I have the following code which is supposed to update info in database in certain conditions:
if password is set, do update 1, else do update 2.
Submit button seems to work, i tried to echo data after submit and all it's ok. I put an echo test for first update and seems to print the test (but it's not updating in sql server). I tried the same in the second update, and nothing printed.
What am i doing wrong ? Thank you.
function check_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
//if form has been submitted process it
if(isset($_POST['update'])){
$id = check_input($_POST['id']);
$username = check_input($_POST['username']);
$password = check_input($_POST['password']);
$passwordConfirm = check_input($_POST['passwordConfirm']);
$email = check_input($_POST['email']);
$activity = isset($_POST['activity']) ? 1 : 0;
//basic validation
if($username ==''){
$error[] = 'Trebuie introdus un nume.';
}
if( strlen($password) > 0){
if($password ==''){
$error[] = 'Trebuie introdusa o parola.';
}
if($passwordConfirm ==''){
$error[] = 'Trebuie introdusa o parola de confirmare.';
}
if($password != $passwordConfirm){
$error[] = 'Parolele nu se potrivesc.';
}
}
if($email ==''){
$error[] = 'Trebuie introdusa o adresa de email.';
}
if(!isset($error)){
try {
if(isset($password)){
$hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
//update database
$stmt = $handler->prepare('UPDATE users SET name = :username, password = :password, email = :email, activity = :activity WHERE id = :id') ;
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':id' => $id,
':activity' => $activity
));
} else {
//update database
$stmt = $handler->prepare('UPDATE users SET name = :username, email = :email, activity = :activity WHERE id = :id') ;
$stmt->execute(array(
':username' => $username,
':email' => $email,
':id' => $id,
':activity' => $activity
));
}
//redirect to index page
//header('Location: userlist.php?action=updated');
//exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
}
?>
<?php
if(isset($error)){
foreach($error as $error){
echo $error.'<br />';
}
}
try {
$stmt2 = $handler->prepare('SELECT id, name, email, activity FROM users WHERE id = :id') ;
$stmt2->execute(array(':id' => $_GET['id']));
$row = $stmt2->fetch();
} catch(PDOException $e) {
echo $e->getMessage();
}
?>
<form class="form-horizontal" action="" method="post">
<fieldset>
<legend><span style="margin-left:50px">Actualizare informatii utilizator</span></legend>
<div class="form-group">
<label class="col-md-4 control-label" for="textinput">Nume utilizator</label>
<div class="col-md-4">
<input id="textinput" name="username" value='<?php echo $row['name']; ?>' class="form-control input-md" type="text">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="textinput">Parola</label>
<div class="col-md-4">
<input id="textinput" name="password" class="form-control input-md" type="password">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="textinput">Confirma parola</label>
<div class="col-md-4">
<input id="textinput" name="passwordConfirm" class="form-control input-md" type="password">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="textinput">Adresa email</label>
<div class="col-md-4">
<input id="textinput" name="email" value="<?php echo $row['email']; ?>" class="form-control input-md" type="email">
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="radios">Activitate utilizator</label>
<div class="col-md-4">
<label class="radio-inline" for="radios-0">
<input name="activity" <?php if ($row['activity'] == 1) { echo 'checked="checked"';} ?> type="checkbox">
</label>
</div>
</div>
<div class="form-group">
<label class="col-md-4 control-label" for="send"></label>
<div class="col-md-4">
<input type="submit" name="update" value="Trimite" class="btn btn-primary">
</div>
</div>
</fieldset>
</form>