Ontzettend groot script voor heel weinig input.

Overzicht Reageren

Sponsored by: Vacatures door Monsterboard

Arno van Zanten

Arno van Zanten

17/04/2023 16:27:56
Quote Anchor link
Wie kan mij helpen met dit te verbeteren?
Ik heb waarschijnlijk een te moeilijk script gemaakt, werkt wel, maar denk dat het beter en kleiner kan.

Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
<?php
    /* profile page */
    if($_GET['menu'] == 'profile' && $_GET['action'] == 'edit') {
        
        /* Profile Edit */
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_GET['id']."";
        $results = mysqli_query($connect, $sql);
        $change = mysqli_fetch_all($results, MYSQLI_ASSOC);
            if($_GET['id'] == $_SESSION['ID']) {
                
            echo "<div class='edit'>
                    <form id='edit' action='index.php?menu=profile&action=adjust' method='POST'>"
;
            
            foreach($change as $edit) {
                echo "<div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change your Nickname here, this is visable on the profile</span>
                    </div>
                    <div id='info2'>Nickname : </div>
                    <div id='info'>
                        <input type='text' name='Nickname' placeholder='"
.$edit['Nickname']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change your work number if needed, this is visable on your profile</span>
                    </div>
                    <div id='info2'>Work Number : </div>
                    <div id='info'>
                        <input type='number' name='Wphone' placeholder='+"
.$edit['Wphone']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' name if needed</span>
                    </div>
                    <div id='info2'>ICE Name 1 : </div>
                    <div id='info'>
                        <input type='text' name='ICEName1' placeholder='"
.$edit['ICEName1']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' number if needed</span>
                    </div>
                    <div id='info2'>ICE Number 1 : </div>
                    <div id='info'>
                        <input type='number' name='ICePhone1' placeholder='+"
.$edit['ICePhone1']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' second name if needed</span>
                    </div>
                    <div id='info2'>ICE Name 2 : </div>
                    <div id='info'>
                        <input type='text' name='ICEName2' placeholder='"
.$edit['ICEName2']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the second 'In Case of Emergency' number if needed</span>
                    </div>
                    <div id='info2'>ICE Number 2 : </div>
                    <div id='info'>
                        <input type='number' name='ICEPhone2' placeholder='+"
.$edit['ICEPhone2']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit or change your email address</span>
                    </div>
                    <div id='info2'>Email : </div>
                    <div id='info'>
                        <input type='email' name='Address' placeholder='"
.$edit['Address']."'>
                    </div>"
;
            }

            echo "    <input type='submit' name='submit'>
                    </form>
                </div>"
;
            foreach($change as $nonedit) {
                
                $fname = $nonedit['Fname'];
                $lname = $nonedit['Lname'];
                $idcard = $nonedit['IDcard'];
                $bday = $nonedit['Birthday'];
                $private = $nonedit['Pphone'];
                $region = $nonedit['Nationality'];
                
            echo "<div class='reminder'>Can not be changed only by admin (<a href='mailto:[email protected]'>Send mail</a>)</div>
                <div class='nonedit'>
                    <div id='nonedit'>First name : "
.$fname."</div>
                    <div id='nonedit'>Last name : "
.$lname."</div>
                    <div id='nonedit'>ID Card : "
.$idcard."</div>
                    <div id='nonedit'>Birthday : "
.$bday."</div>
                    <div id='nonedit'>Private Number : +"
.$private."</div>
                    <div id='nonedit'>Nationality : "
.$region."</div>
                </div>"
;
            }
            }
else {
                echo "!!!! NOT YOUR PROFILE !!!! , <a href='index.php?menu=profile&action=edit&id=".$_SESSION['ID']."'>Click here</a> to go back";
            }
    }
elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'adjust') {
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
        $result = mysqli_query($connect, $sql);
        $profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
            /* changes */
            
            $nick = $_POST['Nickname'];
            $wp = $_POST['Wphone'];
            $icen1 = $_POST['ICEName1'];
            $icep1 = $_POST['ICePhone1'];
            $icen2 = $_POST['ICEName2'];
            $icep2 = $_POST['ICEPhone2'];
            $addr = $_POST['Address'];            
        
        foreach($profile as $profileid) {
            /* in dbase */
        
            $wname = $profileid['Nickname'];
            $wphone = $profileid['Wphone'];
            $icename1 = $profileid['ICEName1'];
            $icephone1 = $profileid['ICePhone1'];
            $icename2 = $profileid['ICEName2'];
            $icephone2 = $profileid['ICEPhone2'];
            $eaddr = $profileid['Address'];
            
        }

            echo "<form action='index.php?menu=profile&action=edityes' method='POST'";
            echo "</font></b>";            
            if(!empty($nick)) {
                echo "You Changed the Nickname : <b><font color='#008800'>".$wname."</font></b> to : <b><font color='#008800'>".$nick."</font></b><br />
                <input type='hidden' name='Nickname' value='"
.$_POST['Nickname']."'>";
            }

            if(!empty($wp)) {
                echo "You Changed the Work number : <b><font color='#008800'>+".$wphone."</font></b> to : <b><font color='#008800'>+".$wp."</font></b><br />
                <input type='hidden' name='Wphone' value='"
.$_POST['Wphone']."'>";
            }

            if(!empty($icen1)) {
                echo "You Changed ICE Name 1 : <b><font color='#008800'>".$icename1."</font></b> to : <b><font color='#008800'>".$icen1."</font></b><br />
                <input type='hidden' name='ICEName1' value='"
.$_POST['ICEName1']."'>";
            }

            if(!empty($icep1)) {
                echo "You Changed ICE Number 1 : <b><font color='#008800'>+".$icephone1."</font></b> to : <b><font color='#008800'>+".$icep1."</font></b><br />
                <input type='hidden' name='ICePhone' value='"
.$_POST['ICePhone1']."'>";
            }

            if(!empty($icen2)) {
                if(empty($icename2)) {
                    $icename2 = "[Not setted]";
                }

                echo "You Changed ICE Name 2 : <b><font color='#008800'>".$icename2."</font></b> to : <b><font color='#008800'>".$icen2."</b></font><br />
                <input type='hidden' name='ICEName2' value='"
.$_POST['ICEName2']."'>";
            }

            if(!empty($icep2)) {
                if(empty($icephone2)) {
                    $icephone2 = "[Not setted]";
                }

                echo "You Changed ICE Number 2 : <b><font color='#008800'>+".$icephone2."</font></b> to : <b><font color='#008800'>+".$icep2."</font></b><br />
                <input type='hidden' name='ICEPhone2' value='"
.$_POST['ICEPhone2']."'>";
            }

            if(!empty($addr)) {
                echo "You Changed your email address : <b><font color='#008800'>".$eaddr."</font></b> to : <b><font color='#008800'>".$addr."</font></b><br />
                <input type='hidden' name='Address' value='"
.$_POST['Address']."'>";
            }

        echo "If this information is correct, click <input type='submit' name='submit'> to confirm. click <b><font color='#880000'><a href='index.php?menu=profile'>here</a></font></b> to cancel";
        echo "</form>";
            
    }
elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {
        
        if(!empty($_POST['Nickname'])) {
            $query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            $query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            $query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            $query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            $query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            $query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            $query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        
        if(!empty($_POST['Nickname'])) {
            echo "Nickname is changed to ".$_POST['Nickname']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            echo "Work number is changed to +".$_POST['Wphone']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            echo "ICE name 1 is changed to ".$_POST['ICEName1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            echo "ICE number 1 is changed to +".$_POST['ICePhone1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            echo "ICE name 2 is changed to ".$_POST['ICEName2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            echo "ICE number 2 is changed to +".$_POST['ICEPhone2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            echo "Email address is changed to".$_POST['Address']."<br />";
        }
else {echo "No changes";}
        sleep(2);
        echo "Click <b><font color='#008800'><a href='index.php?menu=profile'>here</a></font></b> to go back";
        
    }
else{
    /* Profile View*/

        $user = $_SESSION['Nickname'];
        $usid = $_SESSION['ID'];
        
        echo "<div class='welcome'>".$user."</div>";
        
