Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Using Get To Update Handler Information

Started by Steve Marcano, Jan 20 2009 10:40 AM

You cannot reply to this topic
Go to first unread post

10 replies to this topic

#1 Steve Marcano

Young Padawan

Members
31 posts

Gender:Male
Location:Tucson, Arizona

Posted 20 January 2009 - 10:40 AM

What I have is a list of handlers (users) in a html table with the word edit by their name and when clicked on it takes them to the following function where their user info can be edited and updated to the DB table.

What I would like help doing is making this function into where it'll call the info from the DB for the selected user and updated to the DB table. I have also included a pae called TheAjaxHandler.php which have been used to post the values for making a user to the DB and know I'll probably have to do something in that file to repost it.

backstagefunctions.php

function edithandler() {
print '<h1 class=backstage>Handler Management</h1><br />';
print '<h2 class=backstage>Edit Handler Details</h2><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 onfocus="this.select()" value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Surname:</td><td class=row3>';
print '<input type=text name=surname class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Firstname:</td>';
print '<td class=row3><input type=text name=firstname class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Email:</td>';
print '<td class=row3><input type=text name=email class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>AIM:</td>';
print '<td class=row3><input type=text name=aim class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>MSN:</td>';
print '<td class=row3><input type=text name=msn class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Forum ID:</td>';
print '<td class=row3><input type=text name=forumid class=fieldtext490 value=""></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Account:</td>';
print '<td class=row3><select name=enabled class=selection>';
print '<option value=1>Enabled<option value=0>Disabled</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Administrator:</td>';
print '<td class=row3><select name=isadministrator class=selection>';
print '<option value=1>Yes<option value=0>No';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Default Character:</td>';
print '<td class=row3></td>';
print '</tr>';
print '</table><br />';
print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
print '<input type=submit value="Save Handler" class=button></form><br />';
print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
print '<br /><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

TheAjaxHandler.php

<?php
if(isset($_POST))
{
	//Form was submitted - determine the form
	if ( isset ( $_POST['addhandler'] ) ) {
		// Define the query.
		$password = md5($p); // Currently $p does not have a value
		$login = $_POST['login'];
		$p = $_POST['password'];
		$surname = $_POST['surname'];
		$firstname = $_POST['firstname'];
		$email = $_POST['email'];
		$aim = $_POST['aim'];
		$msn = $_POST['msn'];
		$forumid = $_POST['forumid'];
		$account = $_POST['account'];
		$admin = $_POST['admin'];
		
		$query = "INSERT INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The handler has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	
	if ( isset ( $_POST['addcharacter'] ) ) {
		// Define the query.
$charactername = $_POST ['charactername'];
$username = $_POST ['username'];
$posername = $_POST ['posername'];
$style = $_POST ['style'];
$gender = $_POST ['gender'];
$status = $_POST ['status'];
$division = $_POST ['division'];
$alignment = $_POST ['alignment'];
$sort = $_POST ['sort'];
$query = "INSERT INTO `characters` (`charactername`, `username`, `posername`, `style`, `gender`, `status`, `division`, `alignment`, `sort`) VALUES ('".addslashes($charactername)."', '".addslashes($username)."', '".addslashes($posername)."','".addslashes($style)."', '".addslashes($gender)."', '".addslashes($status)."', '".addslashes($division)."', '".addslashes($alignment)."', '".addslashes($sort)."')";

// Execute the query.
if (@mysql_query ( $query )) {
print '<p>The character has been added.</p>';
} else {
print '<p>Could not add the character because: <b>" . mysql_error() . "</b>. The query was $query.</p>';
}
//mysql_close ();
	}
  //Form was submitted - determine the form
	if ( isset ( $_POST['addmatchtype'] ) ) {
		// Define the query.
		$typename = $_POST['typename'];
		
		$query = "INSERT INTO `matchtypes` (`matchtype`) VALUES ('".addslashes($typename)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The match type has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['adddivision'] ) ) {
		// Define the query.
		$divisionname = $_POST['divisionname'];
		
		$query = "INSERT INTO `divisions` (`name`) VALUES ('".addslashes($divisionname)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The division has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['addeventnameweekly'] ) ) {
		// Define the query.
		$eventname = $_POST['eventname'];
		$shortname = $_POST['shortname'];
		
		$query = "INSERT INTO `events` (`type`,`eventname`,`shortname`) VALUES ('Weekly Event','".addslashes($eventname)."','".addslashes($shortname)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The event name has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['addeventnameppv'] ) ) {
		// Define the query.
		$eventname = $_POST['eventname'];
		$shortname = $_POST['shortname'];
		
		$query = "INSERT INTO `events` (`type`,`eventname`,`shortname`,) VALUES ('Pay Per View','".addslashes($eventname)."','".addslashes($shortname)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The event name has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	
}	
?>

I c&p the addhandler post submit in TheAjaxHandler.php file and changed just the submit part to edithandler like this:

//Form was submitted - determine the form
	if ( isset ( $_POST['edithandler'] ) ) {
		// Define the query.
		$password = md5($p); // Currently $p does not have a value
		$login = $_POST['login'];
		$p = $_POST['password'];
		$surname = $_POST['surname'];
		$firstname = $_POST['firstname'];
		$email = $_POST['email'];
		$aim = $_POST['aim'];
		$msn = $_POST['msn'];
		$forumid = $_POST['forumid'];
		$account = $_POST['account'];
		$admin = $_POST['admin'];
		
		$query = "UPDATE INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The handler has been edited.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}

Hopefully that's right, however, I still don't know what I need to do to do the call for the data in the actual form.

#2 023-jimmy

Young Padawan

Members
44 posts

Posted 20 January 2009 - 11:08 AM

So what you're trying to do is to put the current info from the user in the text boxes?

My suggestion is to create a php function like this:

function getFormData($user, $field){
	  $username = $user
	  $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
 }

Then in your html you call the function like this:

	  echo "<input type=\"text\" name=\"surname\" class=\"fieldtext490\" value=\"". getFormData($username, "surname") ."\">";

I'm not sure where you are getting your $username from. It seems you made an input field for this, but this way everybody is able to edit the info from another person?

Another thing:

$query = "UPDATE INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."')";

I'm missing a WHERE statement in this query. You are going to update something, but you defined no row to update it in.

Edited by 023-jimmy, 20 January 2009 - 11:11 AM.

