Check PHP coding is correct_问答_开发者_运维开发者技术经验分享

can someone please check the PHP coding is correct for this script. It needs a fresh pair of eyes to check.

Since this script is slightly older since I last worked on it, I can't remember what small change I made to fix it...

So what's wrong with it? The checkbox permissions aren't being saved at this moment - not sure why :(

if ($_POST) { 
$upd = mysqli_query($db, "UPDATE `tbl_user`  SET `username` = '".mysqli_real_escape_string($db,$_POST['username'])."', `userfullname` = '".mysqli_real_escape_string($db,$_POST['fullname'])."', `useremail` = '".mysqli_real_escape_string($db,$_POST['email'])."', `userlevel`= '".mysqli_real_escape_string($db,$_POST['userlevel'])."', `usertitle` = '".mysqli_real_escape_string($db,$_POST['title'])."' WHERE `userid` = '".mysqli_real_escape_string($db,$_GET['userid'])."'");
$insert = mysqli_query($db,"UPDATE `tbl_perms` SET
`1` ='" . mysqli_real_escape_string($db,$_POST['permsA_1']) . "',    
`2` ='" . mysqli_real_escape_string($db,$_POST['permsA_2']) . "',    
`3` ='" . mysqli_real_escape_string($db,$_POST['permsA_3']) . "',    
`4` ='" . mysqli_real_escape_string($db,$_POST['permsA_4']) . "',    
`5` ='" . mysqli_real_escape_string($db,$_POST['permsA_5']) . "', 
`6` ='" . mysqli_real_escape_string($db,$_POST['permsA_6']) . "',
`7` ='" . mysqli_real_escape_string($db,$_POST['permsA_7']) . "',
`8` ='" . mysqli_real_escape_string($db,$_POST['permsA_8']) . "',
`9` ='" . mysqli_real_escape_string($db,$_POST['permsA_9']) . "',
`10` ='" . mysqli_real_escape_string($db,$_POST['permsA_10']) . "',
`11` ='" . mysqli_real_escape_string($db,$_POST['permsA_11']) . "',
`12` ='" . mysqli_real_escape_string($db,$_POST['permsA_12']) . "',
`13` ='" . mysqli_real_escape_string($db,$_POST['permsA_13']) . "',
`14` ='" . mysqli_real_escape_string($db,$_POST['permsA_14']) . "',
`15` ='" . mysqli_real_escape_string($db,$_POST['permsA_15']) . "',
`16` ='" . mysqli_real_escape_string($db,$_POST['permsA_16']) . "',
`17` ='" . mysqli_real_escape_string($db,$_POST['permsA_17']) . "',
`18` ='" . mysqli_real_escape_string($db,$_POST['permsA_18']) . "',
`19` ='" . mysqli_real_escape_string($db,$_POST['permsA_19']) . "',
`20` ='" . mysqli_real_escape_string($db,$_POST['permsA_20']) . "',
`21` ='" . mysqli_real_escape_string($db,$_POST['permsA_21']) . "',
`22` ='" . mysqli_real_escape_string($db,$_POST['permsA_22']) . "'
WHERE `userid` = '$id' ")or die(mysqli_error($db));

$insert = mysqli_query($db,"UPDATE `tbl_usrdepts` SET
`1` ='" . mysqli_real_escape_string($db,$_POST['dept_1']) . "',    
`2` ='" . mysqli_real_escape_string($db,$_POST['dept_2']) . "',    
`3` ='" . mysqli_real_escape_string($db,$_POST['dept_3']) . "'    
WHERE `userid` = '$id' ")or die(mysqli_error($db));
$updated = "1";} 

if(!empty($_GET['userid'])) {       
 $sql = mysqli_query($db, "SELECT * from tbl_user WHERE userid = $id LIMIT 1");    
 if(mysqli_affected_rows($db) == 0) {        
   $noid = "1";    
 } else {        
   $current = mysqli_fetch_assoc($sql);        
   $currentperms  = mysqli_fetch_assoc(mysqli_query($db, "SELECT * from tbl_perms WHERE userid = $id"));
   $currentdepts  = mysqli_fetch_assoc(mysqli_query($db, "SELECT * from tbl_usrdepts WHERE userid = $id"));                        
  }} else {    
    $noidentered = "1";}
// Set Permissions
 $permissionid_select = mysqli_query($db,"SELECT * FROM `tbl_perms` WHERE `userid` = '$id'")or die(mysqli_error($db));
 $permissionid = mysqli_fetch_array($permissionid_select);
 $deptid_select = mysqli_query($db,"SELECT * FROM `tbl_usrdepts` WHERE `userid` = '$id'")or die(mysqli_error($db));
 $deptid = mysqli_fetch_array($deptid_select);
 $get_perms = mysqli_query($db,"SELECT * FROM `perm_sets` WHERE `status` = '1' ORDER BY `id` ASC")or die(mysqli_error($db));

And now for the display code:

<tr valign="top">
<td class="alt2">Application Permissions</td>
<td class="alt2"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr valign="top"><td>
<div id="ctrl_user[membergroupids]" class="smallfont">
<?
   while($i = mysqli_fetch_array($get_perms)){

$pname = $i[pname];
$id = $i[id];
?>
    <div>
<input type="checkbox" tabindex="1" name="permsA_<? echo $id;?>" value="1" <? if($permissionid[$id] == '1') {echo ' checked="checked" ';}?> /><?echo htmlspecialchars($pname);?></div>
<? } ?>     
</tr>
</table>
开发者_JAVA技巧<br />
</td>
</tr>

<tr valign="top">
<td class="alt1">User Departments</td>
<td class="alt1"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr valign="top"><td><div id="ctrl_user[membergroupids]" class="smallfont">
<?
$get_depts = mysqli_query($db,"SELECT * FROM `tbl_depts` ORDER BY `id` ASC")or die(mysqli_error($db));
while($i = mysqli_fetch_array($get_depts)){

$dname = $i[name];
$id = $i[id];
?>      
    <div><input type="checkbox" tabindex="1" name="dept_<? echo $id ;?>" value="1" <? if($deptid[$id] == '1') {echo ' checked="checked" ';}?> /><?echo htmlspecialchars($dname);?></div>
<? } ?> 
 </tr>
</table>
<br />
</td>
</tr>

Thanks!

A couple standard debugging techniques and comments:

comment out presentational code. It just obscures things.
print_r($var) immediately after each $var that isn't behaving. Start at the immediate problem and backtrack from there.
don't use php short tags (<?). They are deprecated.
echo out your SQL queries so you can see if they look the way you expect them to.

There is nothing immediately obvious in the giant pile of code you posted. Clean out the non-crucial stuff and you (and we) will more easily see what's going on.