            $sql = "SELECT * FROM Girls WHERE ID = ".$usid."";
            $result = mysqli_query($connect, $sql);
            $profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
            
            echo "<div class='profile-grid'>";
            
                foreach($profile as $profileid) {

                    $TDate = date('Y-m-d');
                    $diff = date_diff(date_create($profileid['Birthday']), date_create($TDate));
                    $age = $diff->format('%y');
                    
                echo "<div class='profile-item' id='vissable'>Work name : ".$profileid['Nickname']."</div>";
                echo "<div class='profile-item' id='unvissable'>First name : ".$profileid['Fname']."</div>";
                echo "<div class='profile-item' id='unvissable'>IDcard : ".$profileid['IDcard']."</div>";
                if(empty($profileid['ICEName2'])){
                        echo "<div class='profile-item' id='unvissable'>ICE Name 2 : Not set</div>";
                    }
else{
                        echo "<div class='profile-item' id='unvissable'>ICE Name 2 : ".$profileid['ICEName2']."</div>";
                    }

    
                echo "<div class='profile-item' id='vissable'>Age : ".$age."</div>";
                echo "<div class='profile-item' id='unvissable'>Last Name : ".$profileid['Lname']."</div>";
                echo "<div class='profile-item' id='unvissable'>ICE Name 1 : ".$profileid['ICEName1']."</div>";
                if(empty($profileid['ICEPhone2'])){
                        echo "<div class='profile-item' id='unvissable'>ICE Number 2 : Not set</div>";
                    }
else{
                        echo "<div class='profile-item' id='unvissable'>ICE Number 2 : +".$profileid['ICEPhone2']."</div>";
                    }

                
                echo "<div class='profile-item' id='vissable'>Work Number : +".$profileid['Wphone']."</div>";
                echo "<div class='profile-item' id='unvissable'>Birthday : ".$profileid['Birthday']."</div>";
                echo "<div class='profile-item' id='unvissable'>ICE Number 1 : +".$profileid['ICePhone1']."</div>";
                                
                    
    
                    echo "<div class='profile-item' id='unvissable'>Email Address : ".$profileid['Address']."</div>";
                    echo "<div class='profile-item' id='vissable'>Nationality : ".$profileid['Nationality']."</div>";
                    echo "<div class='profile-item' id='unvissable'>Private Number : +".$profileid['Pphone']."</div>";
                    
                    
                }

            echo "</div>
                    <div class='legendas-grid'>
                        <div class='legendas' id='vissable'>This color means, visable on you profile page</div>
                        <div class='legendas' id='unvissable'>This color means, not visable on you profile page</div>
                    </div>
                    <div class='legendas-grid2'>
                        <div id='item-menu2'><a href='index.php?menu=profile&action=edit&id="
.$usid."'>Update your information</a></div>
                    </div>"
;
    }


?>


Je ziet wel wat ik gedaan heb, maar denk dat het beter kan.
 
PHP hulp

PHP hulp

21/11/2024 17:52:07
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 16:39:04
Quote Anchor link
Het ziet er aardig uit, maar ik heb wel wat puntjes.

- controleer met isset() of je GET-waarde bestaat, anders krijg je "Undefined index" foutmeldingen.
- Denk aan SQL-injection, Nu kan jan-en-alleman je query aanpassen met mogelijk gevaarlijke gevolgen van dien.
- Als het bij het wijzigen om je eigen gegevens gaat hoef je dit niet in de URL mee te geven. Aan de hand van je sessie is al bekend wie je bent. Als je een profiel van iemand anders wilt bekijken of wijzigen, dan is een GET-waarde wel noodzakelijk.
- Kopiëren van variabelen op lijn 78 t/m 83 en verderop in je code is onnodig.
- De sloot aan update-queries kan je prima samenbrengen naar een UPDATE die je eenmalig uitvoert. Als jij een berg aan chinees eten uit de koelkast wilt halen, dan loop je ook niet 12 keer heen en weer ;-)
- Grote lappen HTML-code zou ik buiten een echo, en ook buiten je PHP-blok plaatsen.
Gewijzigd op 17/04/2023 16:40:36 door - Ariën -
 
Arno van Zanten

Arno van Zanten

17/04/2023 16:54:37
Quote Anchor link
Mij gaat het vooral om dit gedeelte
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
    }elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'adjust') {
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
        $result = mysqli_query($connect, $sql);
        $profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
            /* changes */
            
            $nick = $_POST['Nickname'];
            $wp = $_POST['Wphone'];
            $icen1 = $_POST['ICEName1'];
            $icep1 = $_POST['ICePhone1'];
            $icen2 = $_POST['ICEName2'];
            $icep2 = $_POST['ICEPhone2'];
            $addr = $_POST['Address'];            
        
        foreach($profile as $profileid) {
            /* in dbase */
        
            $wname = $profileid['Nickname'];
            $wphone = $profileid['Wphone'];
            $icename1 = $profileid['ICEName1'];
            $icephone1 = $profileid['ICePhone1'];
            $icename2 = $profileid['ICEName2'];
            $icephone2 = $profileid['ICEPhone2'];
            $eaddr = $profileid['Address'];
            