#3 Steve Marcano

Young Padawan

Members
31 posts

Gender:Male
Location:Tucson, Arizona

Posted 03 February 2009 - 02:02 PM

Okay first off for the getFormData part. I have like 6 different custom functions like arenas, userprofiles, titles, etc. So I also have functions called editarenas, edituserprofiles, edittitles, etc for example. So What can I do to all of my edit functions.

backstagefunctions.php

<?php

include ('database.php');
//include ('TheAjaxHandler.php');

/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );

if (function_exists ( $f )) {
	$f ();
} else {
	die ( 'Error 404!' );
}

function handlers() {
	print '<h1 class=backstage>Handler Management</h1><br />';
	print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td width="30">&nbsp;</td>';
	print '<td align="center">Username</td>';
	print '<td align="center">Surname</td>';
	print '<td align="center">First Name</td>';
	print '<td align="center">E-Mail</td>';
	print '</tr>';
	$query = "SELECT * FROM users ORDER BY `username`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
			
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function addhandler() {
	print '<h1 class="backstage">Handler Management</h1><br />';
	print '<h2 class="backstage">Add New Handler Account</h2><br />';
	print '<form name="addhandler" method="post" action="backstage.php" id="addhandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print '<td width="120" class="rowheading">Username:</td><td class="row3"><input type="text" name="login" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Password:</td><td class="row3"><input type="password" name="password" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Surname:</td><td class="row3">';
	print '<input type="text" name="surname" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Firstname:</td>';
	print '<td class="row3"><input type="text" name="firstname" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Email:</td>';
	print '<td class="row3"><input type="text" name="email" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">AIM:</td>';
	print '<td class="row3"><input type="text" name="aim" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">MSN:</td>';
	print '<td class="row3"><input type="text" name="msn" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Forum ID:</td>';
	print '<td class="row3"><input type="text" name="forumid" class="fieldtext490"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Account:</td>';
	print '<td class="row3"><select name="account" class="selection"><option value="0">- Select -</option>';
	print '<option value="Active">Active</option><option value="Inactive">Inactive</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class="rowheading">Administrator:</td>';
	print '<td class="row3"><select name="admin" class="selection"><option value="0">- Select -</option>';
	print '<option value="2">No</option><option value="1">Yes</option>';
	print '</select></td>';
	print '</tr>';
	print '</table><br />';
	print '<input type="submit" value="Save Handler" class="button" name="addhandler"><br /><br />';
	print '<input type="submit" value="Return to Handler List" class="button200"><br /><br />';
print '<script type="text/javascript" src="ajax.js"></script>';
   print '<h2 class="backstage">Characters<br /><br />';
   print '<select name="characterid" class="dropdown" id="character_selection">';
   print '<option value="">- Select -</option>';
   $query = 'SELECT charactername FROM characters';
   $result = mysql_query ( $query );
   while ( $row = mysql_fetch_assoc ( $result ) ) {
	  print "<option value=\"".$row['charactername']."\">".$row['charactername']."</option>\r";
   }
   print '</select>&nbsp;&nbsp;<input type="hidden" id="chars" name="chars" value=""><input type="button" value="Add" onclick="WrestlerList()" class="button"></h2><br />';
   print '<ul id="characterlist"></ul><br /></form>';  
	print '<h2 class="backstage"><form method="post"><input type="submit" value="Return to Main Menu" class="button200"></form></h2>';
}

