This is my admin_edit.php code. I already checked others php file and found no problem. This code has no errors but it can't update data in database.
<?php require_once('header.php'); ?>
<?php
if($_GET && !$_POST)
{
if(isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
}
else
{
$id = NULL;
}
if($id)
{
$sql = "SELECT * FROM tb_admin WHERE id_admin=$id";
$query = mysql_query($sql) or die(mysql_error());
$hasil = mysql_fetch_array($query) or die(mysql_error());
}
}
elseif($_POST)
{
$id = $_POST['id_admin'];
$nama = $_POST['nama'];
$username = $_POST['username'];
$password = md5($_POST['password']);
if($nama=='' || $username=='' || $password=='')
{
$error = 'Nama, Username dan Password diisi tidak boleh kosong';
}
else
{
$sql = "UPDATE tb_admin SET nama='$nama', username='$username', password='$password' WHERE id_admin='$id'";
mysql_query($sql) or die(mysql_error());
$_SESSION['PESAN'] = 'Berhasil merubah user !';
refresh('admin.php');
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<fieldset>
<legend> Ubah Admin </legend>
<?php if(isset($error)) echo '<div class="control-group"><div class="alert alert-error">'.$error.'</div></div>';
?>
<div>
<label for="nama">Nama</label>
<input id="nama" name="nama" class="span4" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="username">Username</label>
<input id="username" name="username" type="text" required="required" value="<?php echo $hasil['username']; ?>"/>
</div>
<div>
<label for="password">Password</label>
<input id="password" name="password" class="wide" type="password" required="required" value=""/>
</div>
<div class="form-actions">
<button type="submit" name="submit" class="btn btn-primary" value="Edit">Simpan</button>
<button type="button" class="btn" onclick="javascript: if(confirm('Anda yakin untuk batal ?')) window.location.href='admin.php'; else return false; ">Batal</button>
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
</div>
</fieldset>
</form>
<?php require_once('footer.php'); ?>
I researched this problem for almost half a day and found no solution. Sorry for my bad english.
You are using name="id" instead of name="id_admin" as well as $_POST['id']
instead of $_POST['id_admin']
Change
<input name="id" type="hidden" value="<?php if(isset($_POST['id'])) echo $_POST['id']; else echo $hasil['id_admin'];?>">
to
<input name="id_admin" type="hidden" value="<?php if(isset($_POST['id_admin'])) echo $_POST['id_admin']; else echo $hasil['id_admin'];?>">
Your WHERE clause depends on it.
WHERE id_admin='$id'
Your present code is open to SQL injection.
Use mysqli with prepared statements, or PDO with prepared statements.
Related
I'm newbie in php and i make a simple CRUD app. Unfortunately, I'm stacked with this problem, I don't know what's wrong with my code in my update.php. When i click update in my index.php it Undefined variable. I think my value in form is wrong. Any help is appreciated.
update.php
<?php
include("connection.php");
if (isset($_POST['customerNumber'])) {
$customerNumber = $_POST['customerNumber'];
$q = "SELECT customerNumber, checkNumber, paymentDate, amount FROM payments WHERE customerNumber='$customerNumber'";
$rq = mysqli_query($conn, $q);
while ($row = mysqli_feth_assoc($rq)) {
$customerNumber = $row['customerNumber'];
$checkNumber = $row['checkNumber'];
$paymentDate = $row['paymentDate'];
$amount = $row['amount'];
}
}
?>
<!-- from the index.php update -->
<form action="update.php?customerNumber=$customerNumber" method="post">
<label>
<input type="text" name="customerNumber" value="<?php echo $row['customerNumber']; ?>" placeholder="Customer Number" required>
</label>
<label>
<input type="text" name="checkNumber" value="<?php echo $row['checkNumber']; ?>" placeholder="Check Number" required>
</label>
<label>
<input type="text" name="paymentDate" value="<?php echo $row['paymentDate']; ?>" placeholder="Payment Date" required>
</label>
<label>
<input type="number" name="amount" value="<?php echo $row['amount']; ?>" placeholder="Amount">
</label>
<input type="submit" name="submit" value="update">
</form>
<?php
include('connection.php');
if (isset($_POST['submit'])) {
$customerNumber = $_POST['customerNumber'];
$checkNumber = $_POST['checkNumber'];
$paymentDate = $_POST['paymentDate'];
$amount = $_POST['amount'];
$q = "UPDATE payments SET customerNumber='$customerNumber', checkNumber='$checkNumber', paymentDate='$paymentDate', amount='$amount' WHERE customerNumber='$customerNumber' ";
$rq = mysqli_query($conn, $q);
if($rq){
header('Location: index.php');
}else{
echo "Something went wrong";
}
}
?>
I made a page for user info containing a button for updating their info. When I change the fields and push the button, the info changed in the database and the web page shows everything is ok and changed, but when I refresh the page (after pushing the button), there the fields aren't changed and contain still the same info (but changed in data base). So how can I solve this?
