Jump to content

PHP users edit profile


flawlessgreen

Recommended Posts

How do I display users that log in with their information in the edit profile section? Currently my code only display the first user in my database, even though a different user is logged in.

<?php
session_start();
include_once 'dbconnect.php';

if(!isset($_SESSION['user']))
{
 header("Location: index.php");
}
$res=mysql_query("SELECT * FROM admin WHERE user_id=".$_SESSION['user']);
$userRow=mysql_fetch_array($res);

if(isset($_SESSION['user'])) {
    $customerID = $_SESSION['user_id'];
    $username = $_SESSION['username'];  

    $customers = mysql_query("SELECT * FROM admin where user_id='".$customerID."'");
    $customer = mysql_num_rows($customers);

    if($customer== 1){
        $row = mysql_fetch_assoc($customers);
        $realname = $row['realname'];
        $username = $row['username'];
        $email = $row['email'];
        $password = $row['password'];
        $address = $row['address'];


if(isset($_POST['submit'])){    
        $_var1 = $_POST['new_realname'];
        $_var2 = $_POST['new_username'];
        $_var3 = $_POST['new_email'];
        $_var4 = md5($_POST['new_password']);
        $_var5 = $_POST['new_address'];


        if(mysql_query("UPDATE admin 
                        SET realname='$_var1', username='$_var2', email='$_var3', password='$_var4', address='$_var5' 
                        WHERE user_id='$customerID'"))
          {
  ?>
        <?php
            header("Location: ADeditprofile.php");
            
            
 }
 else
 {
  ?>
        <script>alert('error while updating you...');</script>
        <?php
 }
    
    }   
    
    }
}

?>
<form method="POST">
<table border="0">

<tr>
<td><input type="text" name="new_realname" value="<?php echo $realname ?>" placeholder="Real Name" required /></td>
</tr>
<tr>
<td><input type="text" name="new_username" value="<?php echo $username ?>" placeholder="User Name" required /></td>
</tr>
<tr>
<td><input type="email" name="new_email" value="<?php echo $email ?>" placeholder="Your Email" required /></td>
</tr>
<tr>
<td><input type="password" name="new_password" value="<?php echo $password ?>" placeholder="Your Password" required /></td>
</tr>
<tr>
<td><input type="text" name="new_address" value="<?php echo $address ?>" placeholder="Address" required /></td>
</tr>
<tr>
<td><button type="submit" name="submit" value="submit">Update</button></td>
</tr>
</table>
</form>
Link to comment
Share on other sites

The code is outdated and also not protected plus questionable multiple queries as to what are checking user with mysql versus a session value.

 

Try this out, let me know if works or what doesn't work.

I added a few comments.

<?php
session_start();

if (!isset($_SESSION['user_id'])) {
    header("Location: index.php");
    exit; //use exit() so the script does not continue to run
}

include_once 'dbconnect.php';

//use mysqli or pdo, mysql is deprecated
$customers = mysql_query("SELECT * FROM admin where user_id='" . $_SESSION['user_id'] . "'");
$customer  = mysql_num_rows($customers);

if ($customer == 1) {
    $row = mysql_fetch_assoc($customers);
    
    
    if (isset($_POST['submit'])) {
        
        //you should check if values exist and data you expect
        //you can check each one of these else make an error or keep values from database        
        if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') {
            $realname = $_POST['new_realname'];
        } else {
            $realname = $row['realname'];
        }
        
        if (isset($_POST['new_username']) && trim($_POST['new_username']) != '') {
            $username = $_POST['new_username'];
        } else {
            $username = $row['username'];
        }
        
        if (isset($_POST['new_email']) && !filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL) === false) {
            $email = $_POST['new_email'];
        } else {
            $email = $row['email'];
        }
        
        if (isset($_POST['new_password']) && trim($_POST['new_password']) != '') {
            $password = md5($_POST['new_password']); //use password_hash() and password_verify()            
        } else {
            $password = $row['password']; //can't reverse hashed passwords to show in form            
        }
        
        if (isset($_POST['new_address']) && trim($_POST['new_address']) != '') {
            $address = $_POST['new_address'];
        } else {
            $address = $row['address'];
        }
        
        //escape values before inserting with mysql_real_escape_string, mysqli_real_escape_string or pdo and prepared statements
        
        if (mysql_query("UPDATE admin 
                            SET realname='" . mysql_real_escape_string($realname) . "', username='" . mysql_real_escape_string($username) . "', email='" . mysql_real_escape_string($email) . "', password='$password', address='" . mysql_real_escape_string($address) . "' 
                            WHERE user_id='" . $_SESSION['user_id'] . "'")) {

            header("Location: ADeditprofile.php");
            exit;
            
        } else {
?>
         <script>alert('error while updating you...');</script>
<?php
        }
        
