1

I have a form with user details and an update statement that will update such details if the user wants to, i added validation so that an email cannot be associated with another account hence the if($checkuser != 0)

The issue with the statement is that if the user doesn't change their email and updates their details, they will get an error saying email already exist.

I wanted to integrate after the email existence check something like else if(($_POST["myusername"]) == ($row['email'])) then continue updating.(myusername variable name contains the email) meaning that if the posted email is the same as their current email then continue updating.

But i am getting lost, since i am relatively new with PHP i am having trouble with parenthesis and brackets.

Here is my code

if($_POST['usubmit']=='Update') 
{
    $Uerr = array();

    if (!$_POST['fullname'] || !$_POST['myusername']) 
        {   
            $Uerr[] = '» Name or Email must be filled in!';
        }

    if (!checkEmail($_POST['myusername']))
        {
            $Uerr[]='» Your email is not valid!';
        }


    // If there are no errors
    if(!count($Uerr))
        {
            /* Now we will check if username is already in use or not */
           $queryuser=mysql_query("SELECT * FROM customer WHERE email='" . mysql_real_escape_string($_POST["myusername"]) . "'");
           $checkuser=mysql_num_rows($queryuser);

           if($checkuser != 0)
            { 
                $Uerr[]='» Sorry this email is already registered!';
            }

        else 
                {
                    $updateDetails = mysql_query("UPDATE customer SET 
                    name = '" . mysql_real_escape_string($_POST["fullname"]) . "', 
                    dob = '" . mysql_real_escape_string($_POST["dob"]) . "',  
                    address = '" . mysql_real_escape_string($_POST["address"]) . "', 
                    email = '" . mysql_real_escape_string($_POST["myusername"]) . "', 
                    telephone = '" . mysql_real_escape_string($_POST["telephone"]) . "' 
                    WHERE cus_id = '$cus_id'"); 

                    if ($updateDetails) 

                            $_SESSION['Umsg']['Ureg-success']="» Your details have been updated successfully!";

                       else { 
                              $Uerr[]='» error updating your account'.mysql_error(); 
                            }
                }
        }
            if(count($Uerr))
            {
                $_SESSION['Umsg']['Ureg-err'] = implode('<br />',$Uerr);
            }

    header("Location: account.php");
    exit;        
}
Improve this question
1
  • 1
    the way i usually do, is that in the updating form i leave the email field blank (or the password since it's just a hash in the DB). and in the target page, i check, if the email field is not empty then i check the email and everything, if it is empty then i just simply remove it from the sql statement altogether. in your case, you can simply add "AND user_id != $current_user_id" and by that his own record won't come up in the query Commented Apr 14, 2012 at 18:49

4 Answers 4

Reset to default
2

this should work

if($_POST['usubmit']=='Update') 
{
    $Uerr = array();

    if (!$_POST['fullname'] || !$_POST['myusername']) 
        {   
            $Uerr[] = '&raquo; Name or Email must be filled in!';
        }

    if (!checkEmail($_POST['myusername']))
        {
            $Uerr[]='&raquo; Your email is not valid!';
        }


    // If there are no errors
    if(!count($Uerr))
        {
            /* Now we will check if username is already in use or not */
           $queryuser=mysql_query("SELECT * FROM customer WHERE email='" . mysql_real_escape_string($_POST["myusername"]) . "' AND cus_id !=" . $cus_id(mysql_real_escape_string));

           $checkuser=mysql_num_rows($queryuser);

           if($checkuser != 0)
            { 
                $Uerr[]='&raquo; Sorry this email is already registered!';
            }

        else 
                {
                    $updateDetails = mysql_query("UPDATE customer SET 
                    name = '" . mysql_real_escape_string($_POST["fullname"]) . "', 
                    dob = '" . mysql_real_escape_string($_POST["dob"]) . "',  
                    address = '" . mysql_real_escape_string($_POST["address"]) . "', 
                    email = '" . mysql_real_escape_string($_POST["myusername"]) . "', 
                    telephone = '" . mysql_real_escape_string($_POST["telephone"]) . "' 
                    WHERE cus_id = '$cus_id'"); 

                    if ($updateDetails) 

                            $_SESSION['Umsg']['Ureg-success']="&raquo; Your details have been updated successfully!";

                       else { 
                              $Uerr[]='&raquo; error updating your account'.mysql_error(); 
                            }
                }
        }
            if(count($Uerr))
            {
                $_SESSION['Umsg']['Ureg-err'] = implode('<br />',$Uerr);
            }

    header("Location: account.php");
    exit;        
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks Al, AND cus_id !='" . $cus_id . "' is what I was missing
Solve the problem but won't work if you try to use the same function to update the logged user information.
2

I have a form with user details and an update statement that will update such details if the user wants to, i added validation so that an email cannot be associated with another account hence the The issue with the statement is that if the user doesn't change their email and updates their details, they will get an error saying email already exist.

Why don't you just check if there is existed email with another account except his account which can be solved with a few changes to your query.

$queryuser=mysql_query("SELECT * FROM customer WHERE email='" . 
mysql_real_escape_string($_POST["myusername"]) . "' AND cus_id!=" . intval($cus_id));
Improve this answer

1 Comment

Thanks Invisal AND cus_id !='" . $cus_id . "' is what was missing
1

I do something ugly but works great.

I add the actual info on some hidden inputs like:

<input type="hidden" name="actual_email" value="<?php echo $object->email; ?>" />

Now you just need to check if the email on the user input (the visible one) is the same on the hidden input, if yes, just ignore the email validation because it means the user hasn't changed his email.

Improve this answer

Comments

0

When you are having a user change their information, they should only have access to their account (for security & privacy purposes). Therefore you should use their e-mail as the identifier when getting their information.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.