php profile help

[lee2010]

Hi everyone, i have currently have a registration and login page working, i have now included a profile/edit profile page once the user is logged in. However im having a problem, once the user logs in the account page welcomes them by there username using the following code

 

<h2>Welcome, <?php echo $_SESSION['username']; ?></h2>

 

Which is fine, however when users edit there profile there details arent stored into there userid within the mysql database. for example this is my edit profile page

 

 

and this is what it does within the mysql database:

 

 

It doesn't save that info to the current user and im not sure how to get it to do it, heres my code:

 

<?PHP

//Database Information

$dbhost = "localhost";
$dbname = "blank";
$dbuser = "blank";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$real_name = $_POST['real_name'];
$location = $_POST['location'];    
$mobile_number = $_POST['mobile_number'];
$instant_messaging = $_POST['instant_messaging'];

$query = "REPLACE INTO users (real_name, location, mobile_number, instant_messaging)
VALUES('$real_name', '$location', '$mobile_number', '$instant_messaging')";
mysql_query($query) or die(mysql_error());
mysql_close();

    
?>

 

I can see why it doesn't work as it just inserts it into the users database but I'm not sure how to associate it with the current logged in user.

 

Any help would be great,

 

Lee

 

 

[The Little Guy]

This is the query you actually want:

 

$query = "UPDATE users SET real_name = '$real_name', location = '$location', mobile_number = '$mobile_number', instant_messaging = '$instant_messaging' WHERE userid = '{$_SESSION['userid']}'";

 

Also, use the function mysql_real_escape_string on your $_POST variables.

[lee2010]

Hi, thanks for your reply!

 

I've put that query in instead and it doesn't seem to work. This is my updated code

 

<?PHP

//Database Information

$dbhost = "blank";
$dbname = "blank";
$dbuser = "blank";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$real_name = $_POST['real_name'];
$location = $_POST['location'];    
$mobile_number = $_POST['mobile_number'];
$instant_messaging = $_POST['instant_messaging'];

$query = "UPDATE users SET real_name = '$real_name', location = '$location', mobile_number = '$mobile_number', instant_messaging = '$instant_messaging' WHERE userid = '{$_SESSION['$userid']}'";
mysql_query($query) or die(mysql_error());
mysql_close();
?>

 

I think the problem is here:

 

WHERE userid = '{$_SESSION['$userid']}'";

 

as my login does this

 

session_start();
    $_SESSION['username'] = $username;

[The Little Guy]

I would recommend saving their userid in a session as well. otherwise if you want to use username, just change my code to use it.

 

but if you do add the userid, make sure to log out then back in

 

edit:

I also notice that I accidentally placed a $ in front of userid

 

this

'{$_SESSION['$userid']}'";

 

would be this:

'{$_SESSION['userid']}'";

[lee2010]

Thanks again for your reply,

 

I'm not sure if it's me making a stupid mistake but it still won't get the data on the database end.

 

Just to confirm this should be the correct code:

 

<?PHP

//Database Information

$dbhost = "blank";
$dbname = "blank";
$dbuser = "blank";
$dbpass = "password";

//Connect to database

mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname) or die(mysql_error());

$real_name = $_POST['real_name'];
$location = $_POST['location'];    
$mobile_number = $_POST['mobile_number'];
$instant_messaging = $_POST['instant_messaging'];

$query = "UPDATE users SET real_name = '$real_name', location = '$location', mobile_number = '$mobile_number', instant_messaging = '$instant_messaging' WHERE username = '{$_SESSION['username']}'";
mysql_query($query) or die(mysql_error());
mysql_close();
?>

[lee2010]

Anyone able to help with this, the database still wont receive the details from the profile page

[BlueSkyIS]

echo query to make sure it's what you expect.

 

echo "query: $query <br />";

[rwwd]

IT won't function as you are not passing the connection reference into the query.

<?PHP

//Database Information

$dbhost = "blank";
$dbname = "blank";
$dbuser = "blank";
$dbpass = "password";

//Connect to database

$conn = mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
mysql_select_db($dbname, $conn) or die(mysql_error());

//clean data
$_POST = array_map('strip_tags', $_POST);
$_POST = array_map('mysql_real_escape_string', $_POST);

$real_name = $_POST['real_name'];
$location = $_POST['location'];    
$mobile_number = $_POST['mobile_number'];
$instant_messaging = $_POST['instant_messaging'];

//set a limit to the clause so that ONLY 1 row gets affected, don't need duplicates..
$query = "UPDATE `users` SET `real_name` = '".$real_name."', `location` = '".$location."', `mobile_number` = '".$mobile_number."', `instant_messaging` = '".$instant_messaging."' WHERE `username` = '".$_SESSION['username']."' LIMIT 1";

//as the $conn was reference in the database selection, this query 'inherits' the last known connection
$success = mysql_query($query) or die(mysql_error());

if($success){
echo "Updated successfully";
exit;
}
else{
echo "Something went wrong";
exit;
}
//no need to use mysql_close() as this is the natural action once the script completes anyway...
?>

 

Try that.

 

Rw

[lee2010]

Thanks very much for your replies,

 

I've tried that code and I'm getting the Updated Successfully message once i submit however its not going into the database, its staying blank in those fields which is very odd.

 

 

[BlueSkyIS]

so... what does the SQL look like that isn't working? does it work when you run it via phpmyadmin or other?

[PFMaBiSmAd]

I'm getting the Updated Successfully message

 

That's because that code will display that message any time the query executes with no errors (which we already knew because the or die(...) was not outputting anything.)

 

Going back a few steps, your code does not have a session_start(); statement so you cannot reference a $_SESSION variable (doing what BlueSkyIS has suggested, twice, will help you since you will see what the query actually is.)

 

You are also not checking if the form was submitted or validating any of the form data, which might be empty if your form is invalid or has not been submitted (doing what BlueSkyIS has suggested will also let you see if the form values actually have what you expect in them.)