Edit Users

[Jacques]

<?php

// This page is for editing a user record.
// This page is accessed through view_users.php.

// Require the configuration before any PHP code as the configuration controls error reporting:
require('./includes/config.inc.php');

// Require the database connection:
require(MYSQL);

// Include the header file:
$page_title = 'Edit User';
include('./includes/header.html');

// Check for a valid user ID, through GET or POST:
if ( (isset($_GET['id'])) && (is_numeric($_GET['id'])) ) { // From view_users.php
	$id = $_GET['id'];
} elseif ( (isset($_POST['id'])) && (is_numeric($_POST['id'])) ) { // Form submission.
	$id = $_POST['id'];
} else { // No valid ID, kill the script.
	echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>';
	include ('includes/footer.html'); 
	exit();
}

// For storing errors:
$edit_user_errors = array();

// Check if the form has been submitted:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {

	// Check for a first name:
	if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['first_name'])) {
		$fn = escape_data($_POST['first_name'], $dbc);
	} else {
		$edit_user_errors['first_name'] = 'Please enter your first name.';
	}
	
	// Check for a last name:
	if (preg_match('/^[A-Z \'.-]{2,45}$/i', $_POST['last_name'])) {
		$ln = escape_data($_POST['last_name'], $dbc);
	} else {
		$edit_user_errors['last_name'] = 'Please enter your last name.';
	}

	// Check for a country:
	if (filter_var($_POST['country'], FILTER_VALIDATE_INT, array('min_range' => 1))) {
		$c = $_POST['country'];
	} else { // No country selected.
		$edit_user_errors['country'] = 'Please select your country.';
	}

	// Check for an email address:
	if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === $_POST['email']) {
		$e = escape_data($_POST['email'], $dbc);
	} else {
		$edit_user_errors['email'] = 'Please enter a valid email address.';
	}
	
	if (empty($edit_user_errors)) { // If everything's OK.
	
		//  Test for unique email address:
		$q = "SELECT id FROM users WHERE email='$e' AND id != $id";
		$r = @mysqli_query($dbc, $q);
		if (mysqli_num_rows($r) == 0) {

			// Make the query:
			$q = "UPDATE users SET last_name='$ln', first_name='$fn', country='$c', email='$e' WHERE id=$id LIMIT 1";
			$r = @mysqli_query ($dbc, $q);
			if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

				// Print a message:
				echo '<div class="alert alert-success"><h3 class="text-center">The user has been edited.</h3></div>';	
				
			} else { // If it did not run OK.
				trigger_error('<div class="alert alert-warning"><h3>You could not be registered due to a system error. We apologize for any inconvenience. We will correct the error ASAP.</h3></div>');
			}
				
		} else { // Already registered.
			$edit_user_errors['email'] = 'The email address has already been registered.';
		}
	}
} // End of submit conditional.

// Always show the form:

// Retrieve the user's information:
$q = "SELECT u.last_name, u.first_name, c.country, u.email FROM users AS u INNER JOIN countries AS c USING (country_id) WHERE id=$id";
$r = @mysqli_query ($dbc, $q);

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

	// Get the user's information:
	$row = mysqli_fetch_array ($r, MYSQLI_NUM);
	
	require_once('./includes/form_functions.inc.php');

// Create the form:
?>
<h3>Edit User</h3>
<p>Use this page to edit a user.</p>
<form action="edit_user.php" method="post" accept-charset="utf-8">
<?php
create_form_input('last_name', 'text', '', $edit_user_errors, array('placeholder'=>'Last Name'));
create_form_input('first_name', 'text', '', $edit_user_errors, array('placeholder'=>'First Name'));

// Add the country drop down menu:
echo '<div class="form-group';
if (array_key_exists('country', $edit_user_errors)) echo ' has-error'; 

echo '"><select name="country" class="form-control">
<option>Select Country</option>';

// Retrieve all the country and add to the pull-down menu:
$q = "SELECT country_id, country FROM countries ORDER BY country ASC";
$r = mysqli_query($dbc, $q);
while ($row = mysqli_fetch_array($r, MYSQLI_NUM)) {
	echo "<option value=\"$row[0]\"";
	// Check for stickyness:
	if (isset($_POST['country']) && ($_POST['country'] == $row[0]) ) echo ' selected="selected"';
	echo ">$row[1]</option>\n";
}

echo '</select>';
if (array_key_exists('country', $edit_user_errors)) echo '<span class="help-block">' . $edit_user_errors['country'] . '</span>';
echo '</div>';

create_form_input('email', 'email', '', $edit_user_errors, array('placeholder'=>'Email Address')); ?>
<input type="submit" name="submit_button" value="Update User" id="submit_button" class="btn btn-primary" />
<input type="hidden" name="id" value="' . $id . '" />
</form>
<br>
<?php
} else { // Not a valid user ID.
	echo '<div class="alert alert-warning"><h3 class="text-center">This page has been accessed in error.</h3></div>';
}

mysqli_close($dbc);
		
include ('includes/footer.html');
?>

I am busy adding an admin function (to edit registered users) to the first web application - "selling virtual goods".

 

I have the following questions:

1. How do I get the above form to display the stored values for a selected user?  I am using the original form_functions.inc.php script.
2. How do I get the select option (Country) to recall the stored value for the user? 

I am using Apache 2.4.12, PHP 5.6.8 and MySQL5.0.11.

 

Any help will be much appreciated.

[Larry]

The easiest, hackiest solution is to assign the values retrieved from the database to POST variables and then the form functions script will use them automatically:

$_POST['last_name'] = $row[0];
// And others

You'd do this immediately after fetching the user from the database. 

 

Alternatively you'd update the form function to accept a default value and then change the calls to use that. 

[Jacques]

Hi Larry,

 

I implemented your first suggestion and it worked perfectly the first time - of course!

 

Thank you so much for your books and this forum!

[Larry]

Awesome! Thanks for letting us know and for the nice words!