        }

            echo "<form action='index.php?menu=profile&action=edityes' method='POST'";
            echo "</font></b>";            
            if(!empty($nick)) {
                echo "You Changed the Nickname : <b><font color='#008800'>".$wname."</font></b> to : <b><font color='#008800'>".$nick."</font></b><br />
                <input type='hidden' name='Nickname' value='"
.$_POST['Nickname']."'>";
            }

            if(!empty($wp)) {
                echo "You Changed the Work number : <b><font color='#008800'>+".$wphone."</font></b> to : <b><font color='#008800'>+".$wp."</font></b><br />
                <input type='hidden' name='Wphone' value='"
.$_POST['Wphone']."'>";
            }

            if(!empty($icen1)) {
                echo "You Changed ICE Name 1 : <b><font color='#008800'>".$icename1."</font></b> to : <b><font color='#008800'>".$icen1."</font></b><br />
                <input type='hidden' name='ICEName1' value='"
.$_POST['ICEName1']."'>";
            }

            if(!empty($icep1)) {
                echo "You Changed ICE Number 1 : <b><font color='#008800'>+".$icephone1."</font></b> to : <b><font color='#008800'>+".$icep1."</font></b><br />
                <input type='hidden' name='ICePhone' value='"
.$_POST['ICePhone1']."'>";
            }

            if(!empty($icen2)) {
                if(empty($icename2)) {
                    $icename2 = "[Not setted]";
                }

                echo "You Changed ICE Name 2 : <b><font color='#008800'>".$icename2."</font></b> to : <b><font color='#008800'>".$icen2."</b></font><br />
                <input type='hidden' name='ICEName2' value='"
.$_POST['ICEName2']."'>";
            }

            if(!empty($icep2)) {
                if(empty($icephone2)) {
                    $icephone2 = "[Not setted]";
                }

                echo "You Changed ICE Number 2 : <b><font color='#008800'>+".$icephone2."</font></b> to : <b><font color='#008800'>+".$icep2."</font></b><br />
                <input type='hidden' name='ICEPhone2' value='"
.$_POST['ICEPhone2']."'>";
            }

            if(!empty($addr)) {
                echo "You Changed your email address : <b><font color='#008800'>".$eaddr."</font></b> to : <b><font color='#008800'>".$addr."</font></b><br />
                <input type='hidden' name='Address' value='"
.$_POST['Address']."'>";
            }

        echo "If this information is correct, click <input type='submit' name='submit'> to confirm. click <b><font color='#880000'><a href='index.php?menu=profile'>here</a></font></b> to cancel";
        echo "</form>";
            
    }
elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {
        
        if(!empty($_POST['Nickname'])) {
            $query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            $query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            $query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            $query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            $query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            $query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            $query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        
        if(!empty($_POST['Nickname'])) {
            echo "Nickname is changed to ".$_POST['Nickname']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            echo "Work number is changed to +".$_POST['Wphone']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            echo "ICE name 1 is changed to ".$_POST['ICEName1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            echo "ICE number 1 is changed to +".$_POST['ICePhone1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            echo "ICE name 2 is changed to ".$_POST['ICEName2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            echo "ICE number 2 is changed to +".$_POST['ICEPhone2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            echo "Email address is changed to".$_POST['Address']."<br />";
        }
else {echo "No changes";}
        sleep(2);
        echo "Click <b><font color='#008800'><a href='index.php?menu=profile'>here</a></font></b> to go back";
        
    }

?>

[]/code]
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 17:04:32
Quote Anchor link
Ja, kan korter als je één query gebruikt, en denk ook hier aan SQL-injection.
iemand met de naam Jacques Joop d'Ancona zal zich nu vanwege de apostrof erin zijn naam niet kunnen aanpassen.

En vanwaar die sleep()?

