Jump to content
Larry Ullman's Book Forums

Recommended Posts


// This page is for editing a user record.
// This page is accessed through view_users.php.

// Require the configuration before any PHP code as the configuration controls error reporting:

// Require the database connection:

// Include the header file:
$page_title = 'Edit User';

// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
	$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
	$id = $_POST['id'];
} else { // No valid ID, kill the script.
	echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>';
	include ('includes/footer.html'); 

// For storing errors:
$edit_user_errors = array();

// Check if the form has been submitted:

	// Check for a first name:
	if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) {
		$fn = escape_data($_POST['first_name'], $dbc);
	} else {
		$edit_user_errors['first_name'] = 'Please enter your first name.';
	// Check for a last name:
	if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
		$ln = escape_data($_POST['last_name'], $dbc);
	} else {
		$edit_user_errors['last_name'] = 'Please enter your last name.';

	// Check for a country:
	if (filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
		$c = $_POST['country'];
	} else { // No country selected.
		$edit_user_errors['country'] = 'Please select your country.';

	// Check for an email address:
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
		$e = escape_data($_POST['email'], $dbc);
	} else {
		$edit_user_errors['email'] = 'Please enter a valid email address.';
	if (empty($edit_user_errors)) { // If everything's OK.
		//  Test for unique email address:
		$q = "SELECT id FROM users WHERE email='$e' AND id != $id";
		$r = @mysqli_query($dbc, $q);
		if (mysqli_num_rows($r) == 0) {

			// Make the query:
			$q = "UPDATE users SET last_name='$ln', first_name='$fn', country='$c', email='$e' WHERE id=$id LIMIT 1";
			$r = @mysqli_query ($dbc, $q);
			if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

				// Print a message:
				echo '<div class="alert alert-success"><h3 class="text-center">The user has been edited.</h3></div>';	
			} else { // If it did not run OK.
				trigger_error('<div class="alert alert-warning"><h3>You could not be registered due to a system error. We apologize for any inconvenience. We will correct the error ASAP.</h3></div>');
		} else { // Already registered.
			$edit_user_errors['email'] = 'The email address has already been registered.';
} // End of submit conditional.

// Always show the form:

// Retrieve the user's information:
$q = "SELECT u.last_name, u.first_name, c.country, u.email FROM users AS u INNER JOIN countries AS c USING (country_id) WHERE id=$id";
$r = @mysqli_query ($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

	// Get the user's information:
	$row = mysqli_fetch_array ($r, MYSQLI_NUM);

// Create the form:
<h3>Edit User</h3>
<p>Use this page to edit a user.</p>
<form action="edit_user.php" method="post" accept-charset="utf-8">
create_form_input('last_name', 'text', '', $edit_user_errors, array('placeholder'=>'Last Name'));
create_form_input('first_name', 'text', '', $edit_user_errors, array('placeholder'=>'First Name'));

// Add the country drop down menu:
echo '<div class="form-group';
if (array_key_exists('country', $edit_user_errors)) echo ' has-error'; 

echo '"><select name="country" class="form-control">
<option>Select Country</option>';

// Retrieve all the country and add to the pull-down menu:
$q = "SELECT country_id, country FROM countries ORDER BY country ASC";
$r = mysqli_query($dbc, $q);
while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) {
	echo "<option value=\"$row[0]\"";
	// Check for stickyness:
	if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"';
	echo ">$row[1]</option>\n";

echo '</select>';
if (array_key_exists('country', $edit_user_errors)) echo '<span class="help-block">' . $edit_user_errors['country'] . '</span>';
echo '</div>';

create_form_input('email', 'email', '', $edit_user_errors, array('placeholder'=>'Email Address')); ?>
<input type="submit" name="submit_button" value="Update User" id="submit_button" class="btn btn-primary" />
<input type="hidden" name="id" value="' . $id . '" />
} else { // Not a valid user ID.
	echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>';

include ('includes/footer.html');

I am busy adding an admin function (to edit registered users) to the first web application - "selling virtual goods".


I have the following questions:

  1. How do I get the above form to display the stored values for a selected user?  I am using the original form_functions.inc.php script.
  2. How do I get the select option (Country) to recall the stored value for the user? 

I am using Apache 2.4.12, PHP 5.6.8 and MySQL5.0.11.


Any help will be much appreciated.

Link to comment
Share on other sites

The easiest, hackiest solution is to assign the values retrieved from the database to POST variables and then the form functions script will use them automatically:

$_POST['last_name'] = $row[0];
// And others

You'd do this immediately after fetching the user from the database. 


Alternatively you'd update the form function to accept a default value and then change the calls to use that. 

Link to comment
Share on other sites


  • Create New...