flawlessgreen Posted August 17, 2015 Share Posted August 17, 2015 How do I display users that log in with their information in the edit profile section? Currently my code only display the first user in my database, even though a different user is logged in. <?php session_start(); include_once 'dbconnect.php'; if(!isset($_SESSION['user'])) { header("Location: index.php"); } $res=mysql_query("SELECT * FROM admin WHERE user_id=".$_SESSION['user']); $userRow=mysql_fetch_array($res); if(isset($_SESSION['user'])) { $customerID = $_SESSION['user_id']; $username = $_SESSION['username']; $customers = mysql_query("SELECT * FROM admin where user_id='".$customerID."'"); $customer = mysql_num_rows($customers); if($customer== 1){ $row = mysql_fetch_assoc($customers); $realname = $row['realname']; $username = $row['username']; $email = $row['email']; $password = $row['password']; $address = $row['address']; if(isset($_POST['submit'])){ $_var1 = $_POST['new_realname']; $_var2 = $_POST['new_username']; $_var3 = $_POST['new_email']; $_var4 = md5($_POST['new_password']); $_var5 = $_POST['new_address']; if(mysql_query("UPDATE admin SET realname='$_var1', username='$_var2', email='$_var3', password='$_var4', address='$_var5' WHERE user_id='$customerID'")) { ?> <?php header("Location: ADeditprofile.php"); } else { ?> <script>alert('error while updating you...');</script> <?php } } } } ?> <form method="POST"> <table border="0"> <tr> <td><input type="text" name="new_realname" value="<?php echo $realname ?>" placeholder="Real Name" required /></td> </tr> <tr> <td><input type="text" name="new_username" value="<?php echo $username ?>" placeholder="User Name" required /></td> </tr> <tr> <td><input type="email" name="new_email" value="<?php echo $email ?>" placeholder="Your Email" required /></td> </tr> <tr> <td><input type="password" name="new_password" value="<?php echo $password ?>" placeholder="Your Password" required /></td> </tr> <tr> <td><input type="text" name="new_address" value="<?php echo $address ?>" placeholder="Address" required /></td> </tr> <tr> <td><button type="submit" name="submit" value="submit">Update</button></td> </tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted August 17, 2015 Share Posted August 17, 2015 (edited) The code is outdated and also not protected plus questionable multiple queries as to what are checking user with mysql versus a session value. Try this out, let me know if works or what doesn't work. I added a few comments. <?php session_start(); if (!isset($_SESSION['user_id'])) { header("Location: index.php"); exit; //use exit() so the script does not continue to run } include_once 'dbconnect.php'; //use mysqli or pdo, mysql is deprecated $customers = mysql_query("SELECT * FROM admin where user_id='" . $_SESSION['user_id'] . "'"); $customer = mysql_num_rows($customers); if ($customer == 1) { $row = mysql_fetch_assoc($customers); if (isset($_POST['submit'])) { //you should check if values exist and data you expect //you can check each one of these else make an error or keep values from database if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') { $realname = $_POST['new_realname']; } else { $realname = $row['realname']; } if (isset($_POST['new_username']) && trim($_POST['new_username']) != '') { $username = $_POST['new_username']; } else { $username = $row['username']; } if (isset($_POST['new_email']) && !filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL) === false) { $email = $_POST['new_email']; } else { $email = $row['email']; } if (isset($_POST['new_password']) && trim($_POST['new_password']) != '') { $password = md5($_POST['new_password']); //use password_hash() and password_verify() } else { $password = $row['password']; //can't reverse hashed passwords to show in form } if (isset($_POST['new_address']) && trim($_POST['new_address']) != '') { $address = $_POST['new_address']; } else { $address = $row['address']; } //escape values before inserting with mysql_real_escape_string, mysqli_real_escape_string or pdo and prepared statements if (mysql_query("UPDATE admin SET realname='" . mysql_real_escape_string($realname) . "', username='" . mysql_real_escape_string($username) . "', email='" . mysql_real_escape_string($email) . "', password='$password', address='" . mysql_real_escape_string($address) . "' WHERE user_id='" . $_SESSION['user_id'] . "'")) { header("Location: ADeditprofile.php"); exit; } else { ?> <script>alert('error while updating you...');</script> <?php } } } else { echo "No user with that id"; } ?> <form method="POST"> <table border="0"> <tr> <td><input type="text" name="new_realname" value="<?php echo $realname ?>" /></td> </tr> <tr> <td><input type="text" name="new_username" value="<?php echo $username ?>" /></td> </tr> <tr> <td><input type="email" name="new_email" value="<?php echo $email ?>" /></td> </tr> <tr> <td><input type="password" name="new_password" value="" placeholder="Type if want new password" /></td> </tr> <tr> <td><input type="text" name="new_address" value="<?php echo $address ?>" /></td> </tr> <tr> <td><button type="submit" name="submit" value="submit">Update</button></td> </tr> </table> </form> Edited August 17, 2015 by QuickOldCar Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 (edited) Hi thanks for the help. But it keeps showing "no user with that id" Edited August 18, 2015 by flawlessgreen Quote Link to comment Share on other sites More sharing options...
