PHP update user account details no error displayed but account details not updated

Question

Overview: I am crating a dummy website for learning purposes therefore its functionalists are basic and security in not on the agenda atm.

Actual Problem:

OK so my application loges in a users who has an option of editing his/hers account if desired. So i have gone ahead and created PHP script that soopose to deal with this BUT IT DOES NOT. When I click edit account button no errors pop up but at the same time when i check MySQL database no changes occurred.

EditAccountForm.php file:

<?php

    include('connect_mysql.php');


if(isset($_POST['editAccount'])){

    $Newusername = $_GET['username'];
    $Newpassword = $_POST['password'];
    $Newfirstname = $_POST['first_name'];
    $Newlastname = $_POST['last_name'];
    $Newemail = $_POST['email'];


    if($Newusername != $username)
    {
        $q1 = ("UPDATE users SET username=$Newusername WHERE username=$username");
    }
    else if(!mysql_query($q1)){

        echo "MySQL ERROR: " . mysql_error() . "" . $sql;
    }
    ///////////////////////////////////////////////////////////////

    if($Newpassword != $password)
    {
        $q2 = ("UPDATE users SET password=$Newpassword WHERE password=$password");
    }
    else if(!mysql_query($q2)){

        echo "MySQL ERROR: " . mysql_error() . "" . $sq2;
    }
    ///////////////////////////////////////////////////////////

    if($Newfirstname != $firstname)
    {
        $q3 = ("UPDATE users SET first_name=$Newfirstname WHERE first_name=$firstname");
    }
    else if(!mysql_query($q3)){

        echo "MySQL ERROR: " . mysql_error() . "" . $sq3;
    }
    ///////////////////////////////////////////////////////////////

    if($Newlastname != $lastname)
    {
        $q4 = ("UPDATE users SET last_name=$Newlastname WHERE last_name=$lastname");
    }
    else if(!mysql_query($q4)){

        echo "MySQL ERROR: " . mysql_error() . "" . $sq4;
    }
    ///////////////////////////////////////////////////////////////

    if($Newemail != $email)
    {
        $q5 = ("UPDATE users SET username=$Newemail WHERE email=$email");
    }
    else if(!mysql_query($q5)){

        echo "MySQL ERROR: " . mysql_error() . "" . $sq5;
    }



}   

?>

userEditAccount.php:

<html>
<head>

<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>

    <div id="wrapper">
        <header><h1>E-Shop</h1></header>


        <article>
        <h1>Welcome</h1>

            <h1>Edit Account</h1>

        <div id="login">

                <ul id="login">

                <form method="post" name="editAccount" action="userEditAccount.php"  >
                    <fieldset>  
                        <legend>Fill in the form</legend>

                        <label>Select Username : <input type="text" name="username" /></label>
                        <label>Password : <input type="password" name="password" /></label>
                        <label>Enter First Name : <input type="text" name="first_name" /></label>
                        <label>Enter Last Name : <input type="text" name="last_name" /></label>
                        <label>Enter E-mail Address: <input type="text" name="email" /></label>
                    </fieldset>
                        <br />

                        <input name="Editsubmited" type="submit" submit="submit" value="Edit Account" class="button">

                </form>

                <?

                    echo $newrecord;
                ?>


                </div>
            <form action="userhome.php" method="post">
            <div id="login">
                <ul id="login">
                    <li>
                        <input type="submit" value="back" onclick="index.php" class="button">   
                    </li>
                </ul>
            </div>      



        </article>
<aside>
</aside>

<div id="footer">This is my site i Made coppyrights 2013 Tomazi</div>
</div>

</body>
</html>

Furthermore:

I tried to fiddle with the code looked on web but no luck the code i have written for this script in my eyes is the best solution and the one that makes sens to me.

So i had no other option but turn to this website to look for answers, can anyone perhaps see where am going wrong with this whole thing...?

Image of the Edit Account page:

As Asked Conect_mysql.php:

<?php 

    $db_hoast = "127.0.0.1";
    $db_username = "root";
    $db_password = "";
    $db_name = "eshop";

    $con = mysql_connect("$db_hoast","$db_username","$db_password");
        if(!$con)
        {
            die("Could not connect to DATABASE");
        }
    $db = mysql_select_db("$db_name");
        if(!$db)
        {
            die("No database");
        }

?>

Answer 1

the problem with your UPDATE statements are the values are not wrapped with single quotes. They are string literal and should be wrapped.

$q1 = "UPDATE users SET username='$Newusername' WHERE username='$username'";

in order to display the error,

if($Newfirstname != $firstname)
{
    $q1 = "UPDATE users SET username='$Newusername' WHERE username='$username'";
    $result = mysql_query($q1);
    if (!$result) 
    {
        die('Invalid query: ' . mysql_error());
    }
}

Also your logical UPDATES are wrong. This causes you to updates records that matches with the conditions.

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

• How to prevent SQL injection in PHP?