I'm currently logged in using a session, I want the user to be able to update their info. However on submit nothing happens. The session works because when I check the iduser email and password echo out. I think I might be writing the query wrong or I'm using the session incorrectly.Can someone explain why nothing in the database is being updated?
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website);
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Your query should be like this
UPDATE profile SET fnlname='$fnlname', joineddate='$joineddate', gender='$gender', age='$age' ,location='$location', website='$website' WHERE iduser='$iduser'
You missed commas And if $iduser is a string you must encapsulate with single quote
Related
I am trying to implement and update query that updates a record in the database. I'm new to php here is my code :
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
Here is the fetch command:
<?php
include("connection.php");
$id = $_GET['id'];
$qry = "SELECT * from studentinformation WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($result)){
$name= $row['FullName'];
$email = $row['email'];
$pass = $row['Password'];
$major = $row['major'];
}
?>
here is the action page:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_GET['id'];
$name = $_GET['name'];
$email= $GET['email'];
$pass = $_GET['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
Here is the form:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="get" enctype="multipart/form-data">
Please help guys I'm new to php
Move id from action attribute into a hidden input:
<form action="UpdateStudentAction.php" method="get" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?=$id?>">
...
will do the magic.
And avoid empty spaces into value attributes;
Make your form POST data instead of using GET method (that passes form data through url). Especially that you already using id query param in the url. You can include the id inside the form as a hidden field:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id ?> ">
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
</form>
Then in your UpdateStudentAction.php file you can receive data using post:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$pass = $_POST['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
The GET method is restricted to send upto 1024 characters only.
The POST method does not have any restriction on data size to be sent. (You can use POST method instead of GET method)
I have a session.php and a welcome.php page. There I have my userprofile.
I am trying to update the email field.
When I change my email address and press the update button I get the echo Update Successful, but it does not update. I think it still has the old value from the session and I need to clear it.
session.php:
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"select * from clients where email = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$_SESSION['email']= $row['email'];
$_SESSION['username']= $row['username'];
$_SESSION['firstname']= $row['firstname'];
$_SESSION['lastname']= $row['lastname'];
$_SESSION['birthdate']= $row['birthdate'];
$_SESSION['street']= $row['street'];
$_SESSION['streetnr']= $row['streetnr'];
$_SESSION['city']= $row['city'];
$_SESSION['plzz']= $row['plzz'];
if(!isset($_SESSION['login_user'])){
header("
location:http://localhost:81/Left_over_youth_website/pages/login.php");
}
?>
welcome.php:
<?php
include("../php/session.php");
?>
<div>
<div class="col-md-9">
<div class="imagepageback">
<div class="card">
<div class="profilimage"></div>
<hr class="verticalline">
<?php
$sql = "UPDATE clients SET emaill = $_SESSION WHERE email = $user_check";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
$_SESSION["emaill"] = $email_session;
}
?>
<form class="form" action="" method="post">
<input id="usernamee" class="usernamee" type="text" name="username" value="<?php echo $_SESSION['username']; ?>" readonly>
<input id="emaill" class="emaill" type="text" name="email" value="<?php echo $_SESSION['email']; ?>" readonly>
<input id="firstnamee" class="firstnamee" type="text" name="firstname" value="<?php echo $_SESSION['firstname']; ?>" readonly>
<input id="lastnamee" class="lastnamee" type="text" name="lastname" value="<?php echo $_SESSION['lastname']; ?>" readonly>
<input id="birthdatee" class="birthdatee" type="text" name="birthdate" value="<?php echo $SESSION['birthdate']; ?>" readonly>
<div>
<input id="streett" class="streett" type="text" name="street" value="<?php echo $_SESSION['street']; ?>" readonly>
<input id="nrr" class="nrr" type="text" name="streetnr" value="<?php echo $_SESSION['streetnr']; ?>" readonly>
</div>
<div>
<input id="cityy" class="cityy" type="text" name="city" value="<?php echo $_SESSION['city']; ?>" readonly>
<input id="plzz" class="plzz" type="text" name="plzz" value="<?php echo $_SESSION['plzz']; ?>" readonly>
</div>
<a href="#" class="editprofilelink" id="editprofilelink" onclick="editable(); showbt()"; >Edit Profile</a>
Change Password
<input hidden id="btupdate" type="submit" name="btupdate" value="Update">
</form>
</div>
</div>
</div>
</div>
</div>
echo 'update successful' on update query.
