I m trying to get data on another page by id which is on showdetails.php page.but i m unable to please help.
Showdetails.php
this page shows details of user with id and button which will allow user to edit details on another page
<!DOCTYPE html>
<html>
<head>
<title>Details</title>
</head>
<body>
<?php
require('database.php');
?>
<h1>User Lists</h1>
<?php
$select = "SELECT id, firstname, lastname FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
while($row = mysqli_fetch_array($selectdata)) {
$id = $row['id'];
$first = $row['firstname'];
$last = $row['lastname'];
?>
<form method="get" action="editdetails.php">
<p><b>ID: <?php echo $id; ?></b></p>
<p>Name: <?php echo $first; ?> <?php echo $last; ?></p>
<?php
$edit = "SELECT id FROM signup WHERE id= '" .$id. "'";
$selectedit = $conn->query($edit);
?>
<p><input type="submit" name="display" value="Edit Details"></p>
</form>
<?php
}
}
?>
</body>
</html>
editdetails.php
On this page, user will be able to edit details, and i want details by id
<!DOCTYPE html>
<html>
<head>
<title>Edit User Details</title>
</head>
<body>
<?php
require('database.php');
$select = "SELECT firstname, lastname, age, phone_no, age, username, password FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
$row = mysqli_fetch_array($selectdata);
$first = $row['firstname'];
$last = $row['lastname'];
$age = $row['age'];
$phone_no = $row['phone_no'];
$username = $row['username'];
$password = $row['password'];
}
?>
<?php
if (isset($_POST['update'])) {
# code...
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$age = mysqli_real_escape_string($conn, $_POST['age']);
$phone = mysqli_real_escape_string($conn, $_POST['phone_no']);
$username = mysqli_real_escape_string($conn, $_POST['user']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);
$update = "UPDATE signup SET firstname= '$first', lastname= '$last', age= '$age', phone_no = '$phone', username = '$username', password = '$password' WHERE id= '$id'";
$updatedata = $conn->query($update);
if ($updatedata) {
# code...
echo $status = "Details Updated";
}
else {
# code...
echo $status = "Not Updated";
}
}
if (isset($_POST['delete'])) {
# code...
$delete = "DELETE FROM signup WHERE firstname = $first";
$deletedata = $conn->query($delete);
if ($deletedata) {
# code...
echo $status = "Details Deleted";
}
else {
# code...
echo $status = "Not Deleted";
}
}
?>
<h1>Edit Details</h1>
<form method="post" action= "<?php htmlspecialchars($_SERVER['PHP_SELF']) ?>">
<p>FirstName: <input type="text" name="first" value="<?php echo $first; ?>"></p>
<p>LastName: <input type="text" name="last" value="<?php echo $last; ?>"></p>
<p>Phone no: <input type="number" name="phone_no" value="<?php echo $phone_no; ?>"></p>
<p>Age: <input type="number" name="age" value="<?php echo $age; ?>"></p>
<p>User: <input type="text" name="user" value="<?php echo $username; ?>"></p>
<p>Password: <input type="password" name="pass" value="<?php echo $password; ?>"></p>
<p><input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete"></p>
</form>
<p><?php echo $status; ?></p>
</body>
</html>
Thank You.
Add in your HTML form a hidden input, like so:
<input type="hidden" name="id" value="<?php echo $id; ?>">
Then in your editdetails.php file you can access it with: $_GET["id"].
Update:
Add the hidden input to the form in Showdetails.php.
Then in editdetails.php add at the top of the page $id = (int)$_GET["id"];
Then add to your SELECT query in editdetails.php a WHERE statement for selecting the correct user:
$select = "SELECT ... FROM signup WHERE id = $id";
For the update query you are then good to go since you are already using there WHERE id = $id. (but before your $id variable was not defined)
Related
I am trying to implement and update query that updates a record in the database. I'm new to php here is my code :
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
Here is the fetch command:
<?php
include("connection.php");
$id = $_GET['id'];
$qry = "SELECT * from studentinformation WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($result)){
$name= $row['FullName'];
$email = $row['email'];
$pass = $row['Password'];
$major = $row['major'];
}
?>
here is the action page:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_GET['id'];
$name = $_GET['name'];
$email= $GET['email'];
$pass = $_GET['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
Here is the form:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="get" enctype="multipart/form-data">
Please help guys I'm new to php
Move id from action attribute into a hidden input:
<form action="UpdateStudentAction.php" method="get" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?=$id?>">
...
will do the magic.
