so I have this code for my form.
newuser.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="http://fonts.googleapis.com/css?family=Source+Sans+Pro:200,300,400,600,700,900" rel="stylesheet" />
<link href="css/styles.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/fonts.css" rel="stylesheet" type="text/css" media="all" />
<link href="css/newuser.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="page" class="container">
<div id="header">
<div id="logo">
<img src="img/minilogo.jpg" alt="" />
<h1>ADMIN</h1>
<span>PERMOHONAN DATA</span>
</div>
<div id="menu">
<ul>
<li class=""><a href="admin.php" >Home</a></li>
<li><a href="new.php" >USER</a></li>
<li><a href="#" >PENYEDIA</a></li>
<li><a href="#" >UPDATE</a></li>
<li><a href="logout.php" >LOG OUT</a></li>
</ul>
</div>
</div>
<div id="main">
<div id="banner">
<img src="img/pic01.jpg" alt="" class="image-full" />
<div id="welcome">Pendaftaran User Baru.
</div>
<div class="title">
<!--untuk form-->
<form class="form" action="submitnew.php" method="post" name="form" >
<ul><li>
</li>
</li>
<li>
<label for="name">Nama :</label>
<input type="text" name="name" required />
</li>
<li>
<label for="tel">No. Telefon:</label>
<input type="text" name="tel" required />
</li>
<li>
<label for="email">E-mail:</label>
<input type="email" name="email" placeholder="name#something.com" required />
<class="form_hint"> <script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l,b=document.getElementsByTagName("script");l=b[b.length-1].previousSibling;a=l.getAttribute('data-cfemail');if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
</li>
<li>
<label for="username">Username:</label>
<input type="text" name="username" required />
</li>
<li>
<label for="password">Password:</label>
<input type="password" name="password" required />
<!--<li>
<label for="admin">Admin</label>
<input id="radio1" name="admin" type="radio" class="radio-btn" value="admin" />
</li>-->
<li>
<button class="submit" type="submit">Create</button>
</li>
</ul>
</form>
</body>
</html>
the data will be pass through this,
submitnew.php
<?php
//debug mode
error_reporting(E_ALL);
ini_set('display_errors', '1');
//to show some error is smthng went wrong
$errors = array();
//connect to DB
$connection = mysql_connect('localhost','root','');
$db = mysql_select_db('permohonan_data',$connection);
//will run if user did submit the form
if (!empty($_POST)){
//connect sql server:
$name = $_POST['name'];
$tel = $_POST['tel'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
//no error til here
if (empty($error)){
//prevent SQL injection
$name = mysql_real_escape_string($name);
$tel = mysql_real_escape_string($tel);
$email = mysql_real_escape_string($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
}
//try insert value
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)";
//try
if (!mysql_query($query)){
//
//die(mysql_error());
$errors[] = "Can't insert the values";
}
else {
//on success
header("Location:new.php");
exit();
}
}
?>
the problem is, it won't connect to the database neither redirect to the new.php. it will only display blank page. did I code wrong?
you have error in query(missed the ending quotes in password ):
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)";
should be:
$query = "INSERT INTO admin
(name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password')";
and replace this:
if (empty($error)){
by
if (empty(mysql_error())){
for checking mysql error.