Verder is <font> oud HTML wat al jaren niet meer actief gebruikt wordt. Het gebruik van CSS is al 20 jaar in.
Gewijzigd op 17/04/2023 17:05:05 door - Ariën -
 
Arno van Zanten

Arno van Zanten

17/04/2023 17:07:33
Quote Anchor link
<font> ik weet, maar was om een specifiek doel aan te geven.
Verder gebruik in CSS ja.
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 17:12:04
Quote Anchor link
Met een array, en een foreach() kan je ook het één en ander inkorten.
Je zou met array_diff kunnen kijken wat er aangepast is tussen je huidige data uit je databasevelden en de $_POST velden, en zo een selectie maken wat er geüpdated is.

Het is net hoever je wilt gaan. Elke applicatie kan je uiteindelijk wel efficiënter programmeren, maar het gaat er ook om dat het overzichtelijk blijft, en dat je niet opnieuw bugs introduceert. Dus blijven testen!

Als je een beetje ervaren met PHP bent, dan is PHPunit wel handig.
Gewijzigd op 17/04/2023 17:12:42 door - Ariën -
 
Arno van Zanten

Arno van Zanten

17/04/2023 17:17:47
Quote Anchor link
dat array_diff() lijkt me wel wat, even checken hoe dat werkt.
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 17:46:20
Quote Anchor link
Kijk maar gerust naar de werking van array_diff.

Het is niet dat het moet. Ikzelf overschrijf in een query al mijn data, ook al als ik het niet bewerkt heb.
Een dergelijke aanpassing met array_diff() betekent wel extra testwerk: Hoe gaat het om met speciale tekens? Wat als iets leeg is? En zo zijn er nog wel wat voorwaarden.

Als jij van leesbare code houdt, net als ik, dan is het prima om één query te maken met al je wel-en-niet aangepaste $_POST variabelen die je (uiteraard geëscaped) opslaat in je database.

Toevoeging op 17/04/2023 17:54:18:

Even een mooi voorbeeldje van de functie array_diff:
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<?php
$database_values
= array("name"=> "Jan Joker", "place"=>"Schubbekutteveen", "hobby"=>"Ballonvouwen");
$post_values = array("name"=> "Jan Joker", "place"=>"Schubbekutteveenschemond", "hobby"=>"Punniken");

$result = array_diff($post_values,$database_values);
print_r($result);

/*
Uitvoer is:
Array

(
    [place] => Schubbekutteveenschemond
    [hobby] => Punniken
)

*/

?>
Gewijzigd op 17/04/2023 17:46:35 door - Ariën -
 
Arno van Zanten

Arno van Zanten

17/04/2023 21:10:38
Quote Anchor link
Okay, maar ik wil ook zien wat precies wordt aangepast.

BV: Nickname -> Schaap is wordt nu -> Geit

Nu laat hij alleen zien wat er ingevoerd is.

BV: Geit
Gewijzigd op 17/04/2023 21:11:11 door Arno van Zanten
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 21:25:14
Quote Anchor link
Gebruik dan array_diff_assoc(...)
Gewijzigd op 17/04/2023 21:47:57 door - Ariën -
 
Arno van Zanten

Arno van Zanten

17/04/2023 21:34:45
Quote Anchor link
Blijft hetzelfde doen.
 
- Ariën  -
Beheerder

- Ariën -

17/04/2023 21:39:11
Quote Anchor link
Die velden met de waardes uit je database kan je toch oproepen uit je array?
Je hebt dus al de gegevens met zoals het was, en zoals het wordt.

Nog een puntje:
Waarom gebruik je mysqli_fetch_all()? Verwacht je soms dat ene gebruiker meer records heeft?
Enkel mysqli_fetch_assoc() om de data uit de database te halen is al voldoende. Die foreach() is echt onnodig.
Gewijzigd op 17/04/2023 21:49:54 door - Ariën -
 
Ivo P

Ivo P

17/04/2023 22:22:19
Quote Anchor link
En dan missen we ook nog een heel stel "htmlspecialchars()" op alle variabelen die je in de html echo't.

