php to mysql update post not working - php

For some reason this will not update the db, the values for the db login are correct use the same inc file for all the pages. No errors, just no updates in the db. Can't seem to figure it out for the life of me.
<?
include("../../inc/config.inc.php");
session_start();
$loggeduser = $_SESSION['myusername'];
if(!session_is_registered(myusername)){
header("location:login/login.php");
}
?>
<?
$userpost = $_POST["username"];
if(is_null($userpost)) {
mysql_connect("$host", "$user", "$pwd") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
$server_query_sql = ("SELECT * FROM $admin_tbl WHERE username = '$loggeduser'");
$getdata = mysql_query($server_query_sql) or die("Couldn't execute the query");
$row = mysql_fetch_array( $getdata );
$adminuser = $row['username'];
$adminpass = $row['password'];
$adminemail = $row['email'];
mysql_close();
}
else {
$postemail = $_POST["email"];
$postpass = $_POST["password"];
$encrypted_password = md5($postpass);
mysql_connect("$host", "$user", "$pwd") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());
$server_query_sql = ("SELECT * FROM $admin_tbl WHERE username = '$loggeduser'");
$getdata = mysql_query($server_query_sql) or die("Couldn't execute the query");
$row = mysql_fetch_array( $getdata );
$adminuser = $row['username'];
$adminpass = $row['password'];
$adminemail = $row['email'];
if ($encrypted_password = $adminpass){
$query = "UPDATE $admin_tbl SET email='$postemail' WHERE username='$loggeduser'";
mysql_query($query);
}
else {
$query = "UPDATE $admin_tbl SET email='$postemail', password='$encrypted_password' WHERE username='$loggeduser'";
mysql_query($query);
mysql_close();
}
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../inc/login.css" />
<style>
#import url(http://fonts.googleapis.com/css?family=Ubuntu:400,700);
body {
-webkit-background-size: cover;
-moz-background-size: cover;
background-size: cover;
}
.container > header h1,
.container > header h2 {
color: #fff;
text-shadow: 0 1px 1px rgba(0,0,0,0.7);
}
</style>
</head>
<body><br><br>
<div align="center">Hi <strong><? echo $loggeduser; ?></strong>!</div>
<div class="container">
<section class="main">
<form class="form-3" method="post" action='<? $_SERVER['PHP_SELF']; ?>'>
<p class="clearfix">
<label for="login">Email</label>
<input type="text" name="email" id="email" placeholder="Username" value='<? echo $adminemail; ?>'>
</p>
<p class="clearfix">
<label for="password">Password</label>
<input type="password" name="password" id="password" placeholder="Password" value='<? echo $adminpass; ?>'>
</p>
<p class="clearfix">
<input type="submit" name="submit" value="Edit">
</p>
</form>​
</section>
</div>
</body>
</html>


instead of this
if ($encrypted_password = $adminpass){
use
if ($encrypted_password == $adminpass){
you can fix this to see if they really equal the passwords by using
echo $encrypted_password . ' ----- ' .$adminpass ; // and see if they are same.


First problem I see is $encrypted_password = $adminpass. Use == for comparison.

Related

Get value of html text field using sql query with php

LOGINPAGE.html:
This is where the user will input their username and password. PHP method is POST.
<html>
<head>
<title>
LOG IN
</title>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<form action = "loginDatabase.php" method = "POST">
<label>User name:</label>
<input type="text" id="userNameID" name="userNameName" required>
<br />
<label>Password:</label>
<input type="password" id="passwordID" name="passwordName" required>
<br />
<input type="submit" id="submitLoginID" name="submitLoginName">
</form>
</body>
</html>
LOGINDATABASE.php:
This is the processing part where the mysql query will reference the record to be displayed on ADMINPAGE.php based on the username given on LOGINPAGE.php. I cannot figure out want went wrong in line 7 since I always get an error Notice: Undefined index: userNameName in /opt/lampp/htdocs/UsersDatabaseProgram/loginDatabase.php on line 7
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
session_start();
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '" . $_GET['userNameName'] . "'");
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
/*
This doesnt work
$email = $row['email'];
$userlevel = $row['userLevel'];
*/
$sql = "SELECT * FROM addUsers WHERE userName = '".$userName."' AND password = '".$password."'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if ($row["userLevel"] == "user") {
$_SESSION["userName"] = $userName;
header('location: userPage.php');
} elseif ($row["userLevel"] == "admin") {
$_SESSION["userName"] = $userName;
header('location: adminPage.php');
} else {
echo "<h1> Login failed. Invalid username or password.</h1>";
}
}
?>
ADMINPAGE.php:
This is where the name of the user, user level, and user status will be displayed.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
include('loginDatabase.php');
?>
<html>
<head>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<h2>Admin</h2>
Log-out <br />
View records <br />
Add Record <br />
<label>Welcome</label><br />
<?php echo $_SESSION["userName"] ?>
<br />
<label>User level: </label>
<?php
while ($row = mysqli_fetch_array($result)) {
?>
<input type = "text" name = "userLevelName" value = " <?php echo $row['userLevel']; ?>"> <br />
<label>Email: </label>
<input type = "text" name = "userEmailName" value = " <?php echo $row['email']; ?>">
<?php
}
?>
<br />
</body>
</html>

You're sending the data as a POST then trying to access it as GET (then retrieving it again on line 11 !!).
Change it to something like this:-
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
}
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '$userName'");

Login page is not working proprly and how to set session

<?php
session_Start();
if (isset($_POST['LOGIN']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mysite";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error)
{
die("Connection failed: ".$conn->connect_error);
}
else
{
$result1 = "SELECT userid, password FROM user WHERE username = '$username' And password = '$password'";
$queryResult = $conn->query($result1);
}
if ($queryResult > 0)
{
$_SESSION['username'] = $username;
header("location: home.php");
}
else
{
echo 'The username or password are incorrect!';
}
}
?>
<style>
.header{
width:100%;
background-color:#00adff;
float:left;
color:white;
padding: 1%;
}
.rightChuck{
float:right;
width:18%;
}
.menu{
float:left;
padding:5%;
}
#title
{
float:left;
margin-left:10px;
}
body{
margin:0px !important;
}
h1{
margin: 0px !important;
}
#main
{
text-align:left;
}
#content{
margin: auto;
position: absolute;
top: 100;
bottom: 100;
left: 100;
right: 100;
background: white;
border: 5px solid green;
width: 400px;
height: 200px;
}
</style>
<html>
<head>
<title>Mysite.com</title>
</head>
<body>
<div class="header">
<div id="title">
<h1>Mysite.com</h1>
</div>
<div class="rightChuck">
<div class="menu">
LOGIN
</div>
<div class="menu">
REGISTER
</div>
</div>
</div>
<div style="float:left;width:100%;padding:left:10px;">
<h2>LOGIN</h2>
</div>
<div id="content">
<center>
<form name="form" method="post">
<table cellpadding="5" cellspacing="10">
<tr><th ><h3>USERNAME</h3></th><td><input type="text" placeholder="Username" name="username" size="20" id="textbox" required /></td></tr>
<tr><th><h3>PASSWORD</h3></th><td><input type="password" placeholder="Password" id="password"name="password" size="20" id="textbox" required /></td></tr>
</td>
</table>
<input type="submit" name="LOGIN" value="LOGIN" id="buttondesign" />
<br />
<br />
</form>
</div>
</body>
</html>
this login page not working properly,the right way is,when i click login button its go to check username and password from databse,if username and password is correctly,its username and user id stored in session ,its go to home page,else username and password its wrong,its come error message.but this code is contain some error like i click login button its go to home page,not check user name and password,then session is not stored.