and instead of:
//connect to DB
$connection = mysql_connect('localhost','root','');
$db = mysql_select_db('permohonan_data',$connection);
try this:
//connect to DB
$connection = mysql_connect('localhost','root','') or die(mysql_error());
$db = mysql_select_db('permohonan_data',$connection) or die(mysql_error());
Problem is, you are using:
$errors = array();
and $error never gets a value in your code so no query executed :-)
Use this and let me know:
<?php
//debug mode
error_reporting(E_ALL);
ini_set('display_errors', '1');
//connect to DB
$connection = mysql_connect('localhost','root','');
mysql_select_db('permohonan_data',$connection);
//will run if user did submit the form
if (!empty($_POST)){
//connect sql server:
$name = $_POST['name'];
$tel = $_POST['tel'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
//prevent SQL injection
$name = mysql_real_escape_string($name);
$tel = mysql_real_escape_string($tel);
$email = mysql_real_escape_string($email);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$result = mysql_query("INSERT INTO admin (name,tel,email,username,password)
VALUES ('$name', '$tel', '$email', '$username', '$password)");
if (!empty($result)) {
// check for empty result
if (mysql_affected_rows() > 0) {
$response = $result;
$response["success"] = 0;
$response["message"] = "One row effected";
// echoing JSON response
echo json_encode($response);
} else {
// No profile found
$response["success"] = 1;
$response["message"] = "No row effected";
// echo no users JSON
echo json_encode($response);
}
} else {
// No profile found
$response["success"] = 2;
$response["message"] = "No row effected";
// echo no users JSON
echo json_encode($response);
}
} else {
// required field is missing
$response["success"] = -1;
$response["message"] = "Required field(s) is missing";
// echoing JSON response
echo json_encode($response);
}
?>
Related
I have 2 html forms. first page is registration page and next is login page. I managed to send the input from registration page to mysql using a php file named connect.php. the 'proceed' button in registration page will navigate to the php file but now i want the 'proceed' button in registration page link to login page and not the connect.php file nd update mysql. i tried putting the connect.php's codes into the registration page's html code but it didnt seem to work. Where should i put the php code in my html code and am i suppose to use bootstrap?
this is my connect.php code:
<?php
$name = $_POST['name'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "ktm_member";
//Create connection
$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);
if (!empty($username))
{
if (!empty($password))
{
if (mysqli_connect_error())
{
die ('Connect error('.mysqli_connect_errno().')'.mysqli_connect_error());
}
else
{
$sql = "INSERT INTO `member list`(`name`, `age`, `gender`, `email`, `username`, `password`) VALUES ('$_POST[name]', '$_POST[age]', '$_POST[gender]', '$_POST[email]', '$_POST[username]', '$_POST[password]')";
if ($conn->query($sql))
{
echo "New record added successfully.";
}
else
{
echo "Error".$sql."<br>".$conn->error;
}
$conn->close();
}
}
else
{
echo "Password should not be empty";
}
}
else
{
echo "Username should not be empty";
die();
}
?>
and this is my registration page html code:
<!doctype html>
<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Register Page</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="./W3.CSS Template_files/w3.css">
<link rel="stylesheet" href="./W3.CSS Template_files/css">
<link rel="stylesheet" href="style.css">
<style>
body,h1 {font-family: "Raleway", sans-serif}
body, html {height: 100%}
.bgimg {
background-image: url('forestbridge.jpg');
min-height: 100%;
background-position: center;
background-size: cover;
}
</style>
</head>
<body><div class="bgimg w3-display-container w3-animate-opacity w3-text-white"><div class="w3-display-middle">
<center><h2>Register</h2></center>
<form name="form1" method="post" action="welcomeloginpage.php" autocomplete = "off">
<p class="w3-large w3-center">
<label for="name">Name: </label>
<input type="text" name="name" id="name" placeholder="Your full name" autofocus required>
</p>
<p class="w3-large w3-center">
<label for="age">Age: </label>
<input type="number" name="age" id="age">
</p>
<p class="w3-large w3-center">
<label for="gender">Gender: </label>
<input type="radio" name="gender" value="M"> Male
<input type="radio" name="gender" value="F"> Female<br> <id="gender">
</p>
<p class="w3-large w3-center">
<label for="email">Email: </label>
<input type="email" name="email" id="email" placeholder="xxx#xx.xx">
</p>
<p class="w3-large w3-center">
<label for="username">Username: </label>
<input type="text" name="username" id="username">
</p>
<p class="w3-large w3-center">
<label for="password">Password: </label>
<input type="password" name="password" id="password" maxlength="10" placeholder="password" data-toggle="password">
</p>
<p style="text-align: center;">
<input type="submit" name="submit" id="submit" value="Submit">
</p>
</form>
If you want your connect.php script to send the user to another page if the registration is successful then you use a header() command like this
<?php
$name = $_POST['name'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = $_POST['password'];
$host = "localhost";
$dbusername = "root";
$dbpassword = "";
$dbname = "ktm_member";
//Create connection
$conn = new mysqli($host, $dbusername, $dbpassword, $dbname);
if (!empty($username)) {
if (!empty($password)) {
if (mysqli_connect_error()) {
die ('Connect error('.mysqli_connect_errno().')'