Here is html codes:
<div class="custom-container">
<div class="row">
<div class="col-10">
<div class="user_content custom-container">
<div class="row">
<div class="col-11 fields">
<form method="post" action="user_updates.php">
<fieldset id="right">
<label>نام کاربری</label>
<br>
<input type="text" name="username" value="<?php echo $_SESSION["member_username"] ?>" disabled style="direction: ltr;">
<br><br>
<label>رمز عبور</label>
<br>
<input type="text" name="password" value="<?php echo $_SESSION["member_password"] ?>" style="direction: ltr;">
<br><br>
<label>نام</label>
<br>
<input type="text" name="first-name" value="<?php echo $_SESSION["member_name"] ?>">
<br><br>
<label>نام خانوادگی</label>
<br>
<input type="text" name="last-name" value="<?php echo $_SESSION["member_last_name"] ?>">
</fieldset>
<fieldset id="left">
<label>نام پدر</label>
<br>
<input type="text" name="father-name" value="<?php echo $_SESSION["member_father_name"] ?>">
<br><br>
<label>کد ملی</label>
<br>
<input type="text" name="melli-code" value="<?php echo $_SESSION["member_melli_code"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>شماره موبایل</label>
<br>
<input type="text" name="mobile-number" value="<?php echo $_SESSION["member_mobile_number"] ?>" style="direction: ltr; font-family: Iran_Sans_M;">
<br><br>
<label>ایمیل</label>
<br>
<input type="email" name="email" value="<?php echo $_SESSION["member_email"] ?>" style="direction: ltr;">
</fieldset>
<input type="hidden" name="user-id" value="<?php echo $_SESSION["member_id"] ?>">
<input type="submit" name="change" value="ثبت تغییرات">
</form>
<?php
if (isset($_GET["empty"]))
{
echo '<div class="php_texts"> <p>لطفاً تمامی قسمت ها رو پر نمایید.</p> </div>';
}
if (isset($_GET["changes"]))
{
echo '<div class="php_texts"> <p>اطلاعات با موفقیت ویرایش شد.</p> </div>';
}
if (isset($_GET["error"]))
{
echo '<div class="php_texts"> <p>عدم ارتباط با سرور.</p> </div>';
}
?>
</div>
</div>
</div> <!-- User Content-->
</div> <!-- User Content-->
and here is php codes:
<!-- General Codes-->
include("connect_to_sql.php");
session_start();
if(isset($_POST["change"]))
{
$password = $_POST["password"];
$first_name = $_POST["first-name"];
$last_name = $_POST["last-name"];
$father_name = $_POST["father-name"];
$melli_code = $_POST["melli-code"];
$mobile_number = $_POST["mobile-number"];
$email = $_POST["email"];
$id = $_POST["user-id"];
if (empty($username) && empty($password) && empty($first_name) && empty($last_name) && empty($father_name) && empty($melli_code) && empty($mobile_number) && empty($email))
{
header("location:user_changes.php?empty=fill+all+fields");
exit;
}
if (isset($_SESSION["member_username"]))
{
$member_update= "UPDATE `member_info` SET `password` = '".$password."', `first_name` = '".$first_name."', `last_name` = '".$last_name."', `father_name` = '".$father_name."', `melli_code` = '".$melli_code."', `mobile_number` = '".$mobile_number."', `email` = '".$email."' WHERE `member_info`.`id` = '".$id."';";
$member_query = mysqli_query($connect_to_mysql,$member_update);
#$member_fetch = mysqli_fetch_assoc($member_query);
if($member_query)
{
header("location:user_changes.php?changes=ok");
exit;
}
else
{
header("location:user_changes.php?error=data+base");
exit;
}
}
}
The main problem is that you read the information for the user from the session, but never write the updated data into the session.