And avoid empty spaces into value attributes;
Make your form POST data instead of using GET method (that passes form data through url). Especially that you already using id query param in the url. You can include the id inside the form as a hidden field:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id ?> ">
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
</form>
Then in your UpdateStudentAction.php file you can receive data using post:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$pass = $_POST['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
The GET method is restricted to send upto 1024 characters only.
The POST method does not have any restriction on data size to be sent. (You can use POST method instead of GET method)
I am using this code to add some data to my already existing sql database, but the can't seem to do so, it's also not giving any errors. I have tried everything that i could think of. This is a form which lets user input the data and then when user clicks submit it gives a success message in url but i get the success message but no data in my database.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Signup Form</title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users;" ;
$result = mysqli_query($conn,$sql); //connects the database to the query we just generated
$resultcheck = mysqli_num_rows($result); // it returns the number of rows in the query
if($resultcheck > 0){
//the if condition checks if there is any data inside $resultcheck
//The mysqli_fetch_assoc() function fetches a result row as an associative array.
while($row = mysqli_fetch_assoc($result)){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
<?php
include_once 'dbh.php';
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "INSERT INTO users (`user_firstname`, `user_firstname`, `user_email`, `user_uid`, `user_pwd` ) VALUES (\'$firstname\',\'$lastname\',\'$email\',\'$uid\', \'$pwd\');";
//require 'dbh.php';
mysqli_query('$conn','$sql');
/* if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".mysql_error().'<br>';
} */
header("Location: index.php?signup=success");
?>
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$conn = mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName );
//$mysqli = new mysqli('localhost','root',"",$dbName );
if(mysqli_connect_errno()){
printf("connection failed %s\n",mysqli_connect_error());
exit();
}
$mysqli->select_db("login_system");
?>
Please remove single quotes in $conn and $sql
mysqli_query($conn, $sql);
in your insert PHP file.
$sql = "INSERT INTO `users` (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('".$firstname."', '".$lastname ."', '".$email."', '".$uid."', '".$pwd."');";
$result=mysqli_query('$conn','$sql');
if($result)
{
echo "succsessfuly...";
}
else
{
echo "Not succsessfuly...";
}
Try this one:
<?php
include_once 'dbh.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> Signup Form </title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users; " ;
$result = $mysqli->query($sql); //connects the database to the query we just generated
$resultcheck = $result->num_rows; // it returns the number of rows in the query
if($resultcheck > 0){
while($row = $result->fetch_assoc()){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
signup.php
<?php
include_once 'dbh.php';
$firstname = $mysqli->real_escape_string($_POST['firstname']);
$lastname = $mysqli->real_escape_string($_POST['lastname']);
$email = $mysqli->real_escape_string($_POST['email']);
$uid = $mysqli->real_escape_string($_POST['uid']);
$pwd = $mysqli->real_escape_string($_POST['pwd']);
$sql = "INSERT INTO users (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd');";
if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".$mysqli->error.'<br>';
}
header("Location: index.php?signup=success");
dbh.php
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$mysqli = new mysqli($dbServername,$dbUsername,$dbPassword,$dbName);
if($mysqli->connect_errno){
printf("connection failed %s\n",$mysqli->connect_error);
exit();
}
Please read this reference http://php.net/manual/en/book.mysqli.php
should be like this
$sql = "INSERT INTO users (firstname, lastname, email, uid, pwd ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd')";
mysqli_query($conn,$sql);
I have a session.php and a welcome.php page. There I have my userprofile.
I am trying to update the email field.
When I change my email address and press the update button I get the echo Update Successful, but it does not update. I think it still has the old value from the session and I need to clear it.