.mysqli_connect_error());
} else {
// this query style is very dangerous see note below
$sql = "INSERT INTO `member list`
(`name`, `age`, `gender`,
`email`, `username`, `password`)
VALUES ('$_POST[name]', '$_POST[age]', '$_POST[gender]',
'$_POST[email]', '$_POST[username]', '$_POST[password]')";
if ($conn->query($sql)) {
// remove echo as you will never see it now
//echo "New record added successfully.";
header('Location: otherPage.php');
exit; // important as header does not stop code execution in this script
} else {
echo "Error".$sql."<br>".$conn->error;
}
$conn->close();
}
} else {
echo "Password should not be empty";
}
} else {
echo "Username should not be empty";
die();
}
?>
You do have at least 2 serious flaws in this code though that I must mention.
Your script is wide open to SQL Injection Attack
Even if you are escaping inputs, its not safe!
Use prepared parameterized statements in either the MYSQLI_ or PDO API's
Never store plain Text password in your database. The most likely place where these things get compromised is from within the company running this database. An unhashed password is a total givaway for a DB Admin who just got refused a pay rise!
PHP provides password_hash()
and password_verify() please use them.
And here are some good ideas about passwords
If you are using a PHP version prior to 5.5 there is a compatibility pack available here
I am facing simple error while making simple register to insert into mysql database with username and password.
Notice: Undefined variable: username in C:\xampp\htdocs\x\index.php on line 42
Notice: Undefined variable: password in C:\xampp\htdocs\x\index.php on line 42
Registerd Successfully
<!DOCTYPE html>
<html>
<head>
<title>THIS IS MY FIRST LOGIN PAGE</title>
<link rel="stylesheet" type="text/css" href="style.css"></link>
<link rel="stylesheet" type="text/css" href="">
</head>
<body>
<div class="container">
<img src="men.png" alt="missing">
<form method="post" >
<div class="font-input">
<input type="text" name="name" id="name" placeholder="Enter Name">
</div class="font-input">
<div>
<input type="password" name="pass" id="pass" placeholder="Enter Password">
</div>
<div>
<input type="button" name="login" value="Login">
</div>
</form>
</div>
</body>
</html>
<?php
$conn = mysqli_connect('localhost','root','','y');
if(!$conn)
{
die('Connection failed!'.mysqli_error($conn));
}
if (isset($_POST['name'], $_POST['pass']))
{
$username = $_POST['name'];
$password = $_POST['pass'];
}
$sql = "INSERT INTO hack(myusername,mypassword) VALUES('$username', '$password')";
if(mysqli_query($conn,$sql))
{
echo "Registerd Successfully";
}
else
{
echo mysqli_error($conn);
}
?>
Try this :
We check if username and password are sent with the form, if so, we insert them into our database if there's no error.
Code :
if((isset($_POST['name'])) && (isset($_POST['pass'])))
{
$username = $_POST['name'];
$password = $_POST['pass'];
$sql = "INSERT INTO hack(myusername, mypassword) VALUES('$username', '$password')";
if(mysqli_query($conn,$sql))
{
echo "Registerd Successfully";
}
else
{
echo mysqli_error($conn);
}
}
My register.php + my register function is working, although not getting an error and not spotting one myself. Weirdly enough, it does not create a new user and login isnt possible either. But for now I am just focusing on getting the register to work.
