Edit profile page?

[Drewdle]

I was looking at various tutorials on the net to help me create an edit profile page for my site but the ones I tried wouldn't work...

 

What changes would I have to make to this: (register.php)

<?php 
include ('header.php');
?></center>
<div class=content>
<?php  
if(!empty($_POST['username']) && !empty($_POST['password']))  
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = md5(mysql_real_escape_string($_POST['password']));  
    $email = mysql_real_escape_string($_POST['email']);
    $location = mysql_real_escape_string($_POST['location']);
    $website = mysql_real_escape_string($_POST['website']);
    $about = mysql_real_escape_string($_POST['about']);
  
     $checkusername = mysql_query("SELECT * FROM users WHERE Username = '".$username."'");  
  
     if(mysql_num_rows($checkusername) == 1)  
     {  
        echo "<b>Error</b>";  
        echo "Sorry, that username is taken. Please go back and try again.</p>";  
     }  
     else  
     {  
        $registerquery = mysql_query("INSERT INTO users (Username, Password, EmailAddress, Location, Website, About) VALUES('".$username."', '".$password."', '".$email."', '".$location."', '".$website."', '".$about."')");  
        if($registerquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your account was successfully created. Please click<a href=\"index.php\"> here </a>to login.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your registration failed. Please go back and try again.</p>";  
        }  
     }  
}  
else  
{  
    ?>  
   <b>Register</b>  
  <br><br>
   Please enter your details below to register.  
  <br><br>
    <form method="post" action="register.php" name="registerform" id="registerform"> 
    <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
<b>Required Information:</b><br><br>
<tr><td>  
        <b>Username:</b>
</td><td>
        <input type="text" name="username" id="username" />
</td></tr><tr><td>
        <b>Password:</b>
</td><td>
        <input type="password" name="password" id="password" />
</td></tr><tr><td>  
        <b>Email Address:</b>
</td><td>
        <input type="text" name="email" id="email" />
</td></tr></table></td><td valign=top>
<table border=0>
<b>Optional Information:</b><br><br>
<tr><td>
     <b>Location:</b>
</td><td>
     <input type="text" name="location" id="location">
</td></tr><tr><td>
     <b>Your Website:</b>
</td><td>
     <input type="text" name="website" id="website">
</tr></td><tr><td valign=top>
     <b>Short About:</b>
</td><td>
     <textarea name="about" id="about" rows="10" cols="20"></textarea>
</td></tr></td>
</table> </td></tr> </table>
        <input type="submit" name="register" id="register" value="Register" class=btn />  
    </form>  
  
    <?php  
}  
?>  </div>
<?php
include ('footer.php'); 
?>

an edit profile page?

 

I use this as the template because its damn near the same script, just with a few alterations...

 

I know the obvious things the bit I struggle with is selecting the database then inserting new information?...I keep getting my variables/queries messed up when I rewrite it to create a edit profile page.

 

Cheers,

[WSparrow]

You're missing some brackets here:

if(!empty($_POST['username']) && !empty($_POST['password']))  

 

Should be:

if(!empty($_POST['username'])) && (!empty($_POST['password']))  

[dragon_sa]

Basically the form is the same except you query  the database for the logged in user at the top and set all the variables needed in the form, then for the value of each input set the variable related to it, then use update to update the fields in the database when you post the form

 

so if name was $username=$row['username'];

 

the input would be

 

<input type="text" name="username" id="username" value="<?php echo $username; ?>" />

and so on

 

 

 

[Drewdle]

Ok I've done this:

<?php 
include ('header.php');
?></center>
<div class=content>
<?php  
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))  
{  

$checkinfo = mysql_query("SELECT * FROM users WHERE Username = '"$_SESSION['Username']"'");

while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){

    $username = $results['Username']);    
    $email = $reults['EmailAddress']);
    $location = $reults['Location']);
    $website = $reults['Website']);
    $about = $reults['About']);
}
    ?>  
   <b>Edit your Profile</b>  
  <br><br>
   Please enter your details below to update your profile.  
  <br><br>
    <form method="post" action="editprofile.php" name="editform" id="editform"> 
    <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
<b>Required Information:</b><br><br>
<tr><td>  
        <b>Username:</b>
</td><td>
        <?php echo $username; ?>
</td></tr><tr><td>  
        <b>Email Address:</b>
</td><td>
        <input type="text" name="email" id="email" value="<?php echo $email; ?>">
</td></tr></table></td><td valign=top>
<table border=0>
<b>Optional Information:</b><br><br>
<tr><td>
     <b>Location:</b>
</td><td>
     <input type="text" name="location" id="location" value="<?php echo $location; ?>">
</td></tr><tr><td>
     <b>Your Website:</b>
</td><td>
     <input type="text" name="website" id="website" value="<?php echo $website; ?>">
</tr></td><tr><td valign=top>
     <b>Short About:</b>
</td><td>
     <textarea name="about" id="about" rows="10" cols="20"><?php echo $about; ?></textarea>
</td></tr></td>
</table> </td></tr> </table>
        <input type="submit" name="register" id="register" value="Update" class=btn />  
    </form>  
  
<?php
$editquery = mysql_query("REPLACE INTO users (EmailAddress, Location, Website, About) VALUES('".$email."', '".$location."', '".$website."', '".$about."')");

if($editquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  

?>
</div>
<?php
include ('footer.php'); 
?>

 

It returned an Parse error: syntax error, unexpected T_VARIABLE in error....

 

If I fixed the errors, would this work?...

 

[dragon_sa]

put your form processing in the top part of the page, I am assuming this whole page is called editprofile.php

dont use replace use UPDATE in your query and check for the post like this

 

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

POST variables here and run sql
$editquery = mysql_query("UPDATE users SET EmailAddress='$email' , Location='$location, Website='$website', About='$about' WHERE username='$username'");

}

 

I would recomend using a userID instead of username incase there are more than 1 user with the same username, this should be an autoincrement unique ID in your database, and you just post it as a hidden input box.

You can also set your error and success messages to variable like $success and $error and the have if(isset($sucess)) { echo $success; } in your page content

[Drewdle]

I don't understand your suggestions??....

 

I've changed it slightly to what I guessed you mean.

<?php 
include ('header.php');
?></center>
<div class=content>
<?php  
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))  
{  
$nameuser = $_SESSION['Username'];
$checkinfo = mysql_query(SELECT * FROM users WHERE Username = '$nameuser');

while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
    
    $id = $results['UserID'];
    $username = $results['Username'];    
    $email = $reults['EmailAddress'];
    $location = $reults['Location'];
    $website = $reults['Website'];
    $about = $reults['About'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$editquery = mysql_query("UPDATE users SET EmailAddress='$email' , Location='$location, Website='$website', About='$about' WHERE '$id'");

if($editquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  

?>  
   <b>Edit your Profile</b>  
  <br><br>
   Please enter your details below to update your profile.  
  <br><br>
    <form method="post" action="editprofile.php" name="editform" id="editform"> 
    <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
<b>Required Information:</b><br><br>
<tr><td>  
        <b>Username:</b>
</td><td>
        <?php echo $username; ?>
</td></tr><tr><td>  
        <b>Email Address:</b>
</td><td>
        <input type="text" name="email" id="email" value="<?php echo $email; ?>">
</td></tr></table></td><td valign=top>
<table border=0>
<b>Optional Information:</b><br><br>
<tr><td>
     <b>Location:</b>
</td><td>
     <input type="text" name="location" id="location" value="<?php echo $location; ?>">
</td></tr><tr><td>
     <b>Your Website:</b>
</td><td>
     <input type="text" name="website" id="website" value="<?php echo $website; ?>">
</tr></td><tr><td valign=top>
     <b>Short About:</b>
</td><td>
     <textarea name="about" id="about" rows="10" cols="20"><?php echo $about; ?></textarea>
</td></tr></td>
</table> </td></tr> </table>
        <input type="submit" name="register" id="register" value="Update" class=btn />  
    </form>   
</div>
<?php
include ('footer.php'); 
?>

 

Is this correct?

 

[dragon_sa]

that appears to look ok, your errors there if you have any will echo at the top of the page when the submit button is clicked.

 

also

 

WHERE '$id'

 

should be

 

WHERE id='$id'

 

you would also need a hidden input box in your from you can put anywhere in the form as its not seen

 

<input type"hidden" name="id" value="<?php echo $id; ?>" />

 

[Drewdle]

Same error as before:

 

Parse error: syntax error, unexpected T_STRING in /editprofile.php on line 9

$checkinfo = mysql_query(SELECT * FROM users WHERE Username = '$nameuser');

while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
    
    $id = $results['UserID'];
    $username = $results['Username'];    
    $email = $reults['EmailAddress'];
    $location = $reults['Location'];
    $website = $reults['Website'];
    $about = $reults['About'];
}

 

Can't find my mistake...

 

[dragon_sa]

you have 

$reults

 

instead of $results in db query for $email, $location, $website and $about

[Drewdle]

K I changed them, still getting same error.

[dragon_sa]

try this then post your code if its still giving you the error

 

$checkinfo = mysql_query("SELECT * FROM users WHERE Username = '$nameuser'");

 

also just noticed you are using sessions you need to have this at the very top of your php code before anything else on the page

 

session_start();

[Drewdle]

session_start();

Is added via header.php.

 

OK that change got rid of the error and it was replaced by an unexpected $end on line 73

include ('footer.php'); 
?>

 

Heres the footer.php

</td>
</tr>
</table>
<center><hr>
Copyright &#169; 
</center>
</body>
</html>

 

What end?? Theres no php in footer...

 

[dragon_sa]

it means your if or while statements have not been closed, please post all of the page you have now

[Drewdle]

 

<?php 
include ('header.php');
?></center>
<div class=content>
<?php  
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))  
{  
$nameuser = $_SESSION['Username'];
$checkinfo = mysql_query("SELECT * FROM users WHERE Username = '$nameuser'");

while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
    
    $id = $results['UserID'];
    $username = $results['Username'];    
    $email = $results['EmailAddress'];
    $location = $results['Location'];
    $website = $results['Website'];
    $about = $results['About'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$editquery = mysql_query("UPDATE users SET EmailAddress='$email' , Location='$location, Website='$website', About='$about' WHERE id='$id'");

if($editquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  

?>  
   <b>Edit your Profile</b>  
  <br><br>
   Please enter your details below to update your profile.  
  <br><br>
    <form method="post" action="editprofile.php" name="editform" id="editform"> 
    <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
<b>Required Information:</b><br><br>
<tr><td>  
        <b>Username:</b>
</td><td>
        <?php echo $username; ?>
</td></tr><tr><td>  
        <b>Email Address:</b>
</td><td>
        <input type="text" name="email" id="email" value="<?php echo $email; ?>">
<input type"hidden" name="id" value="<?php echo $id; ?>" />
</td></tr></table></td><td valign=top>
<table border=0>
<b>Optional Information:</b><br><br>
<tr><td>
     <b>Location:</b>
</td><td>
     <input type="text" name="location" id="location" value="<?php echo $location; ?>">
</td></tr><tr><td>
     <b>Your Website:</b>
</td><td>
     <input type="text" name="website" id="website" value="<?php echo $website; ?>">
</tr></td><tr><td valign=top>
     <b>Short About:</b>
</td><td>
     <textarea name="about" id="about" rows="10" cols="20"><?php echo $about; ?></textarea>
</td></tr></td>
</table> </td></tr> </table>
        <input type="submit" name="register" id="register" value="Update" class=btn />  
    </form>   
</div>
<?php
include ('footer.php'); 
?>

[dragon_sa]

after this line

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

you need to add

$editEMAIL=$_POST['email'];
$editLOCATION=$_POST['location'];
$editWEBSITE=$_POST['website'];
$editABOUT=$_POST['about'];
$editID=$_POST['id'];

 

then change the update query to

$editquery = mysql_query("UPDATE users SET EmailAddress='$editEMAIL' , Location='$editLOCATION', Website='$editWEBSITE', About='$editWEBSITE' WHERE id='$editID'");

 

then you need to add another 2 closing brackets at the end after the error like this

        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  
    }
}
?>

[Drewdle]

Cool, that sorted it, only...

 

the hidden input for id is visible on the page?

 

Is it because of the echo?

<input type"hidden" name="id" value="<?php echo $id; ?>" />

 

 

 

 

[dragon_sa]

small issue change

<input type"hidden" name="id" value="<?php echo $id; ?>" />

 

to

 

<input type="hidden" name="id" value="<?php echo $id; ?>" />

[Drewdle]

Didn't even see that, nice one dude.

 

OK its done, but it fails?!

 

I have no idea where to look as there isnt an error it just sends error message of failure.

[Drewdle]

It fails here somewhere?

<?php  
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))  
{  
$nameuser = $_SESSION['Username'];
$checkinfo = mysql_query("SELECT * FROM users WHERE Username = '$nameuser'");

while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
    
    $id = $results['UserID'];
    $username = $results['Username'];    
    $email = $results['EmailAddress'];
    $location = $results['Location'];
    $website = $results['Website'];
    $about = $results['About'];
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$editEMAIL=$_POST['email'];
$editLOCATION=$_POST['location'];
$editWEBSITE=$_POST['website'];
$editABOUT=$_POST['about'];
$editID=$_POST['id'];

$editquery = mysql_query("UPDATE users SET EmailAddress='$editEMAIL' , Location='$editLOCATION', Website='$editWEBSITE', About='$editWEBSITE' WHERE id='$editID'");

if($editquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  
    }
}
?>

 

[dragon_sa]

$editquery = mysql_query("UPDATE users SET EmailAddress='$editEMAIL' , Location='$editLOCATION', Website='$editWEBSITE', About='$editWEBSITE' WHERE id='$editID'");

 

to

 

$editquery = mysql_query("UPDATE users SET EmailAddress='$editEMAIL' , Location='$editLOCATION', Website='$editWEBSITE', About='$editWEBSITE' WHERE UserID='$editID'");

 

the UserID was id so it couldnt check against it

[Drewdle]

Yep, I spotted it...I was still looking whilst I made my post and when I found it and changed it it was too late to modify my post lol!

 

Sorry pal.

[dragon_sa]

no dramas glad its solved

[Drewdle]

Hmm, slight 'bug'

 

When you submit the edit profile form it displays the success or error message and the form below.

 

I tried adding another set of if else but it didnt work, how would I change it to only show one of the messages then refresh to display the form again...?

if($editquery)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
        }  
    }
}
?>
   <b>Edit your Profile</b>  
  <br><br>
   Please enter your details below to update your profile.  
  <br><br>
    <form method="post" action="editprofile.php" name="editform" id="editform"> 
    <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
<b>Required Information:</b><br><br>
<tr><td>  

 

The rest of my pages do it but this one for some reason.

 

[dragon_sa]

if($editquery == true)