scootstah Posted August 18, 2015 Share Posted August 18, 2015 Then you either have 0 rows with that ID, or you have multiple rows with that ID. The conditional is checking for exactly one. So inspect the values of $customers and $customer to see what they hold. Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 <?php session_start(); include_once 'dbconnect.php'; //for the session user it allows only logged in user to view if (!isset($_SESSION['user']) && !isset($_SESSION['user_id'])) { header("Location: index.php"); exit; //use exit() so the script does not continue to run } // to get the data of the name and display welcome! (blablabla) $res=mysql_query("SELECT * FROM users WHERE user_id='" . $_SESSION['user'] . "'"); $userRow=mysql_fetch_array($res); $customers = mysql_query("SELECT * FROM users where user_id='" . $_SESSION['user_id'] . "'"); $customer = mysql_num_rows($customers); if ($customer == 1) { $row = mysql_fetch_assoc($customers); if (isset($_POST['submit'])) { //you should check if values exist and data you expect //you can check each one of these else make an error or keep values from database if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') { $realname = $_POST['new_realname']; } else { $realname = $row['realname']; } if (isset($_POST['new_username']) && trim($_POST['new_username']) != '') { $username = $_POST['new_username']; } else { $username = $row['username']; } if (isset($_POST['new_email']) && !filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL) === false) { $email = $_POST['new_email']; } else { $email = $row['email']; } if (isset($_POST['new_password']) && trim($_POST['new_password']) != '') { $password = md5($_POST['new_password']); //use password_hash() and password_verify() } else { $password = $row['password']; //can't reverse hashed passwords to show in form } if (isset($_POST['new_address']) && trim($_POST['new_address']) != '') { $address = $_POST['new_address']; } else { $address = $row['address']; } //escape values before inserting with mysql_real_escape_string, mysqli_real_escape_string or pdo and prepared statements if (mysql_query("UPDATE users SET realname='" . mysql_real_escape_string($realname) . "', username='" . mysql_real_escape_string($username) . "', email='" . mysql_real_escape_string($email) . "', password='$password', address='" . mysql_real_escape_string($address) . "' WHERE user_id='" . $_SESSION['user_id'] . "'")) { header("Location: editprofileLog.php"); exit; } else { ?> <script>alert('error while updating you...');</script> <?php } } } else { echo "No user with that id"; } ?> Welcome! <b><?php echo $userRow['username']; ?> <form method="POST"> <table border="0"> <tr> <td><input type="text" name="new_realname" value="<?php echo $realname ?>" placeholder="Real Name" required /></td> </tr> <tr> <td><input type="text" name="new_username" value="<?php echo $username ?>" placeholder="User Name" required /></td> </tr> <tr> <td><input type="email" name="new_email" value="<?php echo $email ?>" placeholder="Your Email" required /></td> </tr> <tr> <td><input type="password" name="new_password" value="<?php echo $password ?>" placeholder="Type if want new password" /></td> </tr> <tr> <td><input type="text" name="new_address" value="<?php echo $address ?>" placeholder="Address" required /></td> </tr> <tr> <td><button type="submit" name="submit" value="submit">Update</button></td> </tr> </table> </form> I have kind of edited QuickOldCar code. Sorry if I am wrong, learning the process of coding. I have 3 data inside my database, which have user_id "1", "2," and "3" Quote Link to comment Share on other sites More sharing options...
scootstah Posted August 18, 2015 Share Posted August 18, 2015 Okay, so what is the value of $_SESSION['user_id']? Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 Okay, so what is the value of $_SESSION['user_id']? Apparently it doesn't detect the value, I am not sure. That's why it show "No user with that id" Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted August 18, 2015 Share Posted August 18, 2015 (edited) What is the output of var_dump($_SESSION); Edited August 18, 2015 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 What is the output of var_dump($_SESSION); array(1) { ["user"]=> string(1) "1" } Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted August 18, 2015 Share Posted August 18, 2015 The you should be using $_SESSION['user'] not $_SESSION['user_id'] in your code. Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 (edited) It still won't work. I tried var_dump($_SESSION['user_id']) i get a NULL Edited August 18, 2015 by flawlessgreen Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted August 18, 2015 Share Posted August 18, 2015 Change all $_SESSION['user_id'] to $_SESSION['user'] in your code Quote Link to comment Share on other sites More sharing options...
flawlessgreen Posted August 18, 2015 Author Share Posted August 18, 2015 Ok now it works. if ($customer == 1) { $row = mysql_fetch_assoc($customers); $realname = $row['realname']; //i have to put it outside for it to display the database data in the textbox $username = $row['username']; $email = $row['email']; $password = $row['password']; $address = $row['address']; if (isset($_POST['submit'])) { //you should check if values exist and data you expect //you can check each one of these else make an error or keep values from database if (isset($_POST['new_realname']) && trim($_POST['new_realname']) != '') { $realname = $_POST['new_realname']; } else { $realname = $row['realname']; } Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted August 18, 2015 Share Posted August 18, 2015 Yes I see have to define those before the check if (isset($_POST['submit'])) { if want them displayed in the form at first. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.