mal14 Posted February 25, 2017 Share Posted February 25, 2017 I'm trying to allow my users to edit their profile information. I've made an attempt at it and have this code so far... edit.html page <?php session_start(); ?> <!DOCTYPE html> <html> <head> <title>Login</title> <link rel="stylesheet" type="text/css" href="style.css"> </head> <body> <div class="header"> </div> <section id="edit" > <div id="edit"> <b>Edit your Profile</b> <br><br> Please enter your details below to update your profile. <br><br> <form method="post" action="editprofile.php" name="editform" id="editform"> <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0> <b>Required Information:</b><br><br> <tr><td> <b>Username:</b> </td><td> <?php echo($_SESSION["username"]); ?> </td></tr><tr><td> <b>Email Address:</b> </td><td> <input type="text" name="email" value="<?php echo $email; ?>"> </td></tr></table></td><td valign=top> <table border=0> <b>Optional Information:</b><br><br> <tr><td> <b>Gender:</b> </td><td> <input type="text" name="gender" id="gender" value="<?php echo $gender; ?>"> </td></tr><tr><td> <b>dob:</b> </td><td> <input type="text" name="dob" id="dob" value="<?php echo $dob; ?>"> </tr></td><tr><td valign=top> <b>height:</b> </td><td> <input type="text" name="height" id="height" value="<?php echo $height; ?>"> </td></tr></td> </table> </td></tr> </table> <input type="submit" name="register" id="register" value="Update" class=btn /> </form> </div> </form> </body> </html> editprofile.php page <?php if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['userid'])) { $nameuser = $_SESSION['userid']; $checkinfo = query("SELECT * FROM users WHERE id = $_SESSION[userid]"); $result = mysqli_query($con, $query); while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){ $id = $results['userid']; $username = $results['username']; $email = $results['email']; $gender = $results['gender']; $dob = $results['dob']; $height = $results['height']; } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $editEMAIL=$_POST['email']; $editgender=$_POST['gender']; $editdob=$_POST['dob']; $editheight=$_POST['height']; $editusername=$_POST['username']; $editquery = mysql_query("UPDATE users SET Email='$editEMAIL' , gender='$editgender', dob='$editdob', height='$editheight' WHERE username='$editusername'"); if($editquery == true) { echo "<b>Success!</b>"; echo "Your profile was successfully updated. Please click<a href=\"viewprofile.php\"> here </a>to view."; } else { echo "<b>Error</b>"; echo "<p>Sorry, your profile update failed. Please go back and try again.</p>"; } } } ?> However, I keep getting these errors but I'm not sure why PHP Notice: Undefined variable: email in /Applications/MAMP/htdocs/FitFab/edit.html on line 65 PHP Notice: Undefined index: gender in /Applications/MAMP/htdocs/FitFab/edit.html on line 72 PHP Notice: Undefined variable: dob in /Applications/MAMP/htdocs/FitFab/edit.html on line 76 PHP Notice: Undefined variable: height in /Applications/MAMP/htdocs/FitFab/edit.html on line 80 Quote Link to comment https://forums.phpfreaks.com/topic/303298-how-to-allow-users-to-edit-their-profiles/ Share on other sites More sharing options...
mac_gyver Posted February 26, 2017 Share Posted February 26, 2017 (edited) does your form page have any php code in it to retrieve the correct data from the database table? wouldn't that explain the undefined variable errors? next, the php code you have posted is a jumble of things that make little sense, and if they don't make sense to a human reader, they will make zero sense to the computer. it's got multiple session variables that indicate the logged in state (you should only have one), a call to some custom query() function that doesn't appear to be defined anywhere, no apparent code making the database connection, a mix of mysqli and mysql (no i) statements that won't work together, looping to retrieve data from a query that's expected to match a single row of data, not doing anything to validate the data, not doing anything to protect against sql special characters in the data from breaking the sql query statement (which is how sql injection is done), it is retrieving the correct row of data from the database table but is not using it, and it's processing the form data after the query that's retrieving the data, so any changes made to the data won't show up until the next page load, if you were using the retrieved data somewhere. i recommend that before you try to write code to do something, that you define what you want the code and data to do. you have two tasks - 1) display a form with the form fields populated with existing values (or the submitted values if there are validation errors), and 2) processing the form data. both of these tasks should first test that the current visitor is logged in. break each of these tasks down into a list of steps needed to accomplish the task, then write and test the code needed for each of the defined steps. only go onto the next step after you have successfully tested that the code for the previous step works. what should your form code do? - 1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form will not be displayed. 2) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. i also recommend that you use the php PDO extension (the mysql extension is obsolete and the mysqli extension is not the easiest to use.) 3) query for and retrieve the correct row of data from the users table. 4) use the retrieved row of data to populate the form field values. what should your form processing code do? - 1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form processing code will not be executed. 2) