Royal Guardian Posted October 12, 2015 Posted October 12, 2015 Hey MWG, I am here with a big request which is for someone to re-code the script for me. Much secure and efficient. I tried re-coding it myself however, I am failing with many errors. And it looks like a complete mess. Error at the moment - QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 Query was SELECT * FROM `users` WHERE `userid` = <?php require_once('sglobals.php'); echo "<h3><u>Edit User</u></h3>"; $_POST['userid'] = array_key_exists('userid', $_POST) && ctype_digit($_POST['userid']) ? $_POST['userid'] : ''; $_POST['ID'] = array_key_exists('ID', $_POST) && ctype_digit($_POST['ID']) ? $_POST['ID'] : ''; $_GET['ID'] = array_key_exists('ID', $_GET) && ctype_digit($_GET['ID']) ? $_GET['ID'] : ''; if(!isset($_POST['ID'])) { foreach($_POST as $k => $v) { $db->query("UPDATE `users` SET " . $k . " = '" . $v . "' WHERE `userid` = " . $_POST['userid']); } stafflog_add("Edited {$_POST['userid']}"); confirmation("Edited {$_POST['userid']}"); } if(!$_GET['ID'] AND !$_POST['userid']) { echo "Please select the user you wish to edit below.<br/>Some of the edit fields have been disabled and hidden to protect certain details about the user. <table width = '70%' class = 'table' cellpadding = '5' cellspacing = '1'> <tr> <th width = '50%'>Userid</th> <th width = '50%'>Username</th> </tr> <tr> <td style = 'text-align: center;'> <form action = '" . basename($_SERVER['SCRIPT_FILENAME']) . "' method = 'GET'> <input type = 'text' name = 'ID'> <input type = 'submit' value = 'Edit'> </form> </td> <td style = 'text-align: center;'> <form action = '" . basename($_SERVER['SCRIPT_FILENAME']) . "' method = 'GET'> " . user_dropdown($c, 'ID') . " <input type = 'submit' value = 'edit'> </form> </td> </tr> </table>"; } function showTable($variable) { if ($variable === true) { return 'true'; } else if ($variable === false) { return 'false'; } else if ($variable === null) { return 'null'; } else if (is_array($variable)) { $html = "<table width = '80%' class = 'table' cellpadding = '5' cellspacing = '1' style = 'text-align: left;'> <tr><th colspan = '2'>Currently editing user " . $variable['username'] . " [" . $_GET['ID'] . "] <div style = 'float: right;'><a href ='staff_edituser.php'>>Go Back</a></div></th></tr> <tr><th width = '20%' style = 'text-align: left;'>Field</th><th style = 'text-align: left;'>Value</th></tr>"; foreach ($variable as $key => $value) { $value = showTable($value); $hide = array('userpass','pass_salt','profile_signature','user_notepad','forums_signature','user_level','login_name'); if(!in_array($key, $hide)) { $html .= "<tr><td style='text-align: left;'>" . ucfirst($key) . "</td> <td style='text-align: left;'> <input type='text' name='".$key."' value='".$value."' size='70'> </td></tr>"; } } return $html; } else { return strval($variable); } } $ro = $db->query("SELECT * FROM `users` WHERE `userid` = " . $_GET['ID']); if(!$db->num_rows($ro)) { error("No users found"); } $r = $db->fetch_row($ro); echo "<form action='staff_edituser.php' method='post'>"; echo showTable($r); echo "<tr><td colspan = '2'><input type='submit' value='Save new settings'></td></tr></form> </table>"; $h->endpage(); ?> Quote
KyleMassacre Posted October 12, 2015 Posted October 12, 2015 Your error is because you are not $_POSTing a key named ID. If you notice, when you select your user it is using $_GET. You are in fact posting the userid though. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.