<html>
<head>
<title>Mysite.com</title>
</head>
<body>
<div class="header">
<div id="title">
<h1>Mysite.com</h1>
</div>
<div class="rightChuck">
<div class="menu">
LOGIN
</div>
<div class="menu">
REGISTER
</div>
</div>
</div>
<div style="float:left;width:100%;padding:left:10px;">
<h2>LOGIN</h2>
</div>
<div id="content">
<center>
<form name="form" method="post" action="">
<table cellpadding="5" cellspacing="10">
<tr><th ><h3>USERNAME</h3></th><td><input type="text" placeholder="Username" name="username" size="20" id="textbox" required /></td></tr>
<tr><th><h3>PASSWORD</h3></th><td><input type="password" placeholder="Password" id="password" name="password" size="20" id="textbox" required /></td></tr>
</td>
</table>
<input type="submit" name="LOGIN" value="LOGIN" id="buttondesign" />
<br />
<br />
</form>
</div>
</body>
</html>
<?php
session_Start();
if (isset($_POST['LOGIN']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mysite";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (mysqli_connect_errno())
{
die("Connection failed: ".$conn->connect_error);
}
else
{
$username=$_POST['username'];
$password=$_POST['password'];
$sql="SELECT `username`, `password` FROM `user` WHERE `username`= $username AND `password`=$password";
if ($result=mysqli_query($conn,$sql))
{
// Return the number of rows in result set
$rowcount=mysqli_num_rows($result);
if ($rowcount > 0)
{
$_SESSION['username'] = $username;
header("location: home.php");
}
else
{
echo 'The username or password are incorrect!';
}
}
}
//echo $rowcount;
}
?>

put action in form
<form name="form" method="post">
to
<form name="form" method="post" action="login.php">

You need to have sessions_start on home page too:
<?php session_start(); ?>
Try adding the username in your SELECT query.
$result1 = "SELECT userid, username, password FROM user WHERE username = '$username' And password = '$password'";
And if you want to store the the user id too you need:
$_SESSION['userid'] = $userid;

The "s" in "start" in "session_start()" needs to be in lower case.
session_Start(); // This would not initiate the session
session_start(); // This would initiate the session
Due to this the session is never created.
Fixing this should resolve the issue

<?php
session_Start();
if (isset($_POST['LOGIN']))
{
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mysite";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error)
{
die("Connection failed: ".$conn->connect_error);
}
else
{
$result1 = "SELECT userid, password FROM user WHERE username = '$username' And password = '$password'";
$queryResult= mysqli_query($conn, $sql);
$row = mysqli_fetch_array($queryResult);
$count = mysqli_num_rows($queryResult); // if uname/pass correct it returns must be 1 row
}
if ($count == 1 && $row['password'] == $password) {
$_SESSION['userid'] = $row['userid'];
header("Location: home.php");
}
else {
$errMSG = "Incorrect Credentials, Try again...";
}
}
?>

Converting username, to userID for entry into a comments box

<?php
include("connection.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($conn,$_POST['username']);
$mypassword = mysqli_real_escape_string($conn,$_POST['password']);
$row['userID'] = $myuserid;
$sql = "SELECT * FROM u803621131_login.users WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
session_start("myuserid");
$_SESSION['login_user'] = $myusername;
$_SESSION['login_id'] = $myuserid;
header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div style = "width:300px; border: solid 1px #333333; " align = "left">
<div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style = "margin:30px">
<form action = "" method = "post">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</div>
</body>
</html>
Login.php - The login page with all the changed parts, the actual login works as it should. although it is hard to tell if there are any other issues
<?php session_start();
include'../../connection.php';?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="keywords" content="">
<link rel="stylesheet" type="text/css" href=".../../../../style.css">
<title>Home</title>
<!--[if IE]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<?php include('../../main/main.php');?>
</head>
<body>
<div class=containermain>
<h1>I5-6600k.php</h1>
<form action="ratepost.php" method="post">
<label for="rating">rating:</label>
<select name="rating" id="rating" value="rating" >
<option>
<option value="1">1 </option>
<option value="2">2</option>
<option value="3">3 </option>
<option value="4">4</option>
<option value="5">5</option>
</option>
</select>
<input type="submit" value="Submit">
</form>
<h2>graphics card write up................</h2>
<?php echo "Hello " . $_SESSION['user']; ?>
<p> </p>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div>
<div
class="fb-like"
data-share="true"
data-width="450"
data-show-faces="true">
</div>
<!---------------------------------------COMMENT BOX---------------------------------------------------->
<div class="comments" align="center">
<form action="" method="post" >
<textarea rows="4" cols="50" name="comment">
Please type a comment if you are logged in....
</textarea>
<input type="submit" value="Submit">
</form>
<?php
if (isset($_SESSION['login_id']) && !empty($_SESSION['login_id'])) {
$id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";
if(mysqli_query($conn, $sqlinsert)){
header("Location: i5-6600k");
} else {
echo "ERROR: Could not able to execute $sqlinsert. " . mysqli_error($conn);
}
}
// close connection
$sql = "SELECT `users`.`username`, `comment`.`comment`, `comment`.`timestamp`\n"
. "FROM `users`\n"
. "LEFT JOIN `comment` ON `users`.`userID` = `comment`.`userID` \n"
. "where dCpuID = 1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>Username</th><th>Comment</th><th>Timestamp</th>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["username"]. "</td><td>" . $row["comment"]."</td><td>" . $row["timestamp"]. "</td>";
}
echo "</table>";
} else {
echo "0 results";
}
?>
</div>
<?php include('../../assets/footer.php');?>
<div class="fb-comments" data-href="http://www.computercomparison.tk/#home" data-numposts="5"></div>
</body>
</html>
Have included entirety of 2nd page, incase there may be clashes with other parts of the code in the site that may be pointed out.
Also you will find lots of code in strange places, only testing bits at the mo.
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($conn,"select username, from users where username = '$user_check' ");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$login_session = $row['username'];
if(!isset($_SESSION['login_user'])){
header("location:login.php");
}
?>
Have this session.php file, didn't think it was too relevant but changing it around did affect logging in and stuff, it is in good condition here, wonder if there is anything i need to change here too? it is linked to the welcome.php

Following the error message you connected a column for the comment authors ID to one in your account table using a foreign key.
As shown in your picture they're both INT. But you are trying to insert a VARCHAR (the username) into this column instead.
My approach would be to get the user's ID by a sql query or even better save the users ID to the session:
session_start();
$_SESSION['login_user'] = $usernameFromFormOrWhatever;
$_SESSION['login_id'] = $usersID;
So you can fill your userID column with it:
$id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";
Additionally the entered ID in your comments table must also appear in a row of your accounts table as ID of a user. Otherwise you will get an error message like you do now.

check if value exists in in database and if does redirect to a page using php

<?php
require_once("!cache.php");
$connection = mysqli_connect ('localhost', 'twa137', 'twa137hu', 'westernhotel137');
if(!$connection) {
die("connection failed: " . mysqli_connect_error());
}
$username="";
$password="";
$usmg="";
$pasmg="";
$logincorrect = "";
if (isset($_POST["submit"])) {
// Here we only validate that username and password are not empty.
$username = $_POST["username"];
if (empty($username)) $usmg = '<span class="error"> This field is mandatory. Please enter staff ID.</span>';
$password = $_POST["password"];
if (empty($password)) $pasmg = '<span class="error"> This field is mandatory. Please enter password.</span>';
if (strlen($usmg)==0 && strlen($pasmg)==0) {
// sanitize them before passing to database
$username = mysqli_real_escape_string($connection, $username);
$password = mysqli_real_escape_string($connection, $password);
$sql = "select username, password from customers where username = '$username' and password = '$password'";
$rs = mysqli_query($connection, $sql)
or die("Error when looking up username and password" . mysqli_error($connection));
if (mysqli_num_rows($rs) > 0 ) {
// username and password correct
session_start();
$_SESSION["who1"] = $username;
$_SESSION["password"] = $password;
mysqli_close($connection);
$logincorrect = true;
header("location: browse.php");
}
mysqli_close($connection);
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Login</title>
<style type="text/css">
input[type="text"] {
border: 2px solid black;
}
.error {
color:red;
}
</style>
</head>
<body>
<h2>Login page </h2>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<p>
Admin name: <input type="text" name="username" value="<?php echo htmlspecialchars($username) ?>" />
<?php echo $usmg; ?>
</p>
<p>
Password: <input type="password" name="password" value="<?php echo htmlspecialchars($password) ?>" />
<?php echo $pasmg; ?>
</p>
<p>
<input type="submit" value="Submit" name="submit"/>
</p>
<p>
<input type="reset" value="Reset" name="reset"/>
</p>
</form>
<?php
if (isset($_POST['submit']) && !$logincorrect) {
echo "<p> <span class='error'>Login details incorrect. Please try again!</span></p>";
}
?>
</body>
</html>
I need to check if the value exists and if it does it'll redirect to another page, but when i try to test my input it always shows login details incorrect, even if the value exists in the database

<?php
session_start();
?><html>
<head>
<style type="text/css">
input{
border:1px solid olive;
border-radius:5px;
}
h1{
color:darkgreen;
font-size:22px;
text-align:center;
}
</style>
</head>
<body>
<h1>Login<h1>
<form action='' method='post'>
<table cellspacing='5' align='center'>
<tr><td>User name:</td><td><input type='text' name='username'/></td></tr>
<tr><td>Password:</td><td><input type='password' name='password'/></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='Submit'/></td></tr>
</table>
</form>
<?php
if(isset($_POST['submit']))
{
$connection=mysqli_connect('localhost','twa137','twa137hu','westernhotel137');
$username=$_POST['username'];
$password=$_POST['password'];
if($username!=''&&$password!='')
{
$query=mysqli_query($connection,"select * from login where username='".$username."' and password='".$password."'");
$res=mysqli_num_rows($query);
if($res>0)
{
$_SESSION["username"] = $username;
header('location:browse.php');
}
else
{
echo'You entered username or password is incorrect';
}
}
else
{
echo'Enter both username and password';
}
}
?>
</body>
</html>

Before saving username and password into database you can do this. This is for secured form submission:
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);// This prevents accidental sql injection
$password = stripslashes($password);
$username = mysqli_real_escape_string($username);
$password = mysqli_real_escape_string($password);
$password = md5($password); //Optional but secured as you are hashing the password
//here add your SQL query to save into database
This same method you can use for login and register of username and password. In the form you can remove the value as you will be entering the values. I also suggest you to start using PDO as that is more secured.

PHP profile update page MySql Error

Can anyone see the error in this code as the code is only giving me back :
the name does not exist
It was all working fine now it does not.
If anyone can spot it please and correct me as I am still new to this.
<?php
// see if the form has been completed
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$username = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row ["username"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("host","****","*****"); mysql_select_db('db_k1003140');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $username . "'") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
Here is the HTML :
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Profile Update: <?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="style.css">
<script src="js/main.js"></script>
<script src="js/javascript.js"></script>
<script src="js/ajax.js"></script>
<style type="text/css">
#updateform{
margin-top:24px;
}
#updateform > div {
margin-top: 12px;
}
#updateform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
</style>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="usernamecss"> Username: <?php echo $username; ?></div>
<form action="update.php" method="POST" id="updateform">
<div>
<div>First Name: </div>
<input id="firstname" type="text" name="firstname" value="<?php echo $firstname?>" maxlength="16">
<div>Surname: </div>
<input id="surname" type="text" name="surname" value="<?php echo $surname?>" maxlength="16">
<div>Weight: </div>
<input id="weight" type="text" name="weight" value="<?php echo $weight?>" >
<div>Height: </div>
<input id="height" type="text" name="height" value="<?php echo $height?>" >
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
Go to Profile
</div>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>

Just a guess you comparing username field with firstname,
SELECT * FROM users WHERE firstname='" . $username . "'";
While it needs to be,
SELECT * FROM users WHERE username='" . $username . "'";
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Categories