Ch.15 transact_user.php/Change my info not working

djlfreak · May 11th, 2010, 12:32 PM

Hi all,

I almost have the cms application fully working, the only thing that won't work is the change my information function (pg.422). When I click on change my info I get the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE user_id = 1' at line 4

I was having the same problem with Modify my Account but I found the solution on this forum already.

I had to change this:

Code:

    case 'Modify Account':
        $user_id = (isset($_POST['user_id'])) ? $_POST['user_id'] : '';
        $email = (isset($_POST['email'])) ? $_POST['email'] : '';
        $name = (isset($_POST['name'])) ? $_POST['name'] : '';
        $access_level = (isset($_POST['access_level'])) ? $_POST['access_level']
            : '';
        if (!empty($user_id) && !empty($name) && !empty($email) &&
            !empty($access_level) && !empty($user_id)) {
            $sql = 'UPDATE cms_users SET
                    email = "' . mysql_real_escape_string($email, $db) . '",
                    name = "' . mysql_real_escape_string($name, $db) . '",
                    access_level = "' . mysql_real_escape_string($access_level,
                        $db) . '",
                WHERE
                    user_id = ' . $user_id;
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_admin.php');
        break;

to this:

Code:

case 'Modify Account':
if (isset($_POST['name'])
and isset($_POST['email'])
and isset($_POST['access_level'])
and isset($_POST['user_id']))
{
$sql = "UPDATE cms_users " .
"SET email='" . $_POST['email'] . 
"', name='" . $_POST['name'] . 
"', access_level=" . $_POST['access_level'] . " " .
" WHERE user_id=" . $_POST['user_id'];

mysql_query($sql, $db)
or die('Could not update user account; ' . mysql_error());
}
redirect('cms_admin.php');
break;

If someone could tell how I need to alter the following code to get the Change My Information button working, I would be very grateful.

Code:

    case 'Change my info':
        session_start();
        $email = (isset($_POST['email'])) ? $_POST['email'] : '';
        $name = (isset($_POST['name'])) ? $_POST['name'] : '';
        if (!empty($name) && !empty($email) && !empty($_SESSION['user_id']))
        {
            $sql = 'UPDATE cms_users SET
                    email = "' . mysql_real_escape_string($email, $db) . '",
                    name = "' . mysql_real_escape_string($name, $db) . '",
                WHERE
                    user_id = ' . $_SESSION['user_id'];
            mysql_query($sql, $db) or die(mysql_error($db));
        }
        redirect('cms_cpanel.php');
        break;

Thanks,
Debs