I have a session.php and a welcome.php page. There I have my userprofile.
I am trying to update the email field.
When I change my email address and press the update button I get the echo Update Successful, but it does not update. I think it still has the old value from the session and I need to clear it.
session.php:
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"select * from clients where email = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$_SESSION['email']= $row['email'];
$_SESSION['username']= $row['username'];
$_SESSION['firstname']= $row['firstname'];
$_SESSION['lastname']= $row['lastname'];
$_SESSION['birthdate']= $row['birthdate'];
$_SESSION['street']= $row['street'];
$_SESSION['streetnr']= $row['streetnr'];
$_SESSION['city']= $row['city'];
$_SESSION['plzz']= $row['plzz'];
if(!isset($_SESSION['login_user'])){
header("
location:http://localhost:81/Left_over_youth_website/pages/login.php");
}
?>
welcome.php:
<?php
include("../php/session.php");
?>
<div>
<div class="col-md-9">
<div class="imagepageback">
<div class="card">
<div class="profilimage"></div>
<hr class="verticalline">
<?php
$sql = "UPDATE clients SET emaill = $_SESSION WHERE email = $user_check";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
$_SESSION["emaill"] = $email_session;
}
?>
<form class="form" action="" method="post">
<input id="usernamee" class="usernamee" type="text" name="username" value="<?php echo $_SESSION['username']; ?>" readonly>
<input id="emaill" class="emaill" type="text" name="email" value="<?php echo $_SESSION['email']; ?>" readonly>
<input id="firstnamee" class="firstnamee" type="text" name="firstname" value="<?php echo $_SESSION['firstname']; ?>" readonly>
<input id="lastnamee" class="lastnamee" type="text" name="lastname" value="<?php echo $_SESSION['lastname']; ?>" readonly>
<input id="birthdatee" class="birthdatee" type="text" name="birthdate" value="<?php echo $SESSION['birthdate']; ?>" readonly>
<div>
<input id="streett" class="streett" type="text" name="street" value="<?php echo $_SESSION['street']; ?>" readonly>
<input id="nrr" class="nrr" type="text" name="streetnr" value="<?php echo $_SESSION['streetnr']; ?>" readonly>
</div>
<div>
<input id="cityy" class="cityy" type="text" name="city" value="<?php echo $_SESSION['city']; ?>" readonly>
<input id="plzz" class="plzz" type="text" name="plzz" value="<?php echo $_SESSION['plzz']; ?>" readonly>
</div>
<a href="#" class="editprofilelink" id="editprofilelink" onclick="editable(); showbt()"; >Edit Profile</a>
Change Password
<input hidden id="btupdate" type="submit" name="btupdate" value="Update">
</form>
</div>
</div>
</div>
</div>
</div>
echo 'update successful' on update query.
Try the following.
in welcome.php:
<?php
if(isset($_POST['btupdate'])){
$email = $_REQUEST['email'];
$sql = "UPDATE clients SET emaill = '$email' WHERE email = '$email_session'";
$update = mysqli_query($db, $sql);
if($update)
{
echo("update successful");
}
?>
You have a fatal error over this code:
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients". "SET emaill = $email". "WHERE email = $email_session";
if(isset($_POST['btupdate'])){
$update = mysqli_query($db, $sql);
echo("update sucessful");
}
?>
this part ("UPDATE clients". "SET emaill = $email". "WHERE email = $email_session") returns this string "UPDATE clientsSET emaill = example#example.comWHERE email = example2#example.com
try this instead:
$sql="UPDATE clients SET emaill = $email WHERE email = $email_session"
be careful when using concatinate it won't add any space for you.
