CODEWITHSUNDEEP
phpmysqlsessionprofile
Ferial Ice
Ferial Ice

Reputation: 43

PHP MYSQL - UPDATE user profile with SESSION

I'm trying to update user profile with session. Suppose, the user profile page will update accordingly to the profile of the logged in user. Here's the sample code of user_profile.php:-

<?php
 session_start(); 
 ob_start();

 include("../function/dbconnect.php");
 include("header.php");
?>

<html>
<body>

<?php
if(isset($_SESSION['VALID_USER'])){

if(isset($_POST['submit']))
{
    $username = $_POST['username'];
    $password = $_POST['password'];

    $s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");

    if ($s)
        { echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
    else
        { echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}

$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'  AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1); 

?>

<form  action="user_profile.php" method="POST">
<div>Your  Profile</div>
<table  border="0"  align="center"  cellpadding="2"  cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php  echo $query2['username'];  ?>" /></td>
</tr>
<tr>
<td><div  align="left"  id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php  echo $query2['password'];  ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>

<?php
//  close  while  loop
}}
?>

<?php
//  close  connection;
mysql_close();
?>
</br>

</body>
</html>

The page returns blank. There are several other codes that I'm working on for the user_profile.php page too but, the results that I get are the same... I used below codes for admin to update user profile.

include('function/dbconnect.php');
        if(isset($_GET['id']))
        {
            $id=$_GET['id'];
                if(isset($_POST['submit']))
                {
                    $username   = $_POST['username'];
                    $email      = $_POST['email'];
                    $password   = $_POST['password'];
                    $user_type  = $_POST['user_type'];
                    $query3     = mysql_query("UPDATE tbl_staffs
                                              SET username='$username', email='$email', password='$password', WHERE id='$id'");

                    if ($query3)
                        { echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
                    else
                        { echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
                }

    $query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
    $query2=mysql_fetch_array($query1); 



 <form method="post">
 <tr>
    <td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
  </tr>
  <tr>
    <td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
  </tr>
  <tr>
    <td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
  </tr>
  <tr>
    <td colspan="2" align="right">
    <br />
        <span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
    </td>
  </tr>
  </table>

  </form>
  <?php
    }
  ?>

Apparently, it works fine as it is. Though, when I tried to imply the codes for user so that they can update their own profile, the codes won't work. Where am I doing it wrong?

Upvotes: 0

Views: 17415

Answers (1)

Vinod Patel
Vinod Patel

Reputation: 24

first check your session is exist or not and then replace ".mysql_real_escape_string($_SESSION["VALID_USER"])." in your query by a variable like 

$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);


if(isset($_POST['submit']))
{

$username = $_POST['username'];

$password = $_POST['password'];

$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");

if ($s)
    { echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
    { echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}

 $query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$'  AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);

Upvotes: 1

Related Questions