Try the following.
in welcome.php:
<?php
if(isset($_POST['btupdate'])){
$email = $_REQUEST['email'];
$sql = "UPDATE clients SET emaill = '$email' WHERE email = '$email_session'";
$update = mysqli_query($db, $sql);
if($update)
{
echo("update successful");
}
?>
You have a fatal error over this code:
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients". "SET emaill = $email". "WHERE email = $email_session";
if(isset($_POST['btupdate'])){
$update = mysqli_query($db, $sql);
echo("update sucessful");
}
?>
this part ("UPDATE clients". "SET emaill = $email". "WHERE email = $email_session") returns this string "UPDATE clientsSET emaill = example#example.comWHERE email = example2#example.com
try this instead:
$sql="UPDATE clients SET emaill = $email WHERE email = $email_session"
be careful when using concatinate it won't add any space for you.
And you are not changing the $_SESSION["email"] after changing it. you must add $_SESSION["email"] = $email;
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients SET emaill = $email WHERE email = $email_session";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
}
?>
I am building a three part signup system using sessions. The first part is on the homepage, there is a login here called form1 and a signup called form2. This question is about signup form2. In form2 the user inserts email and password into the DB table, and the iduser is created auto automatically. A sessions is created, this part works fine. In signup_part2.php using sessions I echo out the iduser and email to prove that the info was inserted into the database. Then in signup_part2.php there is a second form, however when I hit submit nothing is inserted into the database table into those user's fields. How can I insert data into the DB table during a user's session?
home.php
<?php
session_start();
require('connect.php');
require('header.php');
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
</form>
</div>
EOT;
$form2 = <<<EOT
<div id="homecolumn2">
<p>Sign Up</p></br>
<form id="signuppart1" action="home.php" method="post">
<input name="signupemail" placeholder="email" type="email" rows="20" required> </input></br>
<input pattern="(?=^.{8,50}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" name="signuppassword" placeholder="password" type="password" rows="20" required> </input></br>
<input name="submitb" type="submit" value="Sign Up"> </input>
</form>
</div>
EOT;
$footer = <<<EOT
<div id="footerhome1">
</div>
</div>
EOT;
/*-------------------------------------form1----------------------------------------*/
if(isset($_POST['submita'])){
$email = mysql_escape_string($_POST['emaillogin']);
$pass = mysql_escape_string($_POST['passwordlogin']);
$salt = '458mn$8n#bty67mg%563!&78fj^543*41s';
$pass = md5($pass . $salt);
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email' AND `password`= '$pass' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
}
// END ADDITIONAL CODE
header('location: profile.php');
}else{
echo <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="homecolumn1">
<p>Login</p></br>
<form id="login" action="home.php" method="POST">
<input name="emaillogin" placeholder="email" type="email" rows="20"> </input></br>
<input name="passwordlogin" placeholder="password" type="password" rows="20"> </input></br>
<input type="submit" name="submita" value="Log In"> </input>
<p style="color:red;">"Wrong password or username"</p>
</form>
</div>
EOT;
}
}else{
echo $form1;
}
/*-------------------------------------form2----------------------------------------*/
if(isset($_POST['submitb'])){
//perform verification
$email1 = $_POST['signupemail'];
$pass1 = $_POST['signuppassword'];
if ($pass1 == NULL){
echo <<<EOT
<p style="color:red;">"Enter a password"</p>
EOT;
exit();
}
$email1 = mysql_escape_string($email1);
$password = mysql_escape_string($pass1);
$salt = 'justasalt';
$password = md5($password . $salt);
$sql2 = mysql_query("SELECT * FROM `profile` WHERE `email` = '$email1' ");
if(mysql_num_rows($sql2) > 0){
echo $form2;
echo <<<EOT
<p style="color:red;">"Sorry, that email already exists!"</p>
EOT;
exit();
}
else{
mysql_query("INSERT INTO `profile` (`iduser`, `password`, `email`)VALUES(NULL, '$password', '$email1')");
$sql = mysql_query ("SELECT * FROM `profile` WHERE `email` = '$email1' AND `password`= '$password' ");
if(mysql_num_rows($sql) > 0){
// ADDITIONAL CODE //pull userdata from db
while($row = mysql_fetch_array($sql)){