Here's the code of the register.php
<?php
include 'globals.php';
include 'functions/registerfunc.php';
$username = $_POST['username'];
$passwort = $_POST['passwort'];
$username = $_SESSION['username'];
$passwort = $_SESSION['passwort'];
if (isset($_POST['register'])) {
registerfunc();
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="stylesheet.css">
<title> Coiffure Creation Registrierung </title>
</head>
<body>
<a href="http://doriansandbox.toolmaster.ch">
<img src="https://doriansandbox.toolmaster.ch/images/creation-coiffure-logo-neu.png" align="middle">
</a>
<div id="top"></div>
<div id="dashboard">
<form method="POST">
<ul>
<li>
<label for="username">Username : </label>
<input type="text" id="username" maxlength="30" required autofocus name="username" />
</li>
<li>
<label for="passwort">Passwort : </label>
<input type="password" id="passwd" maxlength="30" required name="passwort" />
</li>
<li class="buttons">
<button type="submit" value="register">Registrieren</button>
<input type="button" name="submit" value="Abbrechen" onclick="location.href='index.php'" />
</li>
</ul>
</form>
</div>
</body
</html>
And here's the registerfunc function
<?php
function registerfunc(){
include 'globals.php';
$username = $_POST['username'];
$passwort = $_POST['passwort'];
$sql = "SELECT * FROM benutzer where username='".$username."'";
$result1 = mysqli_query($con, $sql);
if ((mysqli_num_rows($result1) <= 0)) {
$passwort = password_hash($passwort, PASSWORD_DEFAULT);
$query = "INSERT INTO benutzer(username, password)
VALUES('$username', '$passwort')";
if(mysqli_query($con, $query))
{
echo '<script>alert("Registrierung abgeschlossen")</script>';
header("Location: ../index.php");
}
} else {
echo "Fehler";
}
}
?>
Maybe beacause your form is missing the action attribute.
<form method="POST" action="/register.php">
Add name="register" to your button
<button type="submit" name="register">Registrieren</button>
Or change your condition for:
if (isset($_POST['username'])) {
registerfunc();
}
Or this:
if (isset($_POST['username']) && isset($_POST['passwort'])) {
registerfunc();
}
I try to implement an sign in form based on webcam image, apparently, i don't errors in code, but information don't posted in database.
Here is my index with php code for insert information in database:
<?php
if (isset($_POST['desc'])) {
if (!isset($_POST['iscorrect']) || $_POST['iscorrect'] == "") {
echo "Sorry, important data to submit your question is missing. Please press back in your browser and try again and make sure you select a correct answer for the question.";
exit();
}
if (!isset($_POST['type']) || $_POST['type'] == "") {
echo "Sorry, there was an error parsing the form. Please press back in your browser and try again";
exit();
}
require_once("scripts/connect_db.php");
$name = $_POST['name'];
$email = $_POST['email'];
$name = mysqli_real_escape_string($connection, $name);
$name = strip_tags($name);
$email = mysqli_real_escape_string($connection, $email);
$email = strip_tags($email);
if (isset($_FILES['image'])) {
$name = $_FILES['image']['tmp_name'];
$image = base64_encode(
file_get_contents(
$_FILES['image']['tmp_name']
)
);
}
$sql = mysqli_query($connection, "INSERT INTO users (name,email,image) VALUES ('$name', '$email','$image')")or die(mysqli_error($connection));
header('location: index.php?msg=' . $msg . '');
$msg = 'merge';
}
?>
<?php
$msg = "";
if (isset($_GET['msg'])) {
$msg = $_GET['msg'];
}
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Licenta Ionut</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script type="application/x-javascript"> addEventListener("load", function() { setTimeout(hideURLbar, 0); }, false); function hideURLbar(){ window.scrollTo(0,1); } </script>
<!-- font files -->
<link href='//fonts.googleapis.com/css?family=Muli:400,300' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Nunito:400,300,700' rel='stylesheet' type='text/css'>
<!-- /font files -->