And you are not changing the $_SESSION["email"] after changing it. you must add $_SESSION["email"] = $email;
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients SET emaill = $email WHERE email = $email_session";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
}
?>
Related
I am trying to implement and update query that updates a record in the database. I'm new to php here is my code :
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
Here is the fetch command:
<?php
include("connection.php");
$id = $_GET['id'];
$qry = "SELECT * from studentinformation WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($result)){
$name= $row['FullName'];
$email = $row['email'];
$pass = $row['Password'];
$major = $row['major'];
}
?>
here is the action page:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_GET['id'];
$name = $_GET['name'];
$email= $GET['email'];
$pass = $_GET['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
Here is the form:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="get" enctype="multipart/form-data">
Please help guys I'm new to php
Move id from action attribute into a hidden input:
<form action="UpdateStudentAction.php" method="get" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?=$id?>">
...
will do the magic.
And avoid empty spaces into value attributes;
Make your form POST data instead of using GET method (that passes form data through url). Especially that you already using id query param in the url. You can include the id inside the form as a hidden field:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id ?> ">
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
</form>
Then in your UpdateStudentAction.php file you can receive data using post:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$pass = $_POST['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
The GET method is restricted to send upto 1024 characters only.
The POST method does not have any restriction on data size to be sent. (You can use POST method instead of GET method)
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_REQUEST['teamname'];
$email = $_REQUEST['email'];
$password = (md5($_REQUEST['password']));
$query = "UPDATE users SET email = ?,password = ? WHERE name = ?";
$statemnt = $conn->prepare($query);
$statemnt->bind_param('sss',$email,$password,$name);
$statemnt->execute(); echo $name,$email,$password; var_dump();
$statemnt->close(); $conn->close(); } ?>
managed to get the SELECT Statement figured out before this one and still having issues with the UPDATE - a form above this php snippet and is suppose to fill out $email $password and $name
<form method="post" action="">Team Name:<br>
<input type="text" name="teamname" value="<?php echo $name;?>">
<br>Email:<br><input type="text" name="email" value="<?php echo $email;?>">
<br>Password:<br><input type="text" name="password" value="">
<br><br><input type="Submit" value="Update the Record" name="Submit">
</form>
EDITED TO THE FOLLOWING (there is code above this part and below dont expect u want to see the rest of my html code - the bottom is what i am have trouble with):SELECT STATEMENT and var_dump is working but when i enter a password into the form it doesnt trigger the Submit and ultimately the UPDATE Statement - i have worked on it today again to no avail. pls any help would be appreciated not sure what im doing wrong - also var_dump at the bottom is outputing all of the values now
<?php
if (isset($_POST['submit'])) {
$sql = $conn->prepare("UPDATE users SET email=? , password=? WHERE team=?");
$postedemail=$_POST['teamemail'];
$postedpassword= $_POST['teampassword'];
$sql->bind_param("ssi",$postedemail,$postedpassword,$_POST["mySelect"]);
if($sql->execute()) {
$success_message = "Edited Successfully";
} else {
$error_message = "Problem in Editing Record";
}
var_dump($postedpassword);
var_dump($postedemail);
}
$stmt = $conn->prepare("SELECT team, name, email, password FROM users WHERE team = ?");
$stmt->bind_param("i", $_POST["mySelect"]);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
while($rows = $result->fetch_assoc()) {
$name = $rows['name'];
$email = $rows['email'];
$password = $rows['password'];
}
var_dump($password);
var_dump($name);
var_dump($email);
var_dump($_POST['mySelect']);
$stmt->close();
?>
<?php if(!empty($success_message)) { ?>
<div class="success message"><?php echo $success_message; ?></div>
<?php } if(!empty($error_message)) { ?>
<div class="error message"><?php echo $error_message; ?></div>
<?php } ?>
<form name="frmUser" method="post" action="">
<label>NAME:</label>
<input type="text" name="teamname" class="txtField" value="<?php echo $name?>">
<label>EMAIL:</label>
<input type="text" name="teamemail" class="txtField" value="<?php echo $email?>">
<label>PASSWORD</label>
<input type="text" name="teampassword" class="txtField" value="">
<input type="submit" name="submit" value="Submit" class="demo-form-submit">
</form>
thanks
You have this at the begining of your script : $selectedOption = $_POST["mySelect"];
Nowhere in your code (especially in your <form></form>) I see any input named "mySelect"
Add this field in your form and the problem should be solved.
var_dump(); helps a lot debugging.
I m trying to get data on another page by id which is on showdetails.php page.but i m unable to please help.
Showdetails.php
this page shows details of user with id and button which will allow user to edit details on another page
<!DOCTYPE html>
<html>
<head>
<title>Details</title>
</head>
<body>
<?php
require('database.php');
?>
<h1>User Lists</h1>
<?php
$select = "SELECT id, firstname, lastname FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
while($row = mysqli_fetch_array($selectdata)) {
$id = $row['id'];
$first = $row['firstname'];
$last = $row['lastname'];
?>
<form method="get" action="editdetails.php">
<p><b>ID: <?php echo $id; ?></b></p>
<p>Name: <?php echo $first; ?> <?php echo $last; ?></p>
<?php
$edit = "SELECT id FROM signup WHERE id= '" .$id. "'";
$selectedit = $conn->query($edit);
?>
<p><input type="submit" name="display" value="Edit Details"></p>
</form>
<?php
}
}
?>
</body>
</html>
editdetails.php
On this page, user will be able to edit details, and i want details by id
<!DOCTYPE html>
<html>
<head>
<title>Edit User Details</title>
</head>
<body>
<?php
require('database.php');
$select = "SELECT firstname, lastname, age, phone_no, age, username, password FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
$row = mysqli_fetch_array($selectdata);
$first = $row['firstname'];
$last = $row['lastname'];
$age = $row['age'];
$phone_no = $row['phone_no'];
$username = $row['username'];
$password = $row['password'];
}
?>
<?php
if (isset($_POST['update'])) {
# code...
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$age = mysqli_real_escape_string($conn, $_POST['age']);
$phone = mysqli_real_escape_string($conn, $_POST['phone_no']);
$username = mysqli_real_escape_string($conn, $_POST['user']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);
$update = "UPDATE signup SET firstname= '$first', lastname= '$last', age= '$age', phone_no = '$phone', username = '$username', password = '$password' WHERE id= '$id'";
$updatedata = $conn->query($update);
if ($updatedata) {
# code...
echo $status = "Details Updated";
}
else {
# code...
echo $status = "Not Updated";
}
}
if (isset($_POST['delete'])) {
# code...
$delete = "DELETE FROM signup WHERE firstname = $first";
$deletedata = $conn->query($delete);
if ($deletedata) {
# code...
echo $status = "Details Deleted";
}
else {
# code...
echo $status = "Not Deleted";
}
}
?>
<h1>Edit Details</h1>
<form method="post" action= "<?php htmlspecialchars($_SERVER['PHP_SELF']) ?>">
<p>FirstName: <input type="text" name="first" value="<?php echo $first; ?>"></p>
<p>LastName: <input type="text" name="last" value="<?php echo $last; ?>"></p>
<p>Phone no: <input type="number" name="phone_no" value="<?php echo $phone_no; ?>"></p>
<p>Age: <input type="number" name="age" value="<?php echo $age; ?>"></p>
<p>User: <input type="text" name="user" value="<?php echo $username; ?>"></p>
<p>Password: <input type="password" name="pass" value="<?php echo $password; ?>"></p>
<p><input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete"></p>
</form>
<p><?php echo $status; ?></p>
</body>
</html>
Thank You.
Add in your HTML form a hidden input, like so:
<input type="hidden" name="id" value="<?php echo $id; ?>">
Then in your editdetails.php file you can access it with: $_GET["id"].
Update:
Add the hidden input to the form in Showdetails.php.