Als iemand zijn naam aanpast naar iets met een " erin, gaat je
<input type='hidden' name='Nickname' value='".$_POST['Nickname']."'>

stuk.

en als hij er iets van maakt als:
ik heet"><script>alert('evil');</script>

Dan geeft dat rare of vervelende effecten
 
Arno van Zanten

Arno van Zanten

18/04/2023 01:22:15
Quote Anchor link
Heb er nu dit van gemaakt.
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
<?php
    /* profile page */
    if($_GET['menu'] == 'profile' && $_GET['action'] == 'edit') {
        
        /* Profile Edit */
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
        $results = mysqli_query($connect, $sql);
        $change = mysqli_fetch_all($results, MYSQLI_ASSOC);
                
            echo "<div class='edit'>
                    <form id='edit' action='index.php?menu=profile&action=adjust' method='POST'>"
;
            
            foreach($change as $edit) {
                echo "<div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change your Nickname here, this is visable on the profile</span>
                    </div>
                    <div id='info2'>Nickname : </div>
                    <div id='info'>
                        <input type='text' name='Nickname' placeholder='"
.$edit['Nickname']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change your work number if needed, this is visable on your profile</span>
                    </div>
                    <div id='info2'>Work Number : </div>
                    <div id='info'>
                        <input type='number' name='Wphone' placeholder='+"
.$edit['Wphone']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' name if needed</span>
                    </div>
                    <div id='info2'>ICE Name 1 : </div>
                    <div id='info'>
                        <input type='text' name='ICEName1' placeholder='"
.$edit['ICEName1']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' number if needed</span>
                    </div>
                    <div id='info2'>ICE Number 1 : </div>
                    <div id='info'>
                        <input type='number' name='ICePhone1' placeholder='+"
.$edit['ICePhone1']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the 'In Case of Emergency' second name if needed</span>
                    </div>
                    <div id='info2'>ICE Name 2 : </div>
                    <div id='info'>
                        <input type='text' name='ICEName2' placeholder='"
.$edit['ICEName2']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit / Change the second 'In Case of Emergency' number if needed</span>
                    </div>
                    <div id='info2'>ICE Number 2 : </div>
                    <div id='info'>
                        <input type='number' name='ICEPhone2' placeholder='+"
.$edit['ICEPhone2']."'>
                    </div>
                    <div class='tooltip' id='info3'>
                        <img id='imginfo' src='./img/page/info.png'>
                        <span class='tooltiptext'>Edit or change your email address</span>
                    </div>
                    <div id='info2'>Email : </div>
                    <div id='info'>
                        <input type='email' name='Address' placeholder='"
.$edit['Address']."'>
                    </div>"
;
            }

            echo "    <input type='submit' name='submit'>
                    </form>
                </div>"
;
            foreach($change as $nonedit) {
                
                $fname = $nonedit['Fname'];
                $lname = $nonedit['Lname'];
                $idcard = $nonedit['IDcard'];
                $bday = $nonedit['Birthday'];
                $private = $nonedit['Pphone'];
                $region = $nonedit['Nationality'];
                
            echo "<div class='reminder'>Can not be changed only by admin (<a href='mailto:[email protected]'>Send mail</a>)</div>
                <div class='nonedit'>
                    <div id='nonedit'>First name : "
.$fname."</div>
                    <div id='nonedit'>Last name : "
.$lname."</div>
                    <div id='nonedit'>ID Card : "
.$idcard."</div>
                    <div id='nonedit'>Birthday : "
.$bday."</div>
                    <div id='nonedit'>Private Number : +"
.$private."</div>
                    <div id='nonedit'>Nationality : "
.$region."</div>
                </div>"
;
            }
            
    }
elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'adjust') {
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
        $result = mysqli_query($connect, $sql);
        $profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
            /* changes */
            
            $nick = $_POST['Nickname'];
            $wp = $_POST['Wphone'];
            $icen1 = $_POST['ICEName1'];
            $icep1 = $_POST['ICePhone1'];
            $icen2 = $_POST['ICEName2'];
            $icep2 = $_POST['ICEPhone2'];
            $addr = $_POST['Address'];            
        
        foreach($profile as $profileid) {
            /* in dbase */
        
            $wname = $profileid['Nickname'];
            $wphone = $profileid['Wphone'];
            $icename1 = $profileid['ICEName1'];
            $icephone1 = $profileid['ICePhone1'];
            $icename2 = $profileid['ICEName2'];
            $icephone2 = $profileid['ICEPhone2'];
            $eaddr = $profileid['Address'];
            