<!-- css files -->
<link href="css/style.css" rel='stylesheet' type='text/css' media="all" />
<link href="web.js" rel='stylesheet' type='text/css' media="all" />
<script type="text/javascript" src="web.js"></script>
<!-- /css files -->
</head>
<body>
<p style="color:#06F;"><?php echo $msg; ?></p>
<h1>LogIn with Webcam Password</h1>
<div class="log">
<div class="content1">
<h2>Sign In Form</h2>
<form>
<input type="text" name="userid" value="USERNAME" onfocus="this.value = '';" onblur="if (this.value == '') {
this.value = 'USERNAME';
}">
<input type="password" name="psw" value="PASSWORD" onfocus="this.value = '';" onblur="if (this.value == '') {
this.value = 'PASSWORD';}">
<div class="button-row">
<input type="submit" class="sign-in" value="Sign In">
<input type="reset" class="reset" value="Reset">
<div class="clear"></div>
</div>
</form>
</div>
<div class="content2">
<h2>Register</h2>
<form action="index.php", name="index.php" method="post" enctype="multipart/form-data">
<input type="text" id="name" name="name" value="Nume">
<input type="text" id="email" name="email" value="EmailAdress">
<br>
<script type="text/javascript" src="webcam.js"></script>
<script language="JavaScript">
document.write(webcam.get_html(320, 240));
</script>
<div class="button-row">
<input class="sign-in" type=button value="Configure" onClick="webcam.configure()" class="shiva">
<input class="reset" type="submit" value="Register" id="image" onClick="take_snapshot()" class="shiva">
</div>
</form>
</div>
<div class="clear"></div>
</div>
</body>
</html>
And here is the script for connection to database:
<?php
$db_host = "localhost";
// Place the username for the MySQL database here
$db_username = "Ionut";
// Place the password for the MySQL database here
$db_pass = "1993";
// Place the name for the MySQL database here
$db_name = "users";
// Run the connection here
$connection=mysqli_connect("$db_host","$db_username","$db_pass") or die (mysqli_connect_error());
mysqli_select_db($connection,"$db_name") or die ("no database");
?>
I don't find error in code and i need your advice/help!
Thank you for interest about my problem!
To solve a problem like this, break the problem into parts.
(1) First, what is the PHP file receiving? At the top of the PHP file, insert:
<?php
echo '<pre>';
print_r($_POST);
echo '</pre>';
die('-----------------------------------');
(2) If that doesn't reveal the problem, next step is to duplicate the PHP file and in the second copy, HARD CODE the information you will be submitting at the top (replacing the PHP data that would normally be submitted):
<?php
$_POST['desc'] = 'TEST - Description';
$_POST['iscorrect'] = 'what it should be';
$_POST['type'] = 'TEST - Type';
etc
Then, run that modified file and see if the data is submitted.
(3) If that doesn't reveal the problem, keep working with the duplicate PHP file and add echo statements at various places to see where the file is breaking. For example:
$name = $_POST['name'];
$email = $_POST['email'];
$name = mysqli_real_escape_string($connection, $name);
echo 'HERE 01';
$name = strip_tags($name);
$email = mysqli_real_escape_string($connection, $email);
$email = strip_tags($email);
echo 'HERE 02';
if (isset($_FILES['image'])) {
$name = $_FILES['image']['tmp_name'];
$image = base64_encode(
file_get_contents(
$_FILES['image']['tmp_name']
)
);
}
echo 'HERE 03';
$sql = mysqli_query($connection, "INSERT INTO users (name,email,image) VALUES ('$name', '$email','$image')")or die(mysqli_error($connection));
echo 'HERE 04: $sql = ' .$sql;
I've got a big issue with my website. I've made a profile page which will allow users to amend their details, and then submit. Upon submitting the details should be updated in the database, however I just get a blank page and nothing happens. I've been up for 30+ hours trying to figure things out but no luck. It's likely to be screwed up, as now is my brain.
Any help would be GREATLY appreciated.