function edithandler() {
	$query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
	$result = mysql_query ( $query ); // Run The Query
	$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
	print '<h1 class=backstage>Handler Management</h1><br />';
	print '<h2 class=backstage>Edit Handler Details</h2><br />';
	print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print '<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value="'.$row['username'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 onfocus="this.select()" value=""></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Surname:</td><td class=row3>';
	print '<input type=text name=surname class=fieldtext490 value="'.$row['surname'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Firstname:</td>';
	print '<td class=row3><input type=text name=firstname class=fieldtext490 value="'.$row['firstname'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Email:</td>';
	print '<td class=row3><input type=text name=email class=fieldtext490 value="'.$row['email'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>AIM:</td>';
	print '<td class=row3><input type=text name=aim class=fieldtext490 value="'.$row['aim'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>MSN:</td>';
	print '<td class=row3><input type=text name=msn class=fieldtext490 value="'.$row['msn'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Forum ID:</td>';
	print '<td class=row3><input type=text name=forumid class=fieldtext490 value="'.$row['forumid'].'"></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Account:</td>';
	print '<td class=row3><select name=enabled class=selection>';
	print '<option value=1>Enabled</option><option value=0>Disabled</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Administrator:</td>';
	print '<td class=row3><select name=isadministrator class=selection>';
	print '<option value=1>Yes</option><option value=0>No</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Default Character:</td>';
	print '<td class=row3></td>';
	print '</tr>';
	print '</table><br />';
	print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
	print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
	print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
	print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
	print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
	print '<br /><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function characters() {
	print '<h1 class=backstage>Character Management</h1><br />';
	print "<h2 class=backstage>Characters :: <a href=\"#\" onclick=\"ajaxpage('addcharacter', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td>&nbsp;</td>';
	print '<td>&nbsp;</td>';
	print '<td>Character Name</td>';
	print '<td align=center width=100>Poser Name</td>';
	print '<td align=center width=60>Style</td>';
	print '<td align=center width=60>Alignment</td>';
	print '<td align=center width=60>Status</td>';
	print '</tr>';
	$query = "SELECT * FROM characters ORDER BY charactername";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=center width=35><a href=\"#\" onclick=\"ajaxpage('editcharacter', 'content'); return false;\">Edit</a></td>";
			print "<td valign=\"top\" align=center width=25><a href=\"#\" onclick=\"ajaxpage('bio', 'content'); return false;\">Bio</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [charactername] );
			printf ( "<td align=\"center\" valign=\"top\">%s</td>", $row [posername] );
			printf ( "<td align=\"center\" valign=\"top\">%s</td>", $row [style] );
			printf ( "<td align=\"center\" valign=\"top\">%s</td>", $row [alignment] );
			printf ( "<td align=\"center\" valign=\"top\">%s</td>", $row [status] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=home><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function directory() {
	$query = "SELECT * FROM users WHERE status = 'Active'";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		print '<h1 class=backstage>Active Handler Directory</h1><br />';
		print '<table width="100%" class="table1">';
		print '<tr class="rowheading">';
		print '<td>Name</td>';
		print '<td>Forum Name</td>';
		print '<td>Characters</td>';
		print '</tr>';
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			printf ( "<td valign=\"top\">%s</td>", $row [username] );
			printf ( "<td valign=\"top\">%s</td>", $row [forumname] );
			printf ( "<td valign=\"top\"><ul class=\"characters\"><li>%s</li>", $row [characters] );
			print '</ul></td>';
			print '</tr>';
		}
		print '</table><br />';
		print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
	}
}
function eventnames() {
	print '<h1 class=backstage>Event Name Management</h1><br />';
	print '</table><br />';
	print "<h2 class=backstage>Events :: <a href=\"#\" onclick=\"ajaxpage('addeventname', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td width=1>&nbsp;</td>';
	print '<td>Event Name</td>';
	print '<td width=100>Short Name</td>';
	print '<td align="center">Lineup Template</td>';
	print '<td align="center">Show Template</td>';
	print '</tr>';
	$query = "SELECT * FROM events ORDER BY `eventname`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('editeventnames', 'content'); return false;\">Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [eventname] );
			printf ( "<td valign=\"top\">%s</td>", $row [shortname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [lineup] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [template] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function addeventname() {
	print '<h1 class=backstage>Event Name Management</h1><br />';
	print '</table><br />';
	print '<h2 class=backstage>Event Name Editor</h1><br />';
	print '<form name="addeventname" method="post" action="backstage.php" id="addeventname">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print '<td width=120 class=rowheading valign=center>Event Name:</td>';
	print '<td class=row3><input type=text name=eventname class=fieldtext490></td>';
	print '</tr>';
	print '<tr>';
	print '<td width=120 class=rowheading valign=center>Short Name:</td>';
	print '<td class=row3><input type=text name=shortname class=fieldtext140></td>';
	print '</tr>';
	print '<tr>';
	print '<td width=120 class=rowheading valign=center>Show Lineup:</td>';
	print '<td class=row3><input type=text name=showlineup class=fieldtext140></td>';
	print '</tr>';
	print '<tr>';
	print '<td width=120 class=rowheading valign=center>Show Template:</td>';
	print '<td class=row3><input type=text name=template class=fieldtext140></td>';
	print '</tr>';
	print '<tr>';
	print '</table><br />';
	print '<input type="submit" value="Save Event Name" class="button" name="addeventname"><br /><br />';
	print '<input type=submit value="Return to Event Name List" class=button200><br /><br /><br />';
	print '<h2 class=backstage><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function home() {
	print '<h1 class=backstage>Backstage Admin Console</h1><br />';
	print '<h2 class=backstage>Upcoming Events</h2><br />';
	print '<h3 class=backstage>Upcoming Show 1</h3><br />';
	print '<table class="table1" width="100%">';
	print '<tr class="rowheading">';
	print '<td>Match</td>';
	print '<td>Lead Writer</td>';
	print '</tr>';
	print '<tr class=row2>';
	print '<td>Troy Douglas vs. Jason Natas</td>';
	print '<td>Alex Clark</td>';
	print '</tr>';
	print '<tr class=row1>';
	print '<td>Kaiser Vashaun vs. Rhett Locke</td>';
	print '<td>Matt Ward</td>';
	print '</tr>';
	print '<tr class=row2>';
	print '<td>DUI vs. The Awakening vs. Union Jack and Jeeves</td>';
	print '<td>Will Otto</td>';
	print '</tr>';
	print '<tr class=row1>';
	print '<td>Team VIAGRA vs. The Princes of New England</td>';
	print '<td>Mike Renner</td>';
	print '</tr>';
	print '<tr class=row2>';
	print '<td>Cozen vs. Dusk</td>';
	print '<td>Craig Maloof</td>';
	print '</tr>';
	print '<tr class=row1>';
	print '<td>The Roulette</td>';
	print '<td>Matt Repchak</td>';
	print '</tr>';
	print '</table><br />';
	print '<h2 class=backstage>Maintenance</h2><br />';
	print '<h3 class=backstage>Records requiring editing</h3><br />';
	print '<table class=table2 width="100%">';
	print '<tr class=rowheading>';
	print '<td>&nbsp;</td>';
	print '<td>Show</td>';
	print '</tr>';
	print '<tr class=row2>';
	print '<td valign=top align=center width=30><a href="#" onClick="executeformrecords(\"listrecords\",\"139\");">W/L</td>';
	print '<td valign=top>ReVolution 175 (08 Oct 2008) </td>';
	print '</tr>';
	print '<tr class=row1>';
	print '<td valign=top align=center width=30><a href="#" onClick="executeformrecords(\"listrecords\",\"138\");">W/L</td>';
	print '<td valign=top>ReVolution 174 (01 Oct 2008) </td>';
	print '</tr>';
	print '<tr class=row2>';
	print '<td valign=top align=center width=30><a href="#" onClick="executeformrecords(\"listrecords\",\"137\");">W/L</td>';
	print '<td valign=top>ReVolution 173 (24 Sep 2008) </td>';
	print '</tr>';
	print '</table><br />';
}

function titles() {
	print '<h1 class="backstage">Title Management</h1><br />';
	print "<h2 class=backstage>Titles :: <a href=\"#\" onclick=\"ajaxpage('addtitle', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td>&nbsp;</td>';
	print '<td>Name</td>';
	print '<td width="100">Shortname</td>';
	print '<td align="center" width="40">Status</td>';
	print '</tr>';
	$query = "SELECT * FROM titles ORDER BY `name`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=center width=30><a href=\"#\" onclick=\"ajaxpage('edittitle', 'content'); return false;\">Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [name] );
			printf ( "<td valign=\"top\" width=\"100\"valign=\"top\" >%s</td>", $row [shortname] );
			printf ( "<td align=\"center\" valign=\"top\" width=\"40\">%s</td>", $row [status] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<form method="POST"><input type="hidden" name="action" value="champions"><input type="submit" value="Go to Champions Manager" class="button200"></form><br />';
	print '<h2 class="backstage"><form method="POST"><input type="hidden" name="action" value="mainmenu"><input type="submit" value="Return to Main Menu" class="button200"></form></h2>';
}
function matchtypes() {
	print '<h1 class="backstage">Match Type Management</h1><br />';
	print "<h2 class=backstage>Match Types :: <a href=\"#\" onclick=\"ajaxpage('addmatchtype', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td>&nbsp;</td>';
	print '<td>Name</td>';
	print '</tr>';
	$query = "SELECT * FROM matchtypes ORDER BY `matchtype`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=center width=35><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [matchtype] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class="backstage"><form method="POST"><input type="hidden" name="action" value="mainmenu"><input type="submit" value="Return to Main Menu" class="button200"></form></h2>';
}

