']) ? $old['password'] : $_POST['password'];
$address = empty($_POST['address']) ? $old['address'] : $_POST['address'];
$state = empty($_POST['state']) ? $old['state'] : $_POST['state'];
$city = empty($_POST['city']) ? $old['city'] : $_POST['city'];
$zip = empty($_POST['zip']) ? $old['zip'] : $_POST['zip'];
$country = empty($_POST['country']) ? $old['country'] : $_POST['country'];
$edit = empty($_POST['edit']) ? $old['edit'] : $_POST['country'];
$delete = empty($_POST['delete']) ? $old['delete'] : $_POST['delete'];



$query = "UPDATE information SET email = '$email', FirstName = '$firstname', lastname = '$lastname', password = '$password', address = '$address', city = '$city', state = '$state', zip = '$zip', country = '$country'
WHERE email = '$currentemail'";

$result = mysql_query($query);



mysql_query($query) or die ('not working right now');


include 'closedb.php';



?>

 

[marshian]

So when you run this php page, nothing changes to the database?
Could we see your form too?

 

[woiwky]

You used "$currentemail = $_SESSION['currentemail'];" originally, but in that code you used "$currentemail = $_GET['currentemail'];". Are you sure this is correct?

 

[Agenator]

Changed code, still no luck. It keeps dying (the code after I run the query). Anythoughts on whats causing this?
Heres the php code:

<?php
session_start();
include 'config.php';
include 'opendb.php';


mysql_select_db($dbname) or die(mysql_error());

$currentemail = $_SESSION['currentemail'];
$oldquery = "SELECT * FROM information WHERE email = '$currentemail'";
$old = mysql_fetch_array(mysql_query($oldquery));
$firstname = empty($_POST['firstname']) ? $old['firstname'] : $_POST['firstname'];
$lastname = empty($_POST['lastname']) ? $old['lastname'] : $_POST['lastname'];
$email = empty($_POST['email']) ? $old['email'] : $_POST['email'];
$password = empty($_POST['password']) ? $old['password'] : $_POST['password'];
$address = empty($_POST['address']) ? $old['address'] : $_POST['address'];
$state = empty($_POST['state']) ? $old['state'] : $_POST['state'];
$city = empty($_POST['city']) ? $old['city'] : $_POST['city'];
$zip = empty($_POST['zip']) ? $old['zip'] : $_POST['zip'];
$country = empty($_POST['country']) ? $old['country'] : $_POST['country'];
$edit = empty($_POST['edit']) ? $old['edit'] : $_POST['country'];
$delete = empty($_POST['delete']) ? $old['delete'] : $_POST['delete'];



$query = "UPDATE information SET email = '$email', FirstName = '$firstname', lastname = '$lastname', password = '$password', address = '$address', city = '$city', state = '$state', zip = '$zip', country = '$country'
WHERE email = '$currentemail'";

$result = mysql_query($query);



mysql_query($query) or die ('not working right now');


include 'closedb.php';



?>

my form code:

<html>
<body>
<head>
<title> Melting Point Signup </title>
</head>
<LINK REL=stylesheet HREF="layout.css"
Type="text/css">

<div id="header">

</div>

<div id="navbar">
<a href="mainpage.html"> Home </a>
<a href="mainpage.html"> Contact Us </a>
<a href="http://www.myspace.com/meltingpointband"> MySpace Page </a>
<a href="mainpage.html"> Download Songs </a>
<a href="mainpage.html"> Promotional Offer </a>

</div>


<div id="content">
<div id="signup">
<br><b><font size="5px"><font color="red"><center>Changed Addresses Recently?</center></font></font></b>
<font size="4px"><Font color="white"><center><b>Then fill out the form below to continue to Recieve the Melting Point Newsletter</b></center></font></font><br>
<form action="updateuser.php" method="post">
<div id="Accinfo">
<b><font color="red"><font size="5px">Account Information</font></font></b>
<label>Firstname: <input class="signup" type="text" name="firstname" />  </label>
<label>Lastname: <input class="signup" type="text" name="lastname" /></label>
<label>Email: <input class="signup" type="text" name="email" /> </label>
<label><h2>Functions as your username.</h2></label>
<label>Password:<input class="signup" type="password" name="password" /> </label>
<h2>Can only contain characters A-Z & 0-9 </h2>
</div><br>
<div id="personinfo">
<b><font color="red"><font size="5px">Personal Information</font></font></b>
<label>Address: <input class="signup" type="text" name="address" /> </label>
<label>City: <input class="signup" type="text" name="city" />  </label>
<label>State/Province: <input class="signup" type="text" name="state" /> </label>
<label>Zip/Postal Code: <input class="signup" type="text" name="zip" /> </label>
<label>Country:
<select name="country" class="signup">
                  <option value="">Select a Country.</option>
               