Then in editdetails.php add at the top of the page $id = (int)$_GET["id"];
Then add to your SELECT query in editdetails.php a WHERE statement for selecting the correct user:
$select = "SELECT ... FROM signup WHERE id = $id";
For the update query you are then good to go since you are already using there WHERE id = $id. (but before your $id variable was not defined)
I am building a three part signup system using sessions. The first part is on the homepage, there is a login here called form1 and a signup called form2. This question is about signup form2. In form2 the user inserts email and password into the DB table, and the iduser is created auto automatically. A sessions is created, this part works fine. In signup_part2.php using sessions I echo out the iduser and email to prove that the info was inserted into the database. Then in signup_part2.php there is a second form, however when I hit submit nothing is inserted into the database table into those user's fields. How can I insert data into the DB table during a user's session?
home.php
<?php
session_start();
require('connect.php');
require('header.php');
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
</form>
</div>
EOT;
$form2 = <<<EOT
<div id="homecolumn2">
<p>Sign Up</p></br>
<form id="signuppart1" action="home.php" method="post">
<input name="signupemail" placeholder="email" type="email" rows="20" required> </input></br>
<input pattern="(?=^.{8,50}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" name="signuppassword" placeholder="password" type="password" rows="20" required> </input></br>
<input name="submitb" type="submit" value="Sign Up"> </input>
</form>
</div>
EOT;
$footer = <<<EOT
<div id="footerhome1">
</div>
</div>
EOT;
/*-------------------------------------form1----------------------------------------*/
if(isset($_POST['submita'])){
$email = mysql_escape_string($_POST['emaillogin']);
$pass = mysql_escape_string($_POST['passwordlogin']);
$salt = '458mn$8n#bty67mg%563!&78fj^543*41s';
$pass = md5($pass . $salt);
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email' AND `password`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
}
// END ADDITIONAL CODE
header('location: profile.php');
}else{
echo <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
<p style="color:red;">"Wrong password or username"</p>
</form>
</div>
EOT;
}
}else{
echo $form1;
}
/*-------------------------------------form2----------------------------------------*/
if(isset($_POST['submitb'])){
//perform verification
$email1 = $_POST['signupemail'];
$pass1 = $_POST['signuppassword'];
if ($pass1 == NULL){
echo <<<EOT
<p style="color:red;">"Enter a password"</p>
EOT;
exit();
}
$email1 = mysql_escape_string($email1);
$password = mysql_escape_string($pass1);
$salt = 'justasalt';
$password = md5($password . $salt);
$sql2 = mysql_query("SELECT * FROM `profile` WHERE `email` = '$email1' ");
if(mysql_num_rows($sql2) > 0){
echo $form2;
echo <<<EOT
<p style="color:red;">"Sorry, that email already exists!"</p>
EOT;
exit();
}
else{
mysql_query("INSERT INTO `profile` (`iduser`, `password`, `email`)VALUES(NULL, '$password', '$email1')");
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email1' AND `password`= '$password' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['iduser'] = $row['iduser'];
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
$_SESSION['logged_in']['location'] = $row['location'];
$_SESSION['logged_in']['website'] = $row['website'];
$_SESSION['logged_in']['age'] = $row['age'];
$_SESSION['logged_in']['joined'] = $row['joined'];
$_SESSION['logged_in']['email'] = $row['email'];
}
header("location: signup_part2.php");
}
}
}
else{
echo $form2;
}
?>
signup_part2.php
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
/*$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website); */
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Found my mistake
if(isset($_POST['submit']))
should be
if(isset($_POST['submita']))
I'm currently logged in using a session, I want the user to be able to update their info. However on submit nothing happens. The session works because when I check the iduser email and password echo out. I think I might be writing the query wrong or I'm using the session incorrectly.Can someone explain why nothing in the database is being updated?
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website);
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Your query should be like this
UPDATE profile SET fnlname='$fnlname', joineddate='$joineddate', gender='$gender', age='$age' ,location='$location', website='$website' WHERE iduser='$iduser'
You missed commas And if $iduser is a string you must encapsulate with single quote