function addmatchtype() {
	print '<h1 class="backstage">Match Type Management</h1><br />';
	print '<h2 class="backstage">Add New Match Type</h2><br />';
	print '<form name="addmatchtype" method="post" action="backstage.php" id="addmatchtype">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print '<td width="120" class="rowheading" valign="center">Type Name:</td><td class="row3"><input type="text" name="typename" class="fieldtext490"></td>';
	print '</tr>';
	print '</table><br />';
	print '<input type="submit" value="Save Match Type" class="button" name="addmatchtype"></form><br />';
	print '<form method="POST"><input type=hidden name=action value="matchtypes"><input type="submit" value="Return to Match Type List" class="button200"></form><br />';
	print '<h2 class="backstage"><form method="POST"><input type="hidden" name="action" value="mainmenu"><input type="submit" value="Return to Main Menu" class="button200"></form></h2>';
}

function divisions() {
	print '<h1 class="backstage">Division Management</h1><br />';
	print "<h2 class=backstage>Divisions :: <a href=\"#\" onclick=\"ajaxpage('adddivision', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td>&nbsp;</td>';
	print '<td>Name</td>';
	print '</tr>';
	$query = "SELECT * FROM divisions ORDER BY `name`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=center width=35><a href=\"#\" onclick=\"ajaxpage('editdivisions', 'content'); return false;\">Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [name] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function adddivision() {
print '<h1 class=backstage>Division Management</h1><br />';
print '<h2 class=backstage>Add New Division</h2><br />';
print '<form name="adddivision" method="post" action="backstage.php" id="adddivision">';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading valign=center>Division Name:</td><td class=row3><input type=text name=divisionname class=fieldtext490></td>';
print '</tr>';
print '</table><br />';
print '<input type="submit" value="Save Division" class="button" name="adddivision"></form><br />';
print '<form method=POST><input type=hidden name=action value=division><input type=submit value="Return to Division List" class=button200></form><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function addcharacter() {
print '<h1 class="backstage">Character Management</h1><br />';
print '<h2 class="backstage">Add New Character</h2><br />';
print '<form name="addcharacter" method="post" action="backstage.php" id="addcharacter">';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td class="rowheading">Character Name:</td><td class="row3">';
print '<input type="text" name="charactername" class="fieldtext490" value=""></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading">Username:</td><td class="row3"><input type="text" name="username" class="fieldtext160"></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading">Poser name:</td><td class="row3"><input type="text" name="posername" class="fieldtext160" value=""></td>';
print '</tr>';
print '<tr>';
print '<td class="rowheading">Style:</td>';
print '<td class="row3"><select name="style" class="selection"><option value="0">- Select -</option>';
print '<option value="Singles">Singles</option><option value="Tag Team">Tag Team</option><option value="Stable">Stable</option><option value="Manager">Manager</option><option value="Referee">Referee</option><option value="Staff">Staff</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class="rowheading">Gender:</td>';
print '<td class="row3"><select name="gender" class="selection"><option value="0">- Select -</option>';
print '<option value="Male">Male</option><option value="Female">Female</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class="rowheading">Status:</td>';
print '<td class="row3"><select name="status" class="selection"><option value="0">- Select -</option>';
print '<option value="Active">Active</option><option value="Inactive">Inactive</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Division:</td>';
print '<td class=row3><select name=division class="selection"><option value=0>- Select -</option>';
		$query = 'SELECT * FROM divisions';
   		$result = mysql_query ( $query );
   		while ( $row = mysql_fetch_assoc ( $result ) ) {
   		print "<option value=\"".$row['name']."\">".$row['name']."</option>\r";
   }
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class=rowheading>Alignment:</td>';
print '<td class="row3"><select name="alignment" class="selection"><option value="0">- Select -</option>';
print '<option value="Face">Face</option><option value="Heel">Heel</option><option value="Neutral">Neutral</option>';
print '</select></td>';
print '</tr>';
print '<tr>';
print '<td class="rowheading">Sort:</td>';
print '<td class="row3"><select name="sort" class="selection"><option value=0>- Select -<option value="A">A<option value="B">B<option value="C">C<option value="D">D<option value="E">E<option value="F">F<option value="G">G<option value="H">H<option value="I">I<option value="J">J<option value="K">K<option value="L">L<option value="M">M<option value="N">N<option value="O">O<option value="P">P<option value="Q">Q<option value="R">R<option value="S">S<option value="T">T<option value="U">U<option value="V">V<option value="W">W<option value="X">X<option value="Y">Y<option value="Z">Z<option value="0-9">0-9</select></td>';
print '</tr>';
print '</table><br />';
print '<input type="submit" value="Save Character" class="button" name="addcharacter"><br /><br />';
print '<input type="button" value="Return to Character List" class="button200"><br /><br />';
print '<h2 class="backstage"><input type="button" value="Return to Main Menu" class="button200"></form></h2>';
}
function addtitle() {
print '<h1 class="backstage">Title Management</h1><br />';
print '<h2 class="backstage">Add New Title</h2><br />';
print '<form name="addtitle" method="post" action="backstage.php" id="addtitle">';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">Short Name:</td><td class="row3"><input type="text" name="shortname" class="fieldtext140"></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">Name:</td><td class="row3"><input type="text" name="name" class="fieldtext490"></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">Style:</td><td class="row3"><select name="style" class="dropdown">';
print '<option value="0">- Select -</option><option value="Singles">Singles</option><option value="Tag Team">Tag Team</option><option value="Stable">Stable</option></select></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading">Status:</td><td class="row3"><select name="status" class="dropdown">';
print '<option value="0">- Select -</option>';
print '<option value="Active">Active</option><option value="Inactive">Inactive</option></select></td>';
print '</tr>';
print '</table><br />';
print '<input type="submit" value="Save Title" class=button name="addtitle"><br /><br />';
print '<input type="button" value="Return to Title List" class="button200"><br /><br />';
print '<h2 class="backstage"><input type="button" value="Return to Main Menu" class="button200"></form></h2>';
}
function arenas() {
print '<h1 class=backstage>Arena Management</h1><br />';
print "<h2 class=backstage>Arenas :: <a href=\"#\" onclick=\"ajaxpage('addarena', 'content'); return false;\">Add New</a></h2><br />";
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td>&nbsp;</td>';
print '<td>Location</td>';
print '<td>Arena</td>';
print '<td align=center>Capacity</td>';
print '</tr>';
$query = "SELECT * FROM arenas ORDER BY `location`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('editarena', 'content'); return false;\">Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [location] );
			printf ( "<td valign=\"top\">%s</td>", $row [name] );
			printf ( "<td align=\"center\" valign=\"top\">%s</td>", $row [capacity] );
			print '</tr>';
		}
	}
print '</table><br /><br />';
print '<h2 class=backstage><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function addarena() {
print '<h1 class="backstage">Arena Management</h1><br />';
print '<h2 class="backstage">Add New Arena</h2><br />';
print '<form name="addarena" method="post" action="backstage.php" id="addarena">';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">Arena:</td><td class="row3"><input type="text" name="name" class="fieldtext490"></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">City, State:</td><td class="row3"><input type="text" name="location" class="fieldtext490"></td>';
print '</tr>';
print '<tr>';
print '<td width="120" class="rowheading" valign="center">Capacity:</td><td class="row3"><input type="text" name="capacity" class="fieldtext140"></td>';
print '</tr>';
print '</table><br />';
print '<input type="submit" value="Save Arena" class="button" name="addarena"><br /><br />';
print '<input type="button" value="Return to Arena List" class="button200"><br /><br />';
print '<h2 class="backstage"><input type="button" value="Return to Main Menu" class="button200"></form></h2>';
}
function templates() {
print '<h1 class=backstage>Site Template Management</h1><br />';
print "<h2 class=backstage>Site Templates :: <a href=\"#\" onclick=\"ajaxpage('addtemplate', 'content'); return false;\">Add New</a></h2><br />";
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td width=30 align=center>ID</td>';
print '<td>&nbsp;</td>';
print '<td>Name</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>16</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('edittemplate', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Archives</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>4</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Blank</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>13</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Champions</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>5</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Main</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>11</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Results</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>12</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>RevPreview</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>9</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Roleplay List</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>8</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Roleplays</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>6</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Roster List</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>7</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Roster-Singles,Tag,Stables</td>';
print '</tr>';
print '<tr class=row2>';
print '<td valign=top width=30 align=center>14</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Roster-Staff</td>';
print '</tr>';
print '<tr class=row1>';
print '<td valign=top width=30 align=center>10</td>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td valign=top>Show Head/Foot</td>';
print '</tr>';
print '</table><br />';
print '<h2 class=backstage>Miscellaneous Default Templates</h2><br />';
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td>&nbsp;</td>';
print '<td>Page</td>';
print '<td>Template</td>';
print '</tr>';
print '<tr class=row2>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>Archives</td>';
print '<td>Archives&nbsp;</td>';
print '</tr>';
print '<tr class=row1>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>Champions</td>';
print '<td>Champions&nbsp;</td>';
print '</tr>';
print '<tr class=row2>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>News Archives</td>';
print '<td>Archives&nbsp;</td>';
print '</tr>';
print '<tr class=row1>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>Roleplay</td>';
print '<td>Roleplays&nbsp;</td>';
print '</tr>';
print '<tr class=row2>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>Roleplay Board</td>';
print '<td>Roleplay List&nbsp;</td>';
print '</tr>';
print '<tr class=row1>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('editmatchtype', 'content'); return false;\">Edit</a></td>";
print '<td>Title History</td>';
print '<td>Main&nbsp;</td>';
print '</tr>';
print '</table><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function addtemplate() {
print '<h1 class=backstage>Site Template Management</h1><br />';
print '<h2 class=backstage>Add New Template</h2><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading valign=center>Description:</td><td class=row3><input type=text name=description class=fieldtext490></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Top Code:</td><td class=row3><textarea name=top class="textarea490x400"></textarea></td>';
print '</tr>';
print '<tr>';
print '<td width=120 class=rowheading valign=top>Bottom Code:</td><td class=row3><textarea name=bottom class="textarea490x400"></textarea></td>';
print '</tr>';
print '</table><br />';
print '<input type=submit value="Save Template" class=button><br /><br />';
print '<input type=submit value="Return to Template List" class=button200><br /><br />';
print '<h2 class=backstage><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function edittemplate() {
print '<h1 class=backstage>Site Template Management</h1><br />';
print '<h2 class=backstage>Edit Template</h2><br />';
print '<table width="100%" class="table2">';
print '<tr>';
print '<td width=120 class=rowheading valign=center>Description:</td><td class=row3><input type=text name=description class=fieldtext490 value="Archives"></td>';
print '</tr>

<tr>

<td width=120 class=rowheading valign=top>Top Code:</td><td class=row3><textarea name=top class="textarea490x400"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head> <meta http-equiv="content-type" content="text/html; charset="ISO-8859-1" /> 
<meta name="robots" content="noindex,nofollow" />

<title>PRIME - The New Look</title>

<link rel="stylesheet" href="/include/prime.css" />

</head>

<body>

<div id="container">

	<div id="head">
	
		<div class="top">
		<p><b style="color:red;">THIS WEEK ON REVOLUTION</b> TBA</p>
		
		</div>
<center>
<img src="/images/banners/REVBanner-1.jpg" alt="Revolution!" />
</center>

	</div></textarea></td>
</tr>

<tr>
<td width=120 class=rowheading valign=top>Bottom Code:</td><td class=row3><textarea name=bottom class="textarea490x400"><div class="footer">
			 
		</div>
	
	</div>
	
	
	
</div>

</body>

</html></textarea></td>
</tr>

</table><br />';
print '<input type=checkbox name=deletetemplate> <span class=table1heading>Delete Template?</span><br /><br />';
print '<input type=submit value="Submit" class=button><br /><br />';
print '<input type=submit value="Return to Template List" class=button200><br /><br />';
print '<h2 class=backstage><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function content() {
print '<h1 class=backstage>Content Management</h1><br />';
print "<h2 class=backstage>Site Content Pages :: <a href=\"#\" onclick=\"ajaxpage('addtemplate', 'content'); return false;\">Add New</a></h2><br />";
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td>&nbsp;</td>';
print '<td>Description</td>';
print '<td width=100 align=center>Short Name</td>';
print '</tr>';
$query = "SELECT * FROM content ORDER BY `description`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=center width=30><a href=\"#\" onclick=\"ajaxpage('editcontent', 'content'); return false;\">Edit</a></td>";
			print "<td valign=\"top\" align=center width=100><a target=_blank href=/content.php?p=app>Edit</a></td>";
			printf ( "<td valign=\"top\">%s</td>", $row [description] );
			print '</tr>';
		}
	}
print '</table><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function champions() {
print '<h2 class=backstage>Titles / Champions / Contenders</h2><br />';
print '<table width="100%" class="table1">';
print '<tr class="rowheading">';
print '<td>&nbsp;</td>';
print '<td>&nbsp;</td>';
print '<td align=center>Short Name</td>';
print '<td>Title</td>';
print '<td>Current Champion</td>';
print '</tr>';
print '<tr class=row2>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
print "<td valign=top align=center width=40><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">History</a></td>";
print '<td valign=top align=center>Title 1</td>';
print '<td valign=top>Title 1</td>';
print '<td valign=top>Champion 1</td></tr>';
print '<tr class=row1>';
print "<td valign=top align=center width=30><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
print "<td valign=top align=center width=40><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">History</a></td>";
print '<td valign=top align=center>Title 2</td>';
print '<td valign=top>Title 2</td>';
print '<td valign=top>Champion 2</td></tr>';
print '</table><br />';
print '<input type=submit value="Go to Title Manager" class=button200></form><br />';
print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
?>