$_SESSION['logged_in']['iduser'] = $row['iduser'];
$_SESSION['logged_in']['fnlname'] = $row['fnlname'];
$_SESSION['logged_in']['username'] = $row['username'];
$_SESSION['logged_in']['gender'] = $row['gender'];
$_SESSION['logged_in']['location'] = $row['location'];
$_SESSION['logged_in']['website'] = $row['website'];
$_SESSION['logged_in']['age'] = $row['age'];
$_SESSION['logged_in']['joined'] = $row['joined'];
$_SESSION['logged_in']['email'] = $row['email'];
}
header("location: signup_part2.php");
}
}
}
else{
echo $form2;
}
?>
signup_part2.php
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
/*$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website); */
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Found my mistake
if(isset($_POST['submit']))
should be
if(isset($_POST['submita']))
I have the below code which displays information from a mysql row in a form so that the user can edit this information and then save it back to the database:
$companyeditsql = "SELECT * FROM Companys WHERE CompanyName = '" . $_POST['company'] . "'";
$companysresult=mysqli_query($conn, $companyeditsql);
$row = mysqli_fetch_array($companysresult)
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
Company Name: <input type="text" name="companyname" value="<?php echo $row['CompanyName']; ?>"><br>
E-mail: <input type="email" name="email" value="<?php echo $row['Email']; ?>"><br>
Number of Drivers: <input type="number" name="numdrivers" value="<?php echo $row['DriverCount']; ?>"><br>
Contact Name: <input type="text" name="contactname" value="<?php echo $row['ContactName']; ?>"><br>
Address: <input type="text" name="address" value="<?php echo $row['Address']; ?>"><br>
Phone Number: <input type="tel" name="phonenumber" value="<?php echo $row['PhoneNumber']; ?>"><br>
Password: <input type="password" name="password"><br>
Notes: <input type="text" name="notes" value="<?php echo $row['Notes']; ?>"><br>
<input type="hidden" name="companyid" value"<?php echo $row['ID']; ?>">
<input type="submit" name="addedittedcompany" value="Save Company">
</form>
This works well and displays the right information, I then have the below code which should take the edited data and save it back into the database:
}else if (isset($_POST['addedittedcompany'])){
$CompanyName = $_POST['companyname'];
$Email = $_POST['email'];
$NumberofDrivers = $_POST['numdrivers'];
$ContactName = $_POST['contactname'];
$Address = $_POST['address'];
$PhoneNumber = $_POST['phonenumber'];
$Password = $_POST['password'];
$Notes = $_POST['notes'];
$companyid = $_POST['companyid'];
$options = [
'cost' => 11,
];
$CompanyName = mysqli_real_escape_string($conn, $CompanyName);
$Email = mysqli_real_escape_string($conn, $Email);
$NumberofDrivers = mysqli_real_escape_string($conn, $NumberofDrivers);
$ContactName = mysqli_real_escape_string($conn, $ContactName);
$Address = mysqli_real_escape_string($conn, $Address);
$PhoneNumber = mysqli_real_escape_string($conn, $PhoneNumber);
$Notes = mysqli_real_escape_string($conn, $Notes);;
if (!empty($Password)){
$Password = mysqli_real_escape_string($conn, $Password);
$hash = password_hash($Password, PASSWORD_BCRYPT, $options);
$editcompanysql = "UPDATE Companys SET CompanyName='$CompanyName', Email='$Email', DriverCount='$NumberofDrivers', ContactName='$ContactName', Address='$Address', PhoneNumber='$PhoneNumber', Notes='$Notes', PassHash='$hash' WHERE ID = '$companyid'";
}else{
$editcompanysql = "UPDATE Companys SET CompanyName='$CompanyName', Email='$Email', DriverCount='$NumberofDrivers', ContactName='$ContactName', Address='$Address', PhoneNumber='$PhoneNumber', Notes='$Notes' WHERE ID = '$companyid'";
}
if (mysqli_query($conn,$editcompanysql)){
echo "Company Saved";
echo mysqli_error($conn);
}else{
echo "Failed to save Company";
echo mysqli_error($conn);
}
}
Once this runs the Company saved echo is fired however when I then check the database the old data is still in the database i.e the changed info has not been saved.
No error is displayed and I can not see anything wrong with the php itself, any ideas?
Thank you
I missed out the equals in the hidden value:
<input type="hidden" name="companyid" value="<?php echo $row['ID']; ?>">
and its working now
First print your post array like this then try to assignment and database update
echo "<pre>";
print_r($_POST);
echo "</pre>";
Question at hand:
How do I create the php code to let users who are logged into my site edit/update their profile settings/information?
