简体   繁体   中英

How to edit the user information by admin

I am developing my first simple website using PHP. Now, I am working in the admin page and I want to let him adding, deleting users and editing the personal information of the existed users. I did the adding and deleting. Now, I want to develop editing users. First of all, I want him to choose the user from drop list, then fetch the user information automatically after choosing him from the drop list, and after that editing his information. So how can I do that?

My code:

<?php
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="13524"; // Mysql password
$db_name="sharingi_db"; // Database name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

?>

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<script language="javascript">
    function reload(form){
        var val=form.username.options[form.username.options.selectedIndex].value;
        self.location='editUser2.php?username=' + val ;
    }
    </script>
</head>
<body>

<div id="content_main" class="admin_student_height">

<!-- Here starts the first form -->
<form method="get">
        <h3>Choose A User</h3> <br />
        select name="username" onchange="reload(this.form)">

                <option> 
        <?php
           if(isset($_GET['username']))
           echo "{$_GET['username']}"; 
           else echo "Select one";
        ?> 
            </option>

                <?php
                   if(isset($_GET['username'])){
           $exceptcc = $_GET['username'];
           $sql = "SELECT username FROM user WHERE user.username NOT IN
                                 ('$exceptcc')";
                    }
           else 
           $sql = "SELECT username FROM user";
           $result = mysql_query($sql);
           while($row = mysql_fetch_array($result)){
           echo "<option value={$row['username']}>{$row['username']}</option>";
                                }
        ?>
        </select><br /><br />

        <h3>User Information</h3> <br />
        <?php 
           $thecc = $_GET['username'];
           $sql = "SELECT Firstname FROM user WHERE Username=$thecc";
           $result = mysql_query($sql);
           while($row = mysql_fetch_array($result)){
           echo "{$row['Firstname']}>{$row['Firstname']}}";
                                }
        ?>
        <br /><br />
        </form> <br />

        </div>
    </div>
</body>

I've been working on making a web-based ticketing system and ran into this same situation. I solved the problem like this:

  1. When the page is loaded, determine if they have admin rights or throw them off the page.
  2. Do an SQL Query to get the List of users, to either display in a list or in a drop down box.
  3. Once the User to edit has been selected, Do another Query and load each item into a field; what I did was use the same form for adding new users but have php build the form and insert the current values for that user into the fields.
  4. When this form is submitted, (and submitter verifed) I have the php script look at the submitted username and use that for the where clause in the sql update statement

If you want me to post up an example of what I did I can do that.

You are only echo'ing the user's information.

Instead, you need to put the information into a form, which will allow for editing.

<?php

 if ($_POST['submit']) {

 $username = $_POST['username'];

 //if you want to update
 mysql_query("UPDATE users SET username = '$username', password = '$password'");

 //if you want to delete
 mysql_query("DELETE FROM users WHERE username = '$username'");

 }

 ?>

 <?

 //show all users

$user_query = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($user_query)) {

echo $row['username'] . ' ' . $row['first_name'] . ' ' . $row['last_name'];
//and so on.. depending on your table fields

}


 ?>




<form method="POST">

Username: <input name="name" value="<?echo $row['username'?>"/>
<input type="submit" name="submit"/>

</form>
  1. Load data into your form, and add action to it like "save_user.php
  2. On that page save_user.php get data from $_POST, $_POST["firstName"] where firstName is name of your text field where you have loaded data from db
  3. write query "update tbl_users set FirstName='$firstName', Email='$email" and execute this query, because you are starter this can be enough but remember query written like this can be used for SQL Injection that means you can write SQL query into text field "firstname" and do some stuff, like delete all data or gain passwords, emails etc.

When you get this then use parameters in your MySQL query in order to avoid SQL Injection. But you will manage it.

if you want to fetch the user information automatically from the drop list (without clicking submit button), you need to use AJAX. Here is the link to a very good example on how to use ajax with php and mysql http://www.w3schools.com/php/php_ajax_database.asp

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM