I have this code and it gives my a Error 500. I am trying to make it so that it will change the profile picture.
<?php
include_once("dbConnect.php");
include_once("indexinfo.php");
$dbCon = mysqli_connect("DATABASE);
if(isset($_POST['imagelink'])) {
$imagelink = "SELECT `username` UPDATE `TEST` SET `picture` = '$_POST['imagelink']' WHERE username = '$_SESSION['username']'";
mysqli_query($dbCon, $imagelink);
}
?>
First off, you can't use SELECT and UPDATE at the same time; it's one or the other. In your case, use only UPDATE with the table you wish to update.
$dbCon = mysqli_connect("DATABASE");
if(isset($_POST['imagelink'])) {
$imagelink = "UPDATE `TEST` SET `picture` = '".$_POST['imagelink']."' WHERE username = '".$_SESSION['username']."'";
mysqli_query($dbCon, $imagelink);
}
Plus, make sure session_start(); is loaded. I don't know what's inside your two included files or where your session variable is coming from, but this is how you will need to do it. See my notes below.
Your present code is open to SQL injection. Use prepared statements, or PDO
Footnotes:
You may also want to use, if that's not what you're presently using, which is hard to tell at the moment.
$dbCon=mysqli_connect("host","user","password","db");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
usernamein'$_SESSION['username']'"and also['imagelink']and make suresession_start();is loaded. Yet this method is open to SQL injection. Or use'".$_POST['imagelink']."' WHERE username = '".$_SESSION['username']."'";