ajax.js

var loadedobjects=""
var rootdomain="http://"+window.location.hostname

function ajaxpage(url, containerid)
{
	url = 'backstagefunctions.php?f=' + url;

	var page_request = false
	if (window.XMLHttpRequest) // if Mozilla, Safari etc
	page_request = new XMLHttpRequest()
	else if (window.ActiveXObject)
	{
		// if IE
		try
		{
			page_request = new ActiveXObject("Msxml2.XMLHTTP")
		} 
		catch (e)
		{
			try
			{
				page_request = new ActiveXObject("Microsoft.XMLHTTP")
			}
			catch (e)
			{
			}
		}
	}
	else
	{
		return false
	}

	page_request.onreadystatechange=function()
	{
		loadpage(page_request, containerid)
	}

	page_request.open('GET', url, true)
	page_request.send(null)
}

function loadpage(page_request, containerid)
{
	if (page_request.readyState == 4 && (page_request.status==200 || window.location.href.indexOf("http")==-1))
	document.getElementById(containerid).innerHTML=page_request.responseText
}

function loadobjs()
{
	if (!document.getElementById)
	return
	for (i=0; i<arguments.length; i++)
	{
		var file=arguments[i]
		var fileref=""
		if (loadedobjects.indexOf(file)==-1)
		{ 
			//Check to see if this object has not already been added to page before proceeding
			if (file.indexOf(".js")!=-1)
			{
				//If object is a js file
				fileref=document.createElement('script')
				fileref.setAttribute("type","text/javascript");
				fileref.setAttribute("src", file);
			}
			else if (file.indexOf(".css")!=-1)
			{
				//If object is a css file
				fileref=document.createElement("link")
				fileref.setAttribute("rel", "stylesheet");
				fileref.setAttribute("type", "text/css");
				fileref.setAttribute("href", file);
			}
		}
		if (fileref!="")
		{
			document.getElementsByTagName("head").item(0).appendChild(fileref)
			loadedobjects+=file+" " //Remember this object as being already added to page
		}
	}
}
function WrestlerList()
{
var addWrestler = document.getElementById("character_selection").value
if (addWrestler) {
// Here we append a new wrestler to your hidden field using a comma
document.getElementById("chars").value += addWrestler+",";
// Continue your original functionality
document.getElementById("characterlist").innerHTML += "<li>" +
addWrestler + "</li>";
return WrestlerList;
}
}

TheAjaxHandler.php

<?php
if(isset($_POST))
{
	//Form was submitted - determine the form
	if ( isset ( $_POST['addhandler'] ) ) {
		// Define the query.
		$login = $_POST['login'];
		$p = md5($_POST['password']);
		$surname = $_POST['surname'];
		$firstname = $_POST['firstname'];
		$email = $_POST['email'];
		$aim = $_POST['aim'];
		$msn = $_POST['msn'];
		$forumid = $_POST['forumid'];
		$account = $_POST['account'];
		$admin = $_POST['admin'];
		$characters = preg_replace('/,$/','',$_POST['chars']);
		
		$query = "INSERT INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`,`characters`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."', '".addslashes($characters)."')"; 
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The handler has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	
	if ( isset ( $_POST['addcharacter'] ) ) {
		// Define the query.
		$charactername = $_POST ['charactername'];
		$username = $_POST ['username'];
		$posername = $_POST ['posername'];
		$style = $_POST ['style'];
		$gender = $_POST ['gender'];
		$status = $_POST ['status'];
		$division = $_POST ['division'];
		$alignment = $_POST ['alignment'];
		$sort = $_POST ['sort'];
		$query = "INSERT INTO `characters` (`charactername`, `username`, `posername`, `style`, `gender`, `status`, `division`, `alignment`, `sort`) VALUES ('".addslashes($charactername)."', '".addslashes($username)."', '".addslashes($posername)."','".addslashes($style)."', '".addslashes($gender)."', '".addslashes($status)."', '".addslashes($division)."', '".addslashes($alignment)."', '".addslashes($sort)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The character has been added.</p>';
		} else {
			print '<p>Could not add the character because: <b>" . mysql_error() . "</b>. The query was $query.</p>';
		}
		
		//mysql_close ();
	
	}
 
 //Form was submitted - determine the form
	if ( isset ( $_POST['addmatchtype'] ) ) {
		// Define the query.
		$typename = $_POST['typename'];
		
		$query = "INSERT INTO `matchtypes` (`matchtype`) VALUES ('".addslashes($typename)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The match type has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['adddivision'] ) ) {
		// Define the query.
		$divisionname = $_POST['divisionname'];
		
		$query = "INSERT INTO `divisions` (`name`) VALUES ('".addslashes($divisionname)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The division has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['addeventname'] ) ) {
		// Define the query.
		$eventname = $_POST['eventname'];
		$shortname = $_POST['shortname'];
		$showlineup = $_POST['showlineup'];
		$template = $_POST['template'];
		
		$query = "INSERT INTO `events` (`eventname`,`shortname`,`lineup`,`template`) VALUES ('".addslashes($eventname)."','".addslashes($shortname)."','".addslashes($showlineup)."','".addslashes($template)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The event name has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['edithandler'] ) ) {
		// Define the query.
		$password = md5($p); // Currently $p does not have a value
		$login = $_POST['login'];
		$p = $_POST['password'];
		$surname = $_POST['surname'];
		$firstname = $_POST['firstname'];
		$email = $_POST['email'];
		$aim = $_POST['aim'];
		$msn = $_POST['msn'];
		$forumid = $_POST['forumid'];
		$account = $_POST['account'];
		$admin = $_POST['admin'];
		
		$query = "UPDATE INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The handler has been edited.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['addtitle'] ) ) {
		// Define the query.
		$shortname = $_POST['shortname'];
		$name = $_POST['name'];
		$style = $_POST['style'];
		$status = $_POST['status'];
		
		$query = "INSERT INTO `titles` (`shortname`, `name`, `style`, `status`) VALUES ('".addslashes($shortname)."', '".addslashes($name)."', '".addslashes($style)."','".addslashes($status)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The title has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
	//Form was submitted - determine the form
	if ( isset ( $_POST['addarena'] ) ) {
		// Define the query.
		$name = $_POST['name'];
		$location = $_POST['location'];
		$capacity = $_POST['capacity'];
		
		$query = "INSERT INTO `arenas` (`name`, `location`, `capacity`) VALUES ('".addslashes($name)."', '".addslashes($location)."', '".addslashes($capacity)."')";
		
		// Execute the query.
		if (@mysql_query ( $query )) {
			print '<p>The arena has been added.</p>';
		} else {
			print '<p>Could not add the entry because: <b>"' . mysql_error() . '"</b>. The query was '.$query.'.</p>';
		}
		
		//mysql_close ();
	
	}
}	
?>

023-jimmy, on Jan 20 2009, 04:08 PM, said:

So what you're trying to do is to put the current info from the user in the text boxes?