So either rewrite the values to the session in the if($member_query) block or fetch and map the actual values from the database on each page load to the session.
Another huge issue of your code is that it's vulnerable for SQL Injection attacks.
i have this code for the user-edit.php
what i need with this code is to fetch user data from database and show it to the textbox and also the user able to edit the textbox value and updating the database
<?php
include("config/session.php");
include("config/connection.php");
$user_id = $_SESSION['LOGGED_USER_ID'];
?>
<?php
$sql_query = "SELECT * FROM table_users WHERE `SNo` = '$user_id'";
$query = mysql_query($sql_query);
//$i = 1;
$fetch = mysql_fetch_assoc($query);
//$user_id = $_GET['id'];
?>
<form name="form1" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" >
<fieldset>
<p>
<label for="simple-input" >User Name</label>
<input type="text" id="UserName" class="round default-width-input" autofocus name="UserName" value="<?php echo $fetch['UserName'];?>" readonly="readonly" />
</p>
<p>
<label for="simple-input" >Password</label>
<input type="text" id="pass_word" class="round default-width-input" autofocus name="pass_word" value="<?php echo $fetch['pass_word'];?>" />
</p>
<p>
<label for="simple-input" >Email ID</label>
<input type="text" id="Email" class="round default-width-input" autofocus name="Email" value="<?php echo $fetch['Email'];?>" />
</p>
<p>
<label for="simple-input" >Website</label>
<input type="text" id="website" class="round default-width-input" autofocus name="website" value="<?php echo $fetch['website'];?>" />
</p>
</fieldset>
<input type="submit" class="btn btn-primary btn-large" name="form_submit" value="Update Data"/>
</form>
<?php
if(isset($_POST['form_submit']))
{
"UPDATE `table_users` SET `pass_word` = '".$_POST['pass_word']."',`Email` = '".$_POST['Email']."',`website` = '".$_POST['website']."', WHERE `SNo` = '$user_id'";
// sql query for update data into database
if(mysql_query($sql_query))
{
echo '<script type="text/javascript">';
echo 'alert("Data Are Updated Successfully");';
echo '</script>';
}
else
{
echo '<script type="text/javascript">';
echo 'alert("error occured while updating data");';
echo '</script>';
}
}
?>
</div>
</div>
</div>
been working with this for hours and still the data are not updated to the mysql database, been trying several way but still the textbox value cant update the database, please help
remove , before where in query
$sql_query="UPDATE `table_users` SET `pass_word` = '".$_POST['pass_word']."',`Email` = '".$_POST['Email']."',`website` = '".$_POST['website']."' WHERE `SNo` = '$user_id'";
store query in $sql_query because you not store update string into variable
without store in $sql_query you run sql query
if(mysql_query($sql_query)) so store update query in $sql_query
<?php
//include 'includes/connectie.php';
if (isset($_GET['id'])){
$product_id=$_GET['id'];
} else {
$product_id=$_POST['id'];
}
$user = 'userID';
$pass = 'mypassword';
$dbh = new PDO( 'mysql:host=localhost;dbname=webshop', $user, $pass );
$sql = "SELECT * FROM `producten` WHERE product_id='$product_id'";
$sql_result = $dbh->query($sql);
foreach($sql_result as $row)
{
$prijs=$row['prijs'];
$product_naam=$row['product_naam'];
$product_categorie=$row['product_categorie'];
$product_specificaties=$row['product_specificaties'];
$foto=$row['foto'];
$product_id=$row['product_id'];
$product_soort=$row['product_soort'];
echo "Product id nummer:", $product_id;
}
//$_SESSION['prijs'] = $prijs;
if ($_SERVER["REQUEST_METHOD"] == "POST"){
//if (!empty($product_naam) && !empty($product_specifcaties) && !empty($product_categorie) && !empty($prijs)
//&& !empty($product_soort))
If (isset($_POST['submit']))
{
$sql = "UPDATE producten
SET prijs='$prijs', product_naam='$product_naam', product_specificaties='$product_specificaties',
product_categorie='$product_categorie', product_soort='$product_soort',
WHERE product_id='$product_id'";
$query = $dbh->prepare( $sql );
