1

I've done some research into some other people's problems on here, but I can't quite see what's going wrong. I'm trying to update my form which already has the current user (who is logged in)'s data, but I want them to be able to update their profile.

This is what my code looks like:

  <?php
      // Retreive db data
    $me = $_SESSION['username'];
    require('db.php');

    $data = "SELECT username, email FROM users WHERE username='$me'";

    $query = mysql_query($data);
    $data2 = mysql_fetch_array($query);



    // Updating
    $Username=$data2['username'] ;
    $Email= $data2['email'] ;

    if(isset($_POST['save']))
    {
    $username_save = mysql_real_scape_string($_POST['username']);
    $email_save = mysql_real_scape_string($_POST['email']);

    mysql_query("UPDATE users SET username ='$username_save', email ='$email_save' WHERE username = '$me'")
    or die(mysql_error());
    echo "Saved!";

    }
       ?>




       <form role="form">
         <div class="form-group">
           <label for="username">Username: </label>
           <input type="text" class="form-control" name="username_save" value="<?php echo $data2['username']?>">
         </div>
         <div class="form-group">
           <label for="pwd">Email Address: </label>
           <input type="email" class="form-control" name="email_save" value="<?php echo $data2['email']?>">
         </div>
         <button input type="Submit" name="save" class="btn btn-info">Submit</button>
          <button input type="Sumbit" name="delete" class="btn btn-danger">Delete</button>
      </form>

When I submit my new values (the echo values works fine) and press submit (username=danielleeee [email protected]), my url looks like this:

pages/admin/edit.php?username_save=danielleeee&email_save=test%40danielle.com&save=

If anyone could shed some light on this for me that would be fantastic! Thank you.

Improve this question
2
  • $_POST method is not defined; so learn how to use $_POST; because you form works with $_GET method and your vars are in $_GET superglobal Commented Feb 26, 2016 at 15:33
  • 1
    Stop using mysql_ functions, they have been deprecated for a long time now. Use mysqli_ or PDO instead. You are also vulnerable to SQL injection. Use prepared statements instead. Commented Feb 26, 2016 at 15:39

1 Answer 1

Reset to default
1

<form> defaults to a GET method if not explicitly implied <form role="form">.

So, => <form role="form" method="post">

since you're using POST arrays.

Strangely enough, error reporting would not have thrown you anything about it neither.

  • I learned that lesson the hard way once, "once".

Also, make sure you started the session since you are using sessions.

Yet, error reporting would have caught that one if it wasn't started and would have thrown you something about it.

However, name="username_save" and name="email_save" those are not the same as your POST arrays here.

  • $_POST['username'] => $_POST['username_save']
  • $_POST['email'] => $_POST['email_save']

Those need to match and error reporting would have thrown you undefined index notices.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Footnotes:

It's best to use a conditional !empty() for your POST arrays. The ! is the "NOT" operator in PHP.

and will ensure that no empty values are being passed.

I.e.:

if(isset($_POST['save']))
{

if(!empty($_POST['username_save']) && !empty($_POST['email_save']) ){
$username_save = mysql_real_scape_string($_POST['username_save']);
$email_save = mysql_real_scape_string($_POST['email_save']);

mysql_query("UPDATE users SET username ='$username_save', email ='$email_save' 
             WHERE username = '$me'")
or die(mysql_error());
echo "Saved!";

}

}

Sidenote: You can replace && (AND) for an || (OR) depending on the condition you wish to use.

Plus, as stated. The MySQL_ API will be removed from future PHP versions. It's best to move on to either the MySQLi or PDO API and with a prepared statement.

References:

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks! That worked great (will mark as correct but I have to wait 3 minutes apparently). Only problem I'm getting now is that 'username' and 'email' are coming up as undefined index?
@dplatt You're welcome. Reload my answer, I've made an edit about that as I kept looking at your code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.