        }

        $database = array("Nickname"=>$wname, "Wphone"=>$wphone, "ICEName1"=>$icename1, "ICePhone1"=>$icephone1, "ICEName2"=>$icename2, "ICEPhone2"=>$icephone2, "Address"=>$eaddr);
        $changes = array("Nickname"=>$nick, "Wphone"=>$wp, "ICEName1"=>$icen1, "ICePhone1"=>$icep1, "ICEName2"=>$icen2, "ICEPhone2"=>$icep2, "Address"=>$addr);
        $diff = array_diff_assoc($changes, $database);
        
        echo "<form id='changes' action='index.php?menu=profile&action=edityes' method='POST'>";

            foreach($diff as $row) {
                if($row == $nick) {
                    if(!empty($nick)) {
                        echo "You changed Nickname to : ".$row.". Was before : ".$wname."<br />
                        <input type='hidden' name='Nickname' value='"
.$row."'>";
                    }
                }

                if($row == $wp) {
                    if(!empty($wp)) {
                        echo "You changed Work number to : ".$row.". Was before : ".$wphone."<br />
                        <input type='hidden' name='Wphone' value='"
.$row."'>";
                    }
                }

                if($row == $icen1) {
                    if(!empty($icen1)) {
                        echo "You changed ICE Name 1 to : ".$row.". Was before : ".$icename1."<br />
                        <input type='hidden' name='ICEName1' value='"
.$row."'>";
                    }
                }

                if($row == $icep1) {
                    if(!empty($icep1)) {
                        echo "You changed ICE number 1 to : ".$row.". Was before : ".$icephone1."<br />
                        <input type='hidden' name='ICePhone' value='"
.$row."'>";
                    }
                }

                if($row == $icen2) {
                    if(!empty($icen2)) {
                        $icename2 = 'Never set';
                        echo "You changed ICE Name 2 to : ".$row.". Was before : ".$icename2."<br />
                        <input type='hidden' name='ICEName2' value='"
.$row."'>";
                    }
                }

                if($row == $icep2) {
                    if(!empty($icep2)) {
                        $icephone2 = 'Never set';
                        echo "You changed ICE number 2 to : ".$row.". Was before : ".$icephone2."<br />
                        <input type='hidden' name='ICEPhone2' value='"
.$row."'>";
                    }
                }

                if($row == $addr) {
                    if(!empty($addr)) {
                        echo "You changed ICE number 2 to : ".$row.". Was before : ".$eaddr."<br />
                        <input type='hidden' name='Address' value='"
.$row."'>";
                    }
                }
            }

            echo "If this information is correct, click <input type='submit' name='submit'> to confirm.<br />
                click <b><font color='#880000'><a href='index.php?menu=profile'>here</a></font></b> to cancel"
;
            echo "</form>";
            
    }
elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {
        
        if(!empty($_POST['Nickname'])) {
            $query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            $query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            $query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            $query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            $query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            $query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            $query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
            
        if(!empty($_POST['Nickname'])) {
            echo "Nickname is changed to ".$_POST['Nickname']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            echo "Work number is changed to +".$_POST['Wphone']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            echo "ICE name 1 is changed to ".$_POST['ICEName1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            echo "ICE number 1 is changed to +".$_POST['ICePhone1']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            echo "ICE name 2 is changed to ".$_POST['ICEName2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            echo "ICE number 2 is changed to +".$_POST['ICEPhone2']."<br />";
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            echo "Email address is changed to".$_POST['Address']."<br />";
        }
else {echo "No changes";}
        sleep(2);
        echo "Click <b><font color='#008800'><a href='index.php?menu=profile'>here</a></font></b> to go back";
        
    }
else{

    /* Profile View*/
    
        echo "<div class='welcome'>".$_SESSION['Nickname']."</div>";
        
        $sql = "SELECT * FROM Girls WHERE ID = ".$_SESSION['ID']."";
        $result = mysqli_query($connect, $sql);
        $profile = mysqli_fetch_all($result, MYSQLI_ASSOC);
            
            echo "<div class='profile-grid'>";
            
                foreach($profile as $profileid) {

                    $TDate = date('Y-m-d');
                    $diff = date_diff(date_create($profileid['Birthday']), date_create($TDate));
                    $age = $diff->format('%y');
                    
                echo "<div class='profile-item' id='vissable'>Work name : ".$profileid['Nickname']."</div>";
                echo "<div class='profile-item' id='unvissable'>First name : ".$profileid['Fname']."</div>";
                echo "<div class='profile-item' id='unvissable'>IDcard : ".$profileid['IDcard']."</div>";
                if(empty($profileid['ICEName2'])){
                        echo "<div class='profile-item' id='unvissable'>ICE Name 2 : Not set</div>";
                    }
else{
                        echo "<div class='profile-item' id='unvissable'>ICE Name 2 : ".$profileid['ICEName2']."</div>";
                    }

