thomaslian

Yes, the coding in Dreamweaver is a mess. I also see when i edit my "Server behaviors" it does only add a new code, it does not delete the old one. This will make a red "!", and the code will not work before you delete the old codes.

So I read about sessions, and it finally worked. I counted on the session Username like you said and that worked fine for me, my link looks like this "/pages/update.php" (very clean).

One last problem, when i click my update button, it opens a new tab, so i get two tabs with the "update.php". Is it anyway preventing the button to open a new tab? I only want to refresh the page i stay on.

Thanks for your time and help!

Okay, i got the diffrence now.

Well, with a little help from dreamweaver i got this code (i dont know if i got it sortet right). At first i got it working, but not anymore... I don't know what happend.

//Get database info<?php require_once('../Connections/lager.php'); ?><?phpif (!isset($_SESSION)) {  session_start();}$MM_authorizedUsers = "0,1";$MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this pagefunction isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {   // For security, start by assuming the visitor is NOT authorized.   $isValid = False;   // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.   // Therefore, we know that a user is NOT logged in if that Session variable is blank.   if (!empty($UserName)) {     // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.     // Parse the strings into arrays.     $arrUsers = Explode(",", $strUsers);     $arrGroups = Explode(",", $strGroups);     if (in_array($UserName, $arrUsers)) {       $isValid = true;     }     // Or, you may restrict access to only certain users based on their username.     if (in_array($UserGroup, $arrGroups)) {       $isValid = true;     }     if (($strUsers == "") && false) {       $isValid = true;     }   }   return $isValid; }$MM_restrictGoTo = "login.php";if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {     $MM_qsChar = "?";  $MM_referrer = $_SERVER['PHP_SELF'];  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)   $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);  header("Location: ". $MM_restrictGoTo);   exit;}if (!function_exists("GetSQLValueString")) {function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {  if (PHP_VERSION < 6) {    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;  }  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);  switch ($theType) {    case "text":      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";      break;        case "long":    case "int":      $theValue = ($theValue != "") ? intval($theValue) : "NULL";      break;    case "double":      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";      break;    case "date":      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";      break;    case "defined":      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;      break;  }  return $theValue;}}$editFormAction = $_SERVER['PHP_SELF'];if (isset($_SERVER['QUERY_STRING'])) {  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);}if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "register")) {  $updateSQL = sprintf("UPDATE Users SET FirstName=%s, LastName=%s, Email=%s, UserName=%s, Password=%s WHERE UserID=%s",                       GetSQLValueString($_POST['FirstName'], "text"),                       GetSQLValueString($_POST['LastName'], "text"),                       GetSQLValueString($_POST['Email'], "text"),                       GetSQLValueString($_POST['UserName'], "text"),                       GetSQLValueString($_POST['Password'], "text"),                       GetSQLValueString($_POST['UserID'], "int"));  mysql_select_db($database_lager, $lager);  $Result1 = mysql_query($updateSQL, $lager) or die(mysql_error());}$colname_GetUserInfo = "-1";if (isset($_SESSION['UserName'])) {  $colname_GetUserInfo = $_SESSION['UserName'];}mysql_select_db($database_lager, $lager);$query_GetUserInfo = sprintf("SELECT * FROM Users WHERE UserName = %s", GetSQLValueString($colname_GetUserInfo, "text"));$GetUserInfo = mysql_query($query_GetUserInfo, $lager) or die(mysql_error());$row_GetUserInfo = mysql_fetch_assoc($GetUserInfo);$totalRows_GetUserInfo = mysql_num_rows($GetUserInfo);?>

Yes, i made the "User" and "UserName" before creating the boxes(i have also double checked that they have both big and smal characters), i also have a registration page that sends information to the database without problem.

Or, even better, remove the username from the URL completely and have the update page only show data for the username in the session.

Will the Update data in database toturial at w3schools do this?

mysqli_query($con,"UPDATE Persons SET Age=36WHERE FirstName='Peter' AND LastName='Griffin'");

So i have this from my database "FirstName", "LastName", "Email", "UserName" and "Password". I am not sure about the diffrence between "SET" and "WHERE". Would i example do this "SET FirstName=(to my textbox first name), LastName=(to my textbox last name) and so on" and then "WHERE FirstName=(old firstame in database) and so on"

So the code would be like this

mysqli_query($con,"UPDATE User SET FirstName=(textbox), LastName=(textbox)WHERE FirstName='(Firstname in database)' AND LastName='(Lastname in database)'");

Will this still work even if i am changing the value i am setting as "WHERE"? Sorry if i am asking silly questions, trying to learn this!

I have a file called update.php and controlpanel.php.

The update file is a place where a registered user can update their information, i have a text that links to update file from the controlpanel file.

I am using Dreamweaver CS6, at first i make it fill the text boxes i have made, the code shows {RegistrerUsers.FirstName} on the firstname box. Then i go to Server Behaviors and udate my recordset(User). There i set filter to "UserName, =, URL Parameter, UserName" and click ok. I would then add a "update" button and a hidden field as normal.

Now i go to my controlpanel file and edit my recordset(User), i will set this one to "UserName, =, Session Variable, UserName". I now mark my update text and link it to the update file, before clicking ok i press the Parameters button, on name i fill "UserName" and value i fill "<?php echo $row_User['UserName']; ?>".

Then when i try this it would not work, i do see that the link is like this "update.php?UserName=". I am currently logged in as admin, so when i put admin in the link like this "update.php?UserName=admin", all the information would show up. So it does not do this automatically. Another problem is that i have access to edit other users, example if i put the username "user" in the link like this "update.php?UserName=user", i would get all information from user still if i am logged in as admin. I can also login as "user" and show admin information.

Any idea of what i could have done wrong?