Registration and login work fine. Update also updates the information to the database. However if 2 people with the same first name register on the database it automatically defaults both those accounts to the last person who has the same first name that registered on the database instead of updating and showing the information for that particular user. So if Joe - joe@xxx.co.za registers and then another Joe - joe@sss.co.za then when Joe (sss) logins in he can see all Joe(xxx) information and when he updates his details it updates Joe (xxx) account instead of showing and updating Joe (sss) account. I think there is a problem with the session "id" and the update "id" that's causing this problem but I just can't see where it is.... can anyone assist with this? It's not using the email address as the "id" but is using the "name"..... Here's the code:
The start session coding:
<?php
session_start();
$toplinks = "";
if (isset($_SESSION['id'])) {
// Put stored session variables into local php variable
$userid = $_SESSION['id'];
$email = $_SESSION['email'];
$toplinks = '<a href="member_account.php?id=' . $userid . '">Enter CV step-by-step</a> |
<a href="view_personal_details.php?id=' . $userid . '">View Personal Details</a> |
<a href="view_your_cv.php?id=' . $userid . '">View CV</a> |
<a href="edit_your_cv.php?id=' . $userid . '">Edit CV</a> |
<a href="change_password.php?id=' . $userid . '">Change Password</a> |
<a href="logout.php">Log Out</a>';
} else {
echo 'Please <a href="login.php">log in</a> to access your account';
exit();
}
?>
And the update coding is:
<?php
include_once "connect_to_mysql.php";
echo print_r($_POST);
$id = $_SESSION['id'];
if (isset($_POST['email'])){
$update='';
if(isset($_POST['title']) and trim($_POST['title']) <> '') $update .= "title = '" . mysql_real_escape_string($_POST['title']) . "',";
if(isset($_POST['name']) and trim($_POST['name']) <> '') $update .= "name = '" . mysql_real_escape_string($_POST['name']) . "',";
if(isset($_POST['surname']) and trim($_POST['surname']) <> '') $update .= "surname = '" . mysql_real_escape_string($_POST['surname']) . "',";
if(isset($_POST['identityno']) and trim($_POST['identityno']) <> '') $update .= "identityno = '" . mysql_real_escape_string($_POST['identityno']) . "',";
if(isset($_POST['gender']) and trim($_POST['gender']) <> '') $update .= "gender = '" . mysql_real_escape_string($_POST['gender']) . "',";
if(isset($_POST['birthdate']) and trim($_POST['birthdate']) <> '') $update .= "birthdate = '" . mysql_real_escape_string($_POST['birthdate']) . "',";
if(isset($_POST['ethnicity']) and trim($_POST['ethnicity']) <> '') $update .= "ethnicity = '" . mysql_real_escape_string($_POST['ethnicity']) . "',";
if(isset($_POST['nationality']) and trim($_POST['nationality']) <> '') $update .= "nationality = '" . mysql_real_escape_string($_POST['nationality']) . "',";
if(isset($_POST['email']) and trim($_POST['email']) <> '') $update .= "email = '" . mysql_real_escape_string($_POST['email']) . "',";
if(isset($_POST['homeaddress']) and trim($_POST['homeaddress']) <> '') $update .= "homeaddress = '" . mysql_real_escape_string($_POST['homeaddress']) . "',";
if(isset($_POST['province']) and trim($_POST['province']) <> '') $update .= "province = '" . mysql_real_escape_string($_POST['province']) . "',";
if(isset($_POST['suburb']) and trim($_POST['suburb']) <> '') $update .= "suburb = '" . mysql_real_escape_string($_POST['suburb']) . "',";
if(isset($_POST['hometele']) and trim($_POST['hometele']) <> '') $update .= "hometele = '" . mysql_real_escape_string($_POST['hometele']) . "',";
if(isset($_POST['celltele']) and trim($_POST['celltele']) <> '') $update .= "celltele = '" . mysql_real_escape_string($_POST['celltele']) . "',";
if(isset($_POST['creditclear']) and trim($_POST['creditclear']) <> '') $update .= "creditclear = '" . mysql_real_escape_string($_POST['creditclear']) . "',";
if(isset($_POST['criminalrecord']) and trim($_POST['criminalrecord']) <> '') $update .= "criminalrecord = '" . mysql_real_escape_string($_POST['criminalrecord']) . "',";
if(isset($_POST['driverslicense']) and trim($_POST['driverslicense']) <> '') $update .= "driverslicense = '" . mysql_real_escape_string($_POST['driverslicense']) . "',";
if(isset($_POST['owntransport']) and trim($_POST['owntransport']) <> '') $update .= "owntransport = '" . mysql_real_escape_string($_POST['owntransport']) . "',";
if(isset($_POST['medicalconditions']) and trim($_POST['medicalconditions']) <> '') $update .= "medicalconditions = '" . mysql_real_escape_string($_POST['medicalconditions']) . "',";
$update=substr($update,0,-1);
$sql = "UPDATE cic_candidates set $update WHERE id = '" . mysql_real_escape_string($id) . "'";
mysql_query($sql);
echo $sql;
echo '<center>';
echo '<strong><font color=black family=tahoma size=5><br /><br /><br /><br />Successful!<br /><br /><br /> Your account info has been updated...<br /><br /><br />
To view your updated information at <font color=blue>View Personal Details</font> - <a href="view_personal_details.php?id=' . $userid . '">click here<br /></a><br /><br />To return to your <font color=blue>Edit Personal Details</font> page - <a href="edit_personal_details.php?id=' . $userid . '">click here</a><br /><br /></font></strong>';
mysql_close();
exit();
}
?>