                echo "<div class='profile-item' id='vissable'>Age : ".$age."</div>";
                echo "<div class='profile-item' id='unvissable'>Last Name : ".$profileid['Lname']."</div>";
                echo "<div class='profile-item' id='unvissable'>ICE Name 1 : ".$profileid['ICEName1']."</div>";
                if(empty($profileid['ICEPhone2'])){
                        echo "<div class='profile-item' id='unvissable'>ICE Number 2 : Not set</div>";
                    }
else{
                        echo "<div class='profile-item' id='unvissable'>ICE Number 2 : +".$profileid['ICEPhone2']."</div>";
                    }

                echo "<div class='profile-item' id='vissable'>Work Number : +".$profileid['Wphone']."</div>";
                echo "<div class='profile-item' id='unvissable'>Birthday : ".$profileid['Birthday']."</div>";
                echo "<div class='profile-item' id='unvissable'>ICE Number 1 : +".$profileid['ICePhone1']."</div>";
                echo "<div class='profile-item' id='unvissable'>Email Address : ".$profileid['Address']."</div>";
                echo "<div class='profile-item' id='vissable'>Nationality : ".$profileid['Nationality']."</div>";
                echo "<div class='profile-item' id='unvissable'>Private Number : +".$profileid['Pphone']."</div>";
                }

            echo "</div>
                    <div class='legendas-grid'>
                        <div class='legendas' id='vissable'>This color means, visable on you profile page</div>
                        <div class='legendas' id='unvissable'>This color means, not visable on you profile page</div>
                    </div>
                    <div class='legendas-grid2'>
                        <div id='item-menu2'><a href='index.php?menu=profile&action=edit'>Update your information</a></div>
                    </div>"
;
    }

?>


echter 1 ding kan ik niet aanpassen en dat is dit gedeelte
Code (php)
PHP script in nieuw venster Selecteer het PHP script
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?php
}elseif($_GET['menu'] == 'profile' && $_GET['action'] == 'edityes') {
        
        if(!empty($_POST['Nickname'])) {
            $query = 'UPDATE Girls SET Nickname="'.$_POST['Nickname'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Wphone'])) {
            $query = 'UPDATE Girls SET Wphone="'.$_POST['Wphone'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName1'])) {
            $query = 'UPDATE Girls SET ICEName1="'.$_POST['ICEName1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICePhone1'])) {
            $query = 'UPDATE Girls SET ICePhone1="'.$_POST['ICePhone1'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEName2'])) {
            $query = 'UPDATE Girls SET ICEName2="'.$_POST['ICEName2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['ICEPhone2'])) {
            $query = 'UPDATE Girls SET ICEPhone2="'.$_POST['ICEPhone2'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
        if(!empty($_POST['Address'])) {
            $query = 'UPDATE Girls SET Address="'.$_POST['Address'].'" WHERE ID="'.$_SESSION['ID'].'"';
            $result = mysqli_query($connect, $query);
        }
else {echo "No changes";}
}

?>

Pas ik dat aan naar 1 update, dan maakt hij alle velden leeg die niet veranderd zijn.
 
- Ariën  -
Beheerder

- Ariën -

18/04/2023 01:24:55
Quote Anchor link
Dan doe je blijkbaar iets fout. Je snapt wel dat we geen glazen bol hier hebben.
Maak liever even een korte testcase in tiental regels in een apart bestand. Dat werkt wat makkelijker met uittesten.

En waarom een tabel met Girls? Als je straks Mannen of andere sekses hebt ga je hopelijk toch geen nieuwe tabellen aanmaken? En wat als iemand Angelique 'd Boer heet? Dan verknalt je apostrof de query.
Gewijzigd op 18/04/2023 01:42:17 door - Ariën -
 
Ozzie PHP

Ozzie PHP

18/04/2023 03:39:09
Quote Anchor link
- Ariën - op 18/04/2023 01:24:55:
En wat als iemand Angelique 'd Boer heet?

Angelique 'd Boer ... melkt niet alleen uw koeien.
 



Overzicht Reageren

 
 

Om de gebruiksvriendelijkheid van onze website en diensten te optimaliseren maken wij gebruik van cookies. Deze cookies gebruiken wij voor functionaliteiten, analytische gegevens en marketing doeleinden. U vindt meer informatie in onze privacy statement.