    }
    
} else {
    echo "No user with that id";
}


?> 
<form method="POST">
<table border="0">

<tr>
<td><input type="text" name="new_realname" value="<?php echo $realname ?>" /></td>
</tr>
<tr>
<td><input type="text" name="new_username" value="<?php echo $username ?>" /></td>
</tr>
<tr>
<td><input type="email" name="new_email" value="<?php echo $email ?>" /></td>
</tr>
<tr>
<td><input type="password" name="new_password" value="" placeholder="Type if want new password" /></td>
</tr>
<tr>
<td><input type="text" name="new_address" value="<?php echo $address ?>" /></td>
</tr>
<tr>
<td><button type="submit" name="submit" value="submit">Update</button></td>
</tr>
</table>
</form> 
Edited by QuickOldCar
Link to comment
Share on other sites

<?php
session_start();
include_once 'dbconnect.php';

//for the session user it allows only logged in user to view
if (!isset($_SESSION['user']) && !isset($_SESSION['user_id'])) {
    header("Location: index.php");
    exit; //use exit() so the script does not continue to run
}

// to get the data of the name and display welcome! (blablabla)
$res=mysql_query("SELECT * FROM users WHERE user_id='" . $_SESSION['user'] . "'");
$userRow=mysql_fetch_array($res);



$customers = mysql_query("SELECT * FROM users where user_id='" . $_SESSION['user_id'] . "'");
$customer  = mysql_num_rows($customers);

if ($customer == 1) {
    $row = mysql_fetch_assoc($customers);
    
    
    if (isset($_POST['submit'])) {
        
        //you should check if values exist and data you expect
        //you can check each one of these else make an error or keep values from database        
        if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') {
            $realname = $_POST['new_realname'];
        } else {
            $realname = $row['realname'];
        }
        
        if (isset($_POST['new_username']) && trim($_POST['new_username']) != '') {
            $username = $_POST['new_username'];
        } else {
            $username = $row['username'];
        }
        
        if (isset($_POST['new_email']) && !filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL) === false) {
            $email = $_POST['new_email'];
        } else {
            $email = $row['email'];
        }
        
        if (isset($_POST['new_password']) && trim($_POST['new_password']) != '') {
            $password = md5($_POST['new_password']); //use password_hash() and password_verify()            
        } else {
            $password = $row['password']; //can't reverse hashed passwords to show in form            
        }
        
        if (isset($_POST['new_address']) && trim($_POST['new_address']) != '') {
            $address = $_POST['new_address'];
        } else {
            $address = $row['address'];
        }
        
        //escape values before inserting with mysql_real_escape_string, mysqli_real_escape_string or pdo and prepared statements
        
        if (mysql_query("UPDATE users 
                            SET realname='" . mysql_real_escape_string($realname) . "', username='" . mysql_real_escape_string($username) . "', email='" . mysql_real_escape_string($email) . "', password='$password', address='" . mysql_real_escape_string($address) . "' 
                            WHERE user_id='" . $_SESSION['user_id'] . "'")) {

            header("Location: editprofileLog.php");
            exit;
            
        } else {
?>
         <script>alert('error while updating you...');</script>
<?php
        }
        
    }
    
} else {
    echo "No user with that id";
}


?> 
Welcome!  <b><?php echo $userRow['username']; ?>
<form method="POST">
<table border="0">

<tr>
<td><input type="text" name="new_realname" value="<?php echo $realname ?>" placeholder="Real Name" required /></td>
</tr>
<tr>
<td><input type="text" name="new_username" value="<?php echo $username ?>" placeholder="User Name" required /></td>
</tr>
<tr>
<td><input type="email" name="new_email" value="<?php echo $email ?>" placeholder="Your Email" required /></td>
</tr>
<tr>
<td><input type="password" name="new_password" value="<?php echo $password ?>" placeholder="Type if want new password" /></td>
</tr>
<tr>
<td><input type="text" name="new_address" value="<?php echo $address ?>" placeholder="Address" required /></td>
</tr>
<tr>
<td><button type="submit" name="submit" value="submit">Update</button></td>
</tr>
</table>
</form>

I have kind of edited QuickOldCar code. Sorry if I am wrong, learning the process of coding. 

I have 3 data inside my database, which have user_id "1", "2," and "3"

Link to comment
Share on other sites

Ok now it works. 

if ($customer == 1) {
    $row = mysql_fetch_assoc($customers);
    $realname = $row['realname']; //i have to put it outside for it to display the database data in the textbox
    $username = $row['username'];
    $email = $row['email'];
    $password = $row['password'];
    $address = $row['address'];

    if (isset($_POST['submit'])) {
        
        //you should check if values exist and data you expect
        //you can check each one of these else make an error or keep values from database        
        if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') {
            $realname = $_POST['new_realname'];
        } else {
            $realname = $row['realname'];
        }
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.