$result = $query->execute();
if ($result){
echo "Product aangepast!!!!! in id:";
echo $product_id;
} else {
echo "Product NIET aangepast!!!!";
}
}
}
?>
<form name="admin" action="producten_echt_aanpassen.php" method="POST" enctype="multipart/form-data">
<p>
<label for 'product_id'>Product ID: </label><br>
<input type="text" name="id" value="<?php print $product_id; ?>"/>
</p>
<p>
<label for 'product_naam'>Naam: </label><br>
<input type="text" name="product_naam" value="<?php print $product_naam; ?>"/>
</p>
<p> <label for 'product_specificaties'>Specificaties: </label><br>
<textarea rows= "4" cols="50" name="product_specificaties"><?php print $product_specificaties; ?>
</textarea>
</p>
<p>
<label for 'prijs'>Prijs: </label><br>
<input type="text" name="prijs" value="<?php print $prijs; ?>"/>
</p>
<p>
<label for 'product_categorie'>Iphone: </label><br>
<input type="text" name="product_categorie" value="<?php print $product_categorie; ?>"/>
</p>
<p>
<label for 'product_soort'>Soort: </label><br>
<input type="text" name="product_soort" value="<?php print $product_soort; ?>"/>
</p>
<br/>
<label for 'uploadfile'>Kies foto <img src="<?php print $foto; ?>"></label><br>
<input type="file" name="file" ><br><br>
<input type="submit" name="submit" value="Submit">
</form>
I have a form in which I load properties of products like the product name, price, photo etc. The properties are then possible to change and then updated in the database. But the sql update statement does not execute. Can anybody help me out?
there is a , before the where on the update that should not be there. Try to activate error reporting like this: How to get useful error messages in PHP? so that you know wwhy things are failing
I have a working registration and login system. I am trying to create a form where a user can add product registration info (via mysql update). I can't seem to get the db to actually update the fields. What am I missing here?!?
<?php
define('INCLUDE_CHECK',true);
require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined
session_name('tzLogin');
// Starting the session
session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks
session_start();
if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])
{
// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:
$_SESSION = array();
session_destroy();
// Destroy the session
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Login')
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
// Escaping all input data
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM electrix_users WHERE usr='{$_POST['username']}' AND pass='".md5($_POST['password'])."'"));
if($row['usr'])
{
// If everything is OK login
$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['email'] = $row['email'];
$_SESSION['first'] = $row['first'];
$_SESSION['last'] = $row['last'];
$_SESSION['address1'] = $row['address1'];
$_SESSION['address2'] = $row['address2'];
$_SESSION['city'] = $row['city'];
$_SESSION['state'] = $row['state'];
$_SESSION['zip'] = $row['zip'];
$_SESSION['country'] = $row['country'];
$_SESSION['product1'] = $row['product1'];
$_SESSION['serial1'] = $row['serial1'];
$_SESSION['product2'] = $row['product2'];
$_SESSION['serial2'] = $row['serial2'];
$_SESSION['product3'] = $row['product3'];
$_SESSION['serial3'] = $row['serial3'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
// Store some data in the session
setcookie('tzRemember',$_POST['rememberMe']);
}
else $err[]='Wrong username and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: index_login3.php");
exit;
}
else if($_POST['submit']=='Register')
{
// If the Register form has been submitted
$err = array();
if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)
{
$err[]='Your username must be between 3 and 32 characters!';
}
if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))
{
$err[]='Your username contains invalid characters!';
}
if(!checkEmail($_POST['email']))
{
$err[]='Your email is not valid!';
}
if(!count($err))
{
// If there are no errors
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['first'] = mysql_real_escape_string($_POST['first']);
$_POST['last'] = mysql_real_escape_string($_POST['last']);
$_POST['address1'] = mysql_real_escape_string($_POST['address1']);
$_POST['address2'] = mysql_real_escape_string($_POST['address2']);
$_POST['city'] = mysql_real_escape_string($_POST['city']);
$_POST['state'] = mysql_real_escape_string($_POST['state']);
$_POST['zip'] = mysql_real_escape_string($_POST['zip']);
$_POST['country'] = mysql_real_escape_string($_POST['country']);
// Escape the input data
mysql_query(" INSERT INTO electrix_users(usr,pass,email,first,last,address1,address2,city,state,zip,country,regIP,dt)
VALUES(
'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_POST['first']."',
'".$_POST['last']."',
'".$_POST['address1']."',
'".$_POST['address2']."',
'".$_POST['city']."',
'".$_POST['state']."',
'".$_POST['zip']."',
'".$_POST['country']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()
)");
if(mysql_affected_rows($link)==1)
{
send_mail( 'noreply#electrixpro.com',
$_POST['email'],
'Your New Electrix User Password',
'Thank you for registering at www.electrixpro.com. Your password is: '.$pass);
$_SESSION['msg']['reg-success']='We sent you an email with your new password!';
}
else $err[]='This username is already taken!';
}
if(count($err))
{
$_SESSION['msg']['reg-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_POST['submit']=='Update')
{
{
mysql_query(" UPDATE electrix_users(product1,serial1,product2,serial2,product3,serial3) WHERE usr='{$_POST['username']}'
VALUES(
'".$_POST['product1']."',
'".$_POST['serial1']."',
'".$_POST['product2']."',
'".$_POST['serial2']."',
'".$_POST['product3']."',
'".$_POST['serial3']."',
)");
if(mysql_affected_rows($link)==1)
{
$_SESSION['msg']['upd-success']='Thank you for registering your Electrix product';
}
else $err[]='So Sad!';
}
if(count($err))
{
$_SESSION['msg']['upd-err'] = implode('<br />',$err);
}
header("Location: index_login3.php");
exit;
}
if($_SESSION['msg'])
{
// The script below shows the sliding panel on page load
$script = '
<script type="text/javascript">
$(function(){
$("div#panel").show();
$("#toggle a").toggle();
});
</script>';
}
?>
Here are the forms:
<!-- Panel -->
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<div class="left">
<h1>My Electrix Account </h1>
<p class="grey">View and edit your contact information and product registrations</p>
</div>
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<!-- Login Form -->
<form class="clearfix" action="" method="post">
<h1>Member Login</h1>
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<label class="grey" for="username">Username:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="password">Password:</label>
<input class="field" type="password" name="password" id="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<div class="clear"></div>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<div class="left right">
<!-- Register Form -->
<form action="" method="post">
<h1>Not a member yet? Sign Up!</h1>
<?php
if($_SESSION['msg']['reg-err'])
{
echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>';
unset($_SESSION['msg']['reg-err']);
}
if($_SESSION['msg']['reg-success'])
{
echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>';
unset($_SESSION['msg']['reg-success']);
}
?>
<label class="grey" for="username">Username*:</label>
<input class="field" type="text" name="username" id="username" value="" size="23" />
<label class="grey" for="email">Email*:</label>
<input class="field" type="text" name="email" id="email" size="23" />
<label class="grey" for="first">First Name:</label>
<input class="field" type="text" name="first" id="first" size="23" />
<label class="grey" for="last">Last Name:</label>
<input class="field" type="text" name="last" id="last" size="23" />
<label class="grey" for="address1">Address line 1:</label>
<input class="field" type="text" name="address1" id="address1" size="23" />
<label class="grey" for="address2">Address line 2:</label>
<input class="field" type="text" name="address2" id="address2" size="23" />
<label class="grey" for="city">City:</label>
<input class="field" type="text" name="city" id="city" size="23" />
<label class="grey" for="state">State/Province:</label>
<input class="field" type="text" name="state" id="state" size="23" />
<label class="grey" for="zip">Zip/Postal Code:</label>
<input class="field" type="text" name="zip" id="zip" size="23" />
<label class="grey" for="country">Country:</label>
<input class="field" type="text" name="country" id="country" size="23" />
<p>
<label>A password will be e-mailed to you.</label>
<input type="submit" name="submit" value="Register" class="bt_register" />
</p>
</form>
</div>
<?php
else:
?>
<div class="left">
<h1>User Information</h1>
<p>
<?php echo $_SESSION['first']; ?>
<?php echo $_SESSION['last']; ?><br />
<?php echo $_SESSION['address1']; ?>
<?php echo $_SESSION['address2']; ?><br />
<?php echo $_SESSION['city']; ?>,
<?php echo $_SESSION['state']; ?>
<?php echo $_SESSION['zip']; ?><br />
<?php echo $_SESSION['country']; ?>
</p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Downloads</p>
Log off
</div>
<div class="left right">
<!-- Product Registration Form -->
<form class="clearfix" action="" method="post">
<h1>Product Registration</h1>
<?php
if($_SESSION['msg']['upd-err'])
{
echo '<div class="err">'.$_SESSION['msg']['upd-err'].'</div>';
unset($_SESSION['msg']['upd-err']);
}
if($_SESSION['msg']['upd-success'])
{
echo '<div class="success">'.$_SESSION['msg']['upd-success'].'</div>';
unset($_SESSION['msg']['upd-success']);
}
?>
<label class="grey" for="product1">Product 1:</label>
<input class="field" type="text" name="product1" id="product1" value="<?php echo $_SESSION['product1']; ?>" size="23" />
<label class="grey" for="serial1">Serial 1:</label>
<input class="field" type="text" name="serial1" id="serial1" value="<?php echo $_SESSION['serial1']; ?>" size="23" />
<label class="grey" for="product2">Product 2:</label>
<input class="field" type="text" name="product2" id="product2" value="<?php echo $_SESSION['product2']; ?>" size="23" />
<label class="grey" for="serial2">Serial 2:</label>
<input class="field" type="text" name="serial2" id="serial2" value="<?php echo $_SESSION['serial2']; ?>" size="23" />
<label class="grey" for="product3">Product 3:</label>
<input class="field" type="text" name="product3" id="product3" value="<?php echo $_SESSION['product3']; ?>" size="23" />
<label class="grey" for="serial3">Serial 3:</label>
<input class="field" type="text" name="serial3" id="serial3" value="<?php echo $_SESSION['serial3']; ?>" size="23" />
<div class="clear"></div>
<input type="submit" name="submit" value="Update" class="bt_login" />
</form>
</div>
<?php
endif;
?>
</div>
</div> <!-- /login -->
<!-- The tab on top -->
<div class="tab">
<ul class="login">
<li class="left"> </li>
<li>Hello <?php echo $_SESSION['usr'] ? $_SESSION['usr'] : 'Guest';?>!</li>
<li class="sep">|</li>
<li id="toggle">
<a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a>
<a id="close" style="display: none;" class="close" href="#">Close Panel</a>
</li>
<li class="right"> </li>
</ul>
</div> <!-- / top -->
</div> <!--panel -->
Your update query is way off. You need to do it in the form of
UPDATE `tablename`
SET col1=`value`,col2=`val2`
WHERE wherecol=`whereval`
change your query and see if that helps.
your query should be
UPDATE electrix_users
SET
product1= $_POST['product1'],
serial1 = $_POST['serial1'],
product2 = $_POST['product2'],
serial2 = $_POST['serial2'],
product3 = $_POST['product3'],
serial3 = $_POST['serial3']
WHERE usr=$_POST['username']
However you should always clean for sql injection on any user entered data. I did not do this in the example as this is something you should do in your own way. This example is given to you as an example and does not prevent any kind of sql injection as it stands now.
ALWAYS DO WHAT YOU CAN TO PREVENT SQL INJECTION!