                </select>
</label>

 <label> <input class="submit" type="submit" value="Update" /> </label>
</div>
</form>
</div>
</div>
</body>
</html>

and lastly heres the place where I create my session:

<?php

include 'config.php';
include 'opendb.php';

mysql_select_db($dbname) or die(mysql_error());

$email = $_POST['email'];
$password = $_POST['password'];
$query = "select*from information where email='$email' and password='$password'";
$result = mysql_query($query);
$user = ($result ? mysql_fetch_object($result) : false);

if (!$user) {
    $error = 'Bad Login';
    include 'mainpage.html';
}
elseif ($user->Admin) {
    include "adminpage.html";
}
else{
session_start();
$_SESSION['currentemail'] = $email;
    include "updatepage.html";
}
include 'closedb.php';
?>

(select a country was too long to have all countries listed so I just cut them out but you get the idea)
So yeah please continue the help. Its much appreciated. What should I do from here?
Edit:
eh bump, No clue as too how to get this working

 

[marshian]

I'm not sure what's causing the problem, but I do see 2 things that aren't too good:
in 'the place where you create your session':

$query = "select*from information where email='$email' and password='$password'";

to

$query = "SELECT * FROM information WHERE email='$email' AND password='$password'";

second:

$result = mysql_query($query); 



mysql_query($query) or die ('not working right now');

to

mysql_query($query) or die ('not working right now');

 

[phpasks]

 <?php 

include 'config.php'; 
include 'opendb.php'; 

mysql_select_db($dbname) or die(mysql_error()); 

$email = $_POST['email']; 
$password = $_POST['password']; 
$query = "select*from information where email='$email' and password='$password'"; 
$result = mysql_query($query); 
$user = ($result ? mysql_fetch_object($result) : false); 

if (!$user) { 
    $error = 'Bad Login'; 
    include 'mainpage.html'; 
} 
elseif ($user->Admin) { 
    include "adminpage.html"; 
} 
else{ 
session_start(); 
$_SESSION['currentemail'] = $email; 
    include "updatepage.html"; 
} 
include 'closedb.php'; 
?>

<?php
$query = "select*from information where email='$email' and password='$password'"; 

// Specific Format allowed in MySQL, Please right syntax used MySQL

ob_start();
session_start(); 
$_SESSION['currentemail'] = $email; 
// better way used this way session

//this is worng way
$result = mysql_query($query); 
$user = ($result ? mysql_fetch_object($result) : false);

//this is write
 $result = mysql_query ("SELECT * WHERE 1=1")     or die ("Invalid query"); 
?>

 <?php 
ob_start();
session_start(); 
include 'config.php'; 
include 'opendb.php'; 


mysql_select_db($dbname) or die(mysql_error()); 

$currentemail = $_SESSION['currentemail']; 
$oldquery = "SELECT * FROM information WHERE email = '$currentemail'"; 
$old = mysql_fetch_array(mysql_query($oldquery)); 
$firstname = empty($_POST['firstname']) ? $old['firstname'] : $_POST['firstname']; 
$lastname = empty($_POST['lastname']) ? $old['lastname'] : $_POST['lastname']; 
$email = empty($_POST['email']) ? $old['email'] : $_POST['email']; 
$password = empty($_POST['password']) ? $old['password'] : $_POST['password']; 
$address = empty($_POST['address']) ? $old['address'] : $_POST['address']; 
$state = empty($_POST['state']) ? $old['state'] : $_POST['state']; 
$city = empty($_POST['city']) ? $old['city'] : $_POST['city']; 
$zip = empty($_POST['zip']) ? $old['zip'] : $_POST['zip']; 
$country = empty($_POST['country']) ? $old['country'] : $_POST['country']; 
$edit = empty($_POST['edit']) ? $old['edit'] : $_POST['country']; 
$delete = empty($_POST['delete']) ? $old['delete'] : $_POST['delete']; 



$query = "UPDATE information SET email = '".$email."', FirstName = '".$firstname."', lastname = '".$lastname."', password = '".$password."', address = '".$address."', city = '".$city."', state = '".$state."', zip = '".$zip."', country = '".$country."' 
WHERE email = '".$_SESSION['currentemail']."'"; 

//$result = mysql_query($query); 

$result = mysql_query($query) or die ('not working right now'); 


include 'closedb.php'; 



?>

 

[Agenator]

Alright so I figured out what the problem is. The oldquery is updating the old information into the tables for blank fields. So it's always going to throw an error If I leave email blank because its the primary key. So here's my new question: How can I get it to insert all of the old information back into the databases tables?
Thanks alot
Edit:
little help? (sorry i dont mean to be rude but this is for a project i need to get done relatively soon)