I have 1 part working correctly for users to change their password, however, have no idea where to start when it comes to allowing users who are logged in to edit/update their other settings such as:
(1) nickname,
(2) country,
(3) date of birth,
(4) gender,
(5) motto and
(6) bio
I'll provide the php and html code below that I have that is working for changing password, but I know that I need more to let users change/edit/update their other information. I tried using what is below as a reference to create the php code for the other information, but it didn't work so I have no idea where to even begin! Any help will be much appreciated...
PHP reference code:
if($_POST['submit']=='Change')
{
$err = array();
if(!$_POST['password1'] || !$_POST['passwordnew1'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['password1'] = mysql_real_escape_string($_POST['password1']);
$_POST['passwordnew1'] = mysql_real_escape_string($_POST['passwordnew1']);
$row = mysql_fetch_assoc(mysql_query("SELECT id,username FROM members WHERE username='{$_SESSION['username']}' AND pass='".md5($_POST['password1'])."'"));
if($row['username'])
{
$querynewpass = "UPDATE members SET pass='".md5($_POST['passwordnew1'])."' WHERE username='{$_SESSION['username']}'";
$result = mysql_query($querynewpass) or die(mysql_error());
$_SESSION['msg']['passwordchange-success']='* You have successfully changed your password!';
}
else $err[]='Wrong password to start with!';
}
if($err)
$_SESSION['msg']['passwordchange-err'] = implode('<br />',$err);
header("Location: members.php?id=" . $_SESSION['username']);
exit;
}
HTML reference code:
<form action="" method="post">
<label class="grey" for="password1">Current Password:</label>
<input class="field" type="password" name="password1" id="password1" value="" size="23" />
<label class="grey" for="password">New Password:</label>
<input class="field" type="password" name="passwordnew1" id="passwordnew1" size="23" />
<input type="submit" name="submit" value="Change" class="bt_register" style="margin-left: 382px;" />
<div class="clear"></div>
<?php
if($_SESSION['msg']['passwordchange-err'])
{
echo '<div class="err">'.$_SESSION['msg']['passwordchange-err'].'</div>';
unset($_SESSION['msg']['passwordchange-err']);
}
if($_SESSION['msg']['passwordchange-success'])
{
echo '<div class="success">'.$_SESSION['msg']['passwordchange-success'].'</div>';
unset($_SESSION['msg']['passwordchange-success']);
}
?>
</form>
So how would I create the php code to make this work for users to be able to edit/update their own profile settings/information from the numeric list I provided above (1-6)?
And I know using mysqli/pdo is a better alternative to use, but I unfortunately need to use the old deprecated mysql_* stuff for this project at this time...
If you need more info, let me know ;)
EDIT:
Additional Question,
I'd assume too that I'd need to create variables for each column too such as:
$nickname = $_POST['nickname'];
$country = $_POST['country'];
etc...or is that not correct?
RE-EDIT:
Would something like this be applicable?
$id = $_SESSION['id'];
if ($_POST['country']) {
$country = $_POST['country'];
$nickname = $_POST['nickname'];
$DOB = $_POST['DOB'];
$gender = $_POST['gender'];
$motto = $_POST['motto'];
$bio = $_POST['bio'];
$sql = mysql_query("UPDATE members SET country='$country', nickname='$nickname', DOB='$DOB', gender='$gender', motto='$motto', bio='$bio' WHERE id='$id'");
exit;
}
$sql = mysql_query("SELECT * FROM members WHERE id='$id' LIMIT 1");
while($row = mysql_fetch_array($sql)){
$country = $row["country"];
$nickname = $row["nickname"];
$DOB = $row["DOB"];
$gender = $row["gender"];
$motto = $row["motto"];
$bio = $row["bio"];
}
Or am I way off base?
short version ;)
HTML file:
<form action="./change.php" method="post">
Nickname: <input type="text" name="nickname"><br />
Country: <input type="text" name="country"><br />
Date of birth: <input type="text" name="date_of_birth"><br />
Gender: <input type="text" name="gender"><br />
Motto: <input type="text" name="motto"><br />
Bio: <input type="text" name="bio"><br />
<input type="submit" value="Submit">
</form>
change.php:
<?php
function filter($date)
{
return trim(htmlspecialchars($date));
}
$nickname = filter($_POST['nickname'])
$country = filter($_POST['country'])
$date_of_birth = filter($_POST['date_of_birth'])
$gender = filter($_POST['gender'])
$motto = filter($_POST['motto'])
$bio = filter($_POST['bio'])
if (isUserLogIn)
{
//SQL update query
}
?>