session.php:
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"select * from clients where email = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$_SESSION['email']= $row['email'];
$_SESSION['username']= $row['username'];
$_SESSION['firstname']= $row['firstname'];
$_SESSION['lastname']= $row['lastname'];
$_SESSION['birthdate']= $row['birthdate'];
$_SESSION['street']= $row['street'];
$_SESSION['streetnr']= $row['streetnr'];
$_SESSION['city']= $row['city'];
$_SESSION['plzz']= $row['plzz'];
if(!isset($_SESSION['login_user'])){
header("
location:http://localhost:81/Left_over_youth_website/pages/login.php");
}
?>
welcome.php:
<?php
include("../php/session.php");
?>
<div>
<div class="col-md-9">
<div class="imagepageback">
<div class="card">
<div class="profilimage"></div>
<hr class="verticalline">
<?php
$sql = "UPDATE clients SET emaill = $_SESSION WHERE email = $user_check";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
$_SESSION["emaill"] = $email_session;
}
?>
<form class="form" action="" method="post">
<input id="usernamee" class="usernamee" type="text" name="username" value="<?php echo $_SESSION['username']; ?>" readonly>
<input id="emaill" class="emaill" type="text" name="email" value="<?php echo $_SESSION['email']; ?>" readonly>
<input id="firstnamee" class="firstnamee" type="text" name="firstname" value="<?php echo $_SESSION['firstname']; ?>" readonly>
<input id="lastnamee" class="lastnamee" type="text" name="lastname" value="<?php echo $_SESSION['lastname']; ?>" readonly>
<input id="birthdatee" class="birthdatee" type="text" name="birthdate" value="<?php echo $SESSION['birthdate']; ?>" readonly>
<div>
<input id="streett" class="streett" type="text" name="street" value="<?php echo $_SESSION['street']; ?>" readonly>
<input id="nrr" class="nrr" type="text" name="streetnr" value="<?php echo $_SESSION['streetnr']; ?>" readonly>
</div>
<div>
<input id="cityy" class="cityy" type="text" name="city" value="<?php echo $_SESSION['city']; ?>" readonly>
<input id="plzz" class="plzz" type="text" name="plzz" value="<?php echo $_SESSION['plzz']; ?>" readonly>
</div>
<a href="#" class="editprofilelink" id="editprofilelink" onclick="editable(); showbt()"; >Edit Profile</a>
Change Password
<input hidden id="btupdate" type="submit" name="btupdate" value="Update">
</form>
</div>
</div>
</div>
</div>
</div>
echo 'update successful' on update query.
Try the following.
in welcome.php:
<?php
if(isset($_POST['btupdate'])){
$email = $_REQUEST['email'];
$sql = "UPDATE clients SET emaill = '$email' WHERE email = '$email_session'";
$update = mysqli_query($db, $sql);
if($update)
{
echo("update successful");
}
?>
You have a fatal error over this code:
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients". "SET emaill = $email". "WHERE email = $email_session";
if(isset($_POST['btupdate'])){
$update = mysqli_query($db, $sql);
echo("update sucessful");
}
?>
this part ("UPDATE clients". "SET emaill = $email". "WHERE email = $email_session") returns this string "UPDATE clientsSET emaill = example#example.comWHERE email = example2#example.com
try this instead:
$sql="UPDATE clients SET emaill = $email WHERE email = $email_session"
be careful when using concatinate it won't add any space for you.
And you are not changing the $_SESSION["email"] after changing it. you must add $_SESSION["email"] = $email;
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients SET emaill = $email WHERE email = $email_session";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
}
?>
i have created two tables named login and gotest.in gotest table i have stored user details and unique in that table is ID.in login table i am storing refid, username and password.refid is the primary key which contains same value of ID in gotest table.i am getting from ID from one form when it passed through the URl.but when iam trying to login it gives me this errpor " The Username or password are incorrect! ".
Here is my php code
<?php
include_once 'dbconnect.php';
$renewid = $_GET['ID'];
$query = "SELECT refid, username, password FROM ipay_login WHERE refid = '$renewid'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$renewid = $row['refid'];
$uname = $row['username'];
$upass = $row['password'];
echo $renewid . '<br />';
echo $uname . '<br />';
echo $upass . '<br />';
}
if(isset($_POST['btn-signup'])) {
$uname = $_POST['username'];
$upass = $_POST['password'];
/*echo $uname,$upass,$renewid;*/
$result1 = mysql_query("SELECT * FROM ipay_login WHERE username = '$uname' AND password = '$upass'");
if(mysql_num_rows($result1) > 0 )
{
echo "sucesss";
}
else
{
echo 'The Username or password are incorrect!';
}
}
?>
<html>
<head></head>
<body>
<form id="convertion" method="post">
<!--<input type="hidden" id="refid" name="refid" value="<?php /*$_GET['refid']; */?>" /><br/>-->
<input type="text" id="username" name="username" /><br/>
<input type="text" id="password" name="password" /><br/>
<button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>
URL of my login page
http://xxx.yyy.example?ID=1000
Try this ..first of all change your refid column in login to ID.then run following code
<?php
include_once 'dbconnect.php';
$renewid = $_GET['ID'];
$query = "SELECT * FROM login WHERE ID = '$renewid'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$uname = $row['username'];
$upass = $row['password'];
echo $uname . '<br />';
echo $upass . '<br />';
}
if(isset($_POST['btn-signup'])) {
$uname = $_POST['username'];
$upass= $_POST['password'];
$result1 = mysql_query("SELECT * FROM login WHERE username = '$uname' AND password = '$upass'");
if(mysql_num_rows($result1) > 0 )
{
echo "sucess";
}
else
{
echo 'The username or password are incorrect!';
}
}
?>
<html>
<head></head>
<body>
<form id="convertion" method="post">
<input type="text" id="username" name="username" /><br/>
<input type="text" id="password" name="password" /><br/>
<button type="submit" id="btn-signup" name="btn-signup">SUBMIT</button>
</form>
</body>
</html>
I am building a three part signup system using sessions. The first part is on the homepage, there is a login here called form1 and a signup called form2. This question is about signup form2. In form2 the user inserts email and password into the DB table, and the iduser is created auto automatically. A sessions is created, this part works fine. In signup_part2.php using sessions I echo out the iduser and email to prove that the info was inserted into the database. Then in signup_part2.php there is a second form, however when I hit submit nothing is inserted into the database table into those user's fields. How can I insert data into the DB table during a user's session?
home.php
<?php
session_start();
require('connect.php');
require('header.php');
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
</form>
</div>
EOT;
$form2 = <<<EOT
<div id="homecolumn2">
<p>Sign Up</p></br>
<form id="signuppart1" action="home.php" method="post">
<input name="signupemail" placeholder="email" type="email" rows="20" required> </input></br>
<input pattern="(?=^.{8,50}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" name="signuppassword" placeholder="password" type="password" rows="20" required> </input></br>
<input name="submitb" type="submit" value="Sign Up"> </input>
</form>
</div>
EOT;
$footer = <<<EOT
<div id="footerhome1">
</div>
</div>
EOT;
/*-------------------------------------form1----------------------------------------*/
if(isset($_POST['submita'])){
$email = mysql_escape_string($_POST['emaillogin']);
$pass = mysql_escape_string($_POST['passwordlogin']);
$salt = '458mn$8n#bty67mg%563!&78fj^543*41s';
$pass = md5($pass . $salt);
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email' AND `password`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
}
// END ADDITIONAL CODE
header('location: profile.php');
}else{
echo <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
<p style="color:red;">"Wrong password or username"</p>
</form>
</div>
EOT;
}
}else{
echo $form1;
}
/*-------------------------------------form2----------------------------------------*/
if(isset($_POST['submitb'])){
//perform verification
$email1 = $_POST['signupemail'];
$pass1 = $_POST['signuppassword'];
if ($pass1 == NULL){
echo <<<EOT
<p style="color:red;">"Enter a password"</p>
EOT;
exit();
}
$email1 = mysql_escape_string($email1);
$password = mysql_escape_string($pass1);
$salt = 'justasalt';
$password = md5($password . $salt);
$sql2 = mysql_query("SELECT * FROM `profile` WHERE `email` = '$email1' ");
if(mysql_num_rows($sql2) > 0){
echo $form2;
echo <<<EOT
<p style="color:red;">"Sorry, that email already exists!"</p>
EOT;
exit();
}
else{
mysql_query("INSERT INTO `profile` (`iduser`, `password`, `email`)VALUES(NULL, '$password', '$email1')");
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email1' AND `password`= '$password' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['iduser'] = $row['iduser'];
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
$_SESSION['logged_in']['location'] = $row['location'];
$_SESSION['logged_in']['website'] = $row['website'];
$_SESSION['logged_in']['age'] = $row['age'];
$_SESSION['logged_in']['joined'] = $row['joined'];
$_SESSION['logged_in']['email'] = $row['email'];
}
header("location: signup_part2.php");
}
}
}
else{
echo $form2;
}
?>
signup_part2.php
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
/*$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website); */
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Found my mistake
if(isset($_POST['submit']))
should be
if(isset($_POST['submita']))