php - How add user data to an already registered user -
i new database world. in registration process user has give values, required (e-mail , password). when registered , logged in, want give user opportunity add not required info row in database.
edit2:
here updated version of relevant part of code. not working, beyond happy, if point me right direction once again! thank you!!
<?php require_once 'config.php'; require_once 'database_connection.php'; $first_name = trim($_request['first_name']); $last_name = trim($_request['last_name']); $url= trim($_request['url']); //get logged in user's id $user_id = $_request['user_id']; //select logged in user $select_query = "select * users user_id = " . $user_id; //update user's row $update_sql = sprintf("update users (first_name, last_name, url) " . "values ('%s', '%s','%s');", mysql_real_escape_string($first_name), mysql_real_escape_string($last_name), mysql_real_escape_string($url)); //parameterized queries $stmt = $dbh->prepare("update `users` set (first_name, last_name, url) values (:first_name, :last_name, :url) (user_id = :user_id)"); $stmt->bindparam(':first_name', $first_name); $stmt->bindparam(':last_name', $last_name); $stmt->bindparam(':url', $url); $stmt->bindparam(':user_id', $user_id); $stmt->execute(); mysql_query($select_query, $update_sql, $stmt) or die(mysql_error()); header("location: show_user.php?user_id=" . mysql_insert_id()); //where redirect exit(); ?> the form, should execute above code not:
<body> <!-- start register --> <div id="register"> <form name="completeprofileform" action="/php/complete_user.php" method="post" enctype="multipart/form-data"> <h2>complete information:</h2> <!-- first name --> <label>first name</label> <input name="first_name" id="first_name" type="name" placeholder="enter first name" onfocus="this.placeholder = ''" onblur="this.placeholder = 'enter firstname'" /> <!-- last name --> <label>last name</label> <input name="last_name" id="last_name" type="name" placeholder="enter last name" onfocus="this.placeholder = ''" onblur="this.placeholder = 'enter last name'" /> <!-- website--> <label>website</label> <input name="url" id="url" type="text" placeholder="enter website domain" onfocus="this.placeholder = ''" onblur="this.placeholder = 'enter website domain'" /> <!-- register button --> <input type="submit" id="submitbutton" class="button" value="complete profile" /> </form> </div> <!-- end register --> </body> last not least error message:
notice: undefined index: user_id in c:\xampp\htdocs\php\complete_user.php on line 10
notice: undefined variable: dbh in c:\xampp\htdocs\php\complete_user.php on line 20
fatal error: call member function prepare() on non-object in c:\xampp\htdocs\php\complete_user.php on line 20
thank input!
your updatescript should work far know if chain text , variables correctly.
the concatenation in php works dot '.'.
so sql statement must like
$update_sql = ("update `users` set `first_name` = ".$first_name.", `last_name` = ".$last_name.", `user_type` = ".$user_type.", `url` = ".$url." `user_id` = ".$user_id); but shouldn't use input user in querys. see more sql injection here!
you must escape user input!
you can functions, these 2 of them:
$user = $mysqli->real_escape_string($user); $user = htmlentities($user); also shold use parameterized queries. simple example first parameter of update query, add rest of code in same pattern after escaped it!:
$stmt = $dbh->prepare("update `users` set (firstname) values (:firstname) (userid = :userid)"); $stmt->bindparam(':firstname', $firstname); $stmt->bindparam(':userid', $userid); $stmt->execute(); further using mysql_insert_id() retrieves id generated auto_increment column previous query (usually insert). more information in official documentation.
but mysql generate id if inserting new user in case, updating existing one. no id returned. need id user manually select after update , add id redirect.
edit2
you can, , should save traffic, put
$stmt = $dbh->prepare("update `users` set (first_name) values (:first_name) (user_id = :user_id)"); $stmt->bindparam(':first_name', $first_name); $stmt->bindparam(':user_id', $user_id); $stmt->execute(); $stmt = $dbh->prepare("update `users` set (last_name) values (:last_name) (user_id = :user_id)"); $stmt->bindparam(':last_name', $last_name); $stmt->bindparam(':user_id', $user_id); $stmt->execute(); $stmt = $dbh->prepare("update `users` set (url) values (:url) (user_id = :user_id)"); $stmt->bindparam(':url', $url); $stmt->bindparam(':user_id', $user_id); $stmt->execute(); in single statement
$stmt = $dbh->prepare("update `users` set (first_name, last_name, url) values (:first_name, :last_name, :url) (user_id = :user_id)"); $stmt->bindparam(':first_name', $first_name); $stmt->bindparam(':last_name', $last_name); $stmt->bindparam(':url', $url); $stmt->bindparam(':user_id', $user_id); $stmt->execute(); i'm going through error messages , tell mean, think should enough can fix them
notice: undefined index: user_id in c:\xampp\htdocs\php\complete_user.php on line 10 this means $_request['user_id'] doesn't find keyuser_id`. watching html, bit complicated. need save user_id in session when he's logging in , access $_session['user_id']. broad wrote here, that's need. doing require userid form, form never works userid , form never sends userid php file.
notice: undefined variable: dbh in c:\xampp\htdocs\php\complete_user.php on line 20 $dbh example. never initialized variable. need work own instance mysqli class. should done in php file handles database connection. i'm guessing have instance, called wrong variable.
fatal error: call member function prepare() on non-object in c:\xampp\htdocs\php\complete_user.php on line 20 since $dbh isn't instance mysqli can't call prepare() function mysqli because php has no clue it. need work own mysqli instance, preferbly database.php.
hint: same goes mysql you're working that, should change mysqli since mysql deprecated , deleted in 5.5 version of php.
Comments
Post a Comment