My suggestion is to create a php function like this:

function getFormData($user, $field){
	  $username = $user
	  $query = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
 }

Then in your html you call the function like this:

	  echo "<input type=\"text\" name=\"surname\" class=\"fieldtext490\" value=\"". getFormData($username, "surname") ."\">";

I'm not sure where you are getting your $username from. It seems you made an input field for this, but this way everybody is able to edit the info from another person?

Another thing:

$query = "UPDATE INTO `users` (`username`, `password`, `surname`, `firstname`, `email`, `aim`, `msn`, `forumid`, `status`, `admin`) VALUES ('".addslashes($login)."', '".addslashes($p)."', '".addslashes($surname)."','".addslashes($firstname)."', '".addslashes($email)."', '".addslashes($aim)."', '".addslashes($msn)."', '".addslashes($forumid)."', '".addslashes($account)."', '".addslashes($admin)."')";

I'm missing a WHERE statement in this query. You are going to update something, but you defined no row to update it in.

#4 023-jimmy

Young Padawan

Members
44 posts

Posted 03 February 2009 - 05:14 PM

I'm not sure if I'm understanding you right. But you can just add another variable to the function, like this:

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
 }

And your html:

echo "<input type=\"text\" name=\"surname\" class=\"fieldtext490\" value=\"". getFormData($username, "users","surname") ."\">";

echo "<input type=\"text\" name=\"title\" class=\"fieldtext490\" value=\"". getFormData($username, "titles","title") ."\">";

echo "<input type=\"text\" name=\"something\" class=\"fieldtext490\" value=\"". getFormData($username, "arenas","something") ."\">";

#5 Steve Marcano

Young Padawan

Members
31 posts

Gender:Male
Location:Tucson, Arizona

Posted 03 February 2009 - 06:09 PM

Okay now I have this so far:

backstagefunctions.php

function edithandler() {
	$query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
	$result = mysql_query ( $query ); // Run The Query
	$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
	print '<h1 class=backstage>Handler Management</h1><br />';
	print '<h2 class=backstage>Edit Handler Details</h2><br />';
	print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Surname:</td><td class=row3>';
	print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Firstname:</td>';
	print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Email:</td>';
	print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>AIM:</td>';
	print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>MSN:</td>';
	print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Forum ID:</td>';
	print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Account:</td>';
	print '<td class=row3><select name=enabled class=selection>';
	print '<option value=1>Enabled</option><option value=0>Disabled</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Administrator:</td>';
	print '<td class=row3><select name=isadministrator class=selection>';
	print '<option value=1>Yes</option><option value=0>No</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Default Character:</td>';
	print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
	print '</tr>';
	print '</table><br />';
	print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
	print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
	print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
	print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
	print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
	print '<br /><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

And...

ajax.js

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}

Problem is I keep getting this issue:

Fatal error: Call to undefined function getFormData() in /home/content/y/a/n/yankeefaninkc/html/other/backstagefunctions.php on line 123

#6 023-jimmy

Young Padawan

Members
44 posts

Posted 03 February 2009 - 06:39 PM

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}

Is PHP code. An you putted it in a JS file

. So put the function in a php file and the problem should be solved.

#7 Steve Marcano

Young Padawan

Members
31 posts

Gender:Male
Location:Tucson, Arizona

Posted 03 February 2009 - 09:52 PM

So your saying that it should be like this and just verify that all my coding is correct because I think I still have some issues. Its loading the edithandler form back again but no values I'm thinking that when it goes through from the handlers function to the edithandler function it loses which username it is.

include ('database.php');

/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );

if (function_exists ( $f )) {
	$f ();
} else {
	die ( 'Error 404!' );
}

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}
function handlers() {
	print '<h1 class=backstage>Handler Management</h1><br />';
	print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td width="30">&nbsp;</td>';
	print '<td align="center">Username</td>';
	print '<td align="center">Surname</td>';
	print '<td align="center">First Name</td>';
	print '<td align="center">E-Mail</td>';
	print '</tr>';
	$query = "SELECT * FROM users ORDER BY `username`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
			
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function edithandler() {
	$query = "SELECT * FROM `users` WHERE `username` = '" . $_GET['username'] . "'";
	$result = mysql_query ( $query ); // Run The Query
	$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
	print '<h1 class=backstage>Handler Management</h1><br />';
	print '<h2 class=backstage>Edit Handler Details</h2><br />';
	print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Surname:</td><td class=row3>';
	print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Firstname:</td>';
	print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Email:</td>';
	print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>AIM:</td>';
	print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>MSN:</td>';
	print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Forum ID:</td>';
	print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Account:</td>';
	print '<td class=row3><select name=enabled class=selection>';
	print '<option value=1>Enabled</option><option value=0>Disabled</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Administrator:</td>';
	print '<td class=row3><select name=isadministrator class=selection>';
	print '<option value=1>Yes</option><option value=0>No</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Default Character:</td>';
	print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
	print '</tr>';
	print '</table><br />';
	print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
	print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
	print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
	print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
	print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
	print '<br /><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

023-jimmy, on Feb 4 2009, 12:39 AM, said:

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}

Is PHP code. An you putted it in a JS file

. So put the function in a php file and the problem should be solved.