Profile amend page:
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index</title>
<link href="External style sheet layout.css" rel="stylesheet" type="text/css" />
<h1><?php echo date("D M d, Y G:i a"); ?>
<?php $welcome = 'Hi';
if (date("H") < 12) {
$welcome = 'Good Morning';
} else if (date('H') > 11 && date("H") < 18) {
$welcome = 'Good Afternoon';
} else if(date('H') > 17) {
$welcome = 'Good Evening';
}
echo $welcome;
?></h1>
<div class="Login">
<h3><ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
<li>Welcome <?php echo $_SESSION["authenticatedUser"] ?></li>
<li><span>Log Out</span></li>
<?php } else {?> <li><span>Log In</span></li> <?php } ?>
<li>Register</li>
<li>Basket</li>
</ul></h3>
</div>
</head>
<body>
<div id="container">
<div id="header">
<img src="Images/Schurter3.jpg" width="800" height="300" alt="Schurter" />
</div>
<div id="navigation">
<ul id="navbar">
<li>Home</li>
<li>Components
<ul>
<li>Circuit Protection
<li>Connectors</li>
<li>Switches</li>
<li>EMC Products</li>
<li>Other Products</li>
</ul>
</li>
<li>Electronic Manufacturing Services
<ul>
<li>Application Examples</li>
<li>Processes</li>
</ul>
</li>
<li>About</li>
<li>Contact</li>
</ul>
</div>
<?php
include 'db.inc';
//Check to see if a customer ID has been passed in the URL
$memberID = $_GET["memberID"];
// Has a custID been provided? If so, retrieve the customer
// details for editing.
if (!empty($memberID))
{
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
$query = "SELECT * FROM members WHERE id = " . $memberID;
//Get the recordset
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_assoc($recordSet);
//Check for errors
//if (!$recordSet)
// print $connection->ErrorMsg();
// else
// {
// Load all the form variables with customer data
$Firstname = $row['Firstname'];
$Surname = $row['Surname'];
$Emailaddress = $row['Emailaddress'];
$Username = $row['Username'];
$Password = $row['Password'];
// }//End else
}
?>
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
<input type="hidden" name="memberID" value="<?php echo $memberID;?>">
<label>First name*</label>
<input name="Firstname" placeholder="Enter first name here" value="<?php echo $Firstname;?>" required/>
<label>Surname*</label>
<input name="Surname" placeholder="Enter surname here" value="<?php echo $Surname;?>" required/>
<label>Email*</label>
<input name="Emailaddress" type="email" placeholder="Enter email here" value="<?php echo $Emailaddress;?>" required/>
<label>Username*</label>
<input name="Username" type="text" placeholder="Enter a desired username" value="<?php echo $Username;?>" required/>
<label>Password*</label>
<input name="Password" type="password" placeholder="Enter a desired password" value="<?php echo $Password;?>" required/>
<input id="submit" name="submit" type="submit" value="Update Details">
</form>
</body>
</html>
And this is the update action page:
<?php
require('db.inc');
$memberID = $_GET["id"];
echo $memberID;
// trim the POSTed values - gets rid of unecessary whitespace
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Emailaddress = $_POST['Emailaddress'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
//Here we use validation at the server
// Vaildate the firstname
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Customer Details Error</title></head>
<body bgcolor="white">
<h1>Customer Details Error</h1>
<?=$errorString?>
<br>Return to the customer form
</body>
</html>
<?php
// If we made it here, then the data is valid
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!");
// select database
mysql_select_db($databasename) or die ("Unable to select database!");
// this is an update
if (!empty($memberID))
{
$query = "UPDATE members SET ".
"Firstname = '$Firstname', Surname = '$Surname', " .
"Emailaddress = '$Emailaddress', Username = '$Username', Password = '$Password', " .
" WHERE id = $memberID";
$recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
echo "Your updates are complete!";
}
?>
<?php
session_start();
if (!isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
Fix this one to:
<?php
session_start();
if (isset($_SESSION['Username'])) {
echo 'Welcome, '.$_SESSION['Username'];
} else {
echo 'Sorry, You are not logged in.';
}
?>
The first one is wrong, it checks for a username if there is no username then it displays the username else it doesnt.
On-topic:
<form name="RegisterForm" action="ProfileUpdate.php" method="post" >
Change the above line to:
<form name="RegisterForm" action="ProfileUpdate.php?id=<?php echo $memberID ?>" method="post" >
As your profileUpdate.php is requesting a member ID, this is necessary and after this, the code should work!