#8 023-jimmy

Young Padawan

Members
44 posts

Posted 04 February 2009 - 07:37 AM

When you call the function, you insert a variable value '$username'. But this variable isn't set anywhere in your script. So you need to put the following line in your script:

$username = $_GET['username'];

I already added it in the right place for you. See script below (editHandler function)

include ('database.php');

/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );

if (function_exists ( $f )) {
	$f ();
} else {
	die ( 'Error 404!' );
}

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}
function handlers() {
	print '<h1 class=backstage>Handler Management</h1><br />';
	print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td width="30">&nbsp;</td>';
	print '<td align="center">Username</td>';
	print '<td align="center">Surname</td>';
	print '<td align="center">First Name</td>';
	print '<td align="center">E-Mail</td>';
	print '</tr>';
	$query = "SELECT * FROM users ORDER BY `username`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
			
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

function edithandler() {
	$username = $_GET['username'];
	$query = "SELECT * FROM `users` WHERE `username` = '" . $username . "'";
	$result = mysql_query ( $query ); // Run The Query
	$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
	print '<h1 class=backstage>Handler Management</h1><br />';
	print '<h2 class=backstage>Edit Handler Details</h2><br />';
	print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Surname:</td><td class=row3>';
	print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Firstname:</td>';
	print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Email:</td>';
	print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>AIM:</td>';
	print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>MSN:</td>';
	print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Forum ID:</td>';
	print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Account:</td>';
	print '<td class=row3><select name=enabled class=selection>';
	print '<option value=1>Enabled</option><option value=0>Disabled</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Administrator:</td>';
	print '<td class=row3><select name=isadministrator class=selection>';
	print '<option value=1>Yes</option><option value=0>No</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Default Character:</td>';
	print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
	print '</tr>';
	print '</table><br />';
	print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
	print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
	print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
	print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
	print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
	print '<br /><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

Edited by 023-jimmy, 04 February 2009 - 07:38 AM.

#9 Steve Marcano

Young Padawan

Members
31 posts

Gender:Male
Location:Tucson, Arizona

Posted 04 February 2009 - 12:34 PM

I updated my code however now when it goes to the form it says this on every form field:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/content/y/a/n/yankeefaninkc/html/other/backstagefunctions.php on line 16

<?php

include ('database.php');

/* Gets the value of 'f' from the URL and secures the variable against XSS */
$f = htmlentities ( $_GET ['f'], ENT_QUOTES );

if (function_exists ( $f )) {
	$f ();
} else {
	die ( 'Error 404!' );
}

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$users` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}

function handlers() {
	print '<h1 class=backstage>Handler Management</h1><br />';
	print "<h2 class=\"backstage\">Handlers :: <a href=\"#\" onclick=\"ajaxpage('addhandler', 'content'); return false;\">Add New</a></h2><br />";
	print '<table width="100%" class="table1">';
	print '<tr class="rowheading">';
	print '<td width="30">&nbsp;</td>';
	print '<td align="center">Username</td>';
	print '<td align="center">Surname</td>';
	print '<td align="center">First Name</td>';
	print '<td align="center">E-Mail</td>';
	print '</tr>';
	$query = "SELECT * FROM users ORDER BY `username`";
	$result = mysql_query ( $query ); // Run The Query
	if ($result) {
		// Fetch and print all records.
		$i = 0;
		while ( $row = mysql_fetch_array ( $result, MYSQL_ASSOC ) ) {
			$sClass = 'row2';
			if ($i ++ & 1) {
				$sClass = 'row1';
			}
			printf ( "<tr class=\"%s\">", $sClass );
			print "<td valign=\"top\" align=\"center\" width=\"30\"><a href=\"#\" onclick=\"ajaxpage('edithandler', 'content'); return false;\">Edit</a></td>";
			
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [username] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [surname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [firstname] );
			printf ( "<td valign=\"top\" align=\"center\">%s</td>", $row [email] );
			print '</tr>';
		}
	}
	print '</table><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}
function edithandler() {
	$username = $_GET['username'];
	$query = "SELECT * FROM `users` WHERE `username` = '" . $username . "'";
	$result = mysql_query ( $query ); // Run The Query
	$row = mysql_fetch_array ( $result, MYSQL_ASSOC );
	print '<h1 class=backstage>Handler Management</h1><br />';
	print '<h2 class=backstage>Edit Handler Details</h2><br />';
	print '<form name="edithandler" method="post" action="backstage.php" id="edithandler">';
	print '<table width="100%" class="table2">';
	print '<tr>';
	print "<td width=120 class=rowheading>Username:</td><td class=row3><input type=text name=login class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print "<td class=rowheading>Password:</td><td class=row3><input type=password name=password class=fieldtext490 value=\"". getFormData($username, "users","password") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Surname:</td><td class=row3>';
	print "<input type=text name=surname class=fieldtext490 value=\"". getFormData($username, "users","surname") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Firstname:</td>';
	print "<td class=row3><input type=text name=firstname class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Email:</td>';
	print "<td class=row3><input type=text name=email class=fieldtext490 value=\"". getFormData($username, "users","email") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>AIM:</td>';
	print "<td class=row3><input type=text name=aim class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>MSN:</td>';
	print "<td class=row3><input type=text name=msn class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Forum ID:</td>';
	print "<td class=row3><input type=text name=forumid class=fieldtext490 value=\"". getFormData($username, "users","username") ."\"></td>";
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Account:</td>';
	print '<td class=row3><select name=enabled class=selection>';
	print '<option value=1>Enabled</option><option value=0>Disabled</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Administrator:</td>';
	print '<td class=row3><select name=isadministrator class=selection>';
	print '<option value=1>Yes</option><option value=0>No</option>';
	print '</select></td>';
	print '</tr>';
	print '<tr>';
	print '<td class=rowheading>Default Character:</td>';
	print "<td class=row3>\"". getFormData($username, "users","username") ."\"</td>";
	print '</tr>';
	print '</table><br />';
	print '<input type=checkbox name=deletehandler> <span class=table1heading>Delete Handler?</span><br /><br />';
	print '<input type="submit" value="Save Handler" class="button" name="edithandler"></form><br />';
	print '<form method=POST><input type=hidden name=action value=handler><input type=submit value="Return to Handler List" class=button200></form><br />';
	print '<h2 class=backstage>Characters<br /><br /><form method=post><input type=hidden name=action value=handler><input type=hidden name=routine value=addcharacter><input type=hidden name=option value=0><input type=hidden name=id value="130"><select name=characterid class=dropdown>';
	print '<option value=0>- Select -</select>&nbsp;&nbsp;<input type=submit value="Add" class=button></form></h2><br />';
	print '<br /><br />';
	print '<h2 class=backstage><form method=POST><input type=hidden name=action value=mainmenu><input type=submit value="Return to Main Menu" class=button200></form></h2>';
}

Edited by Steve Marcano, 04 February 2009 - 12:51 PM.

#10 023-jimmy

Young Padawan

Members
44 posts

Posted 04 February 2009 - 12:56 PM

You've changed stuff in the function. You've changed a variable name so there is no table to select the user from.

Change this:

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$users` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}

into:

function getFormData($username, $table, $field){
	  $query = mysql_query("SELECT * FROM `$table` WHERE `username` = '$username'");
	  while($row = mysql_fetch_assoc($query)){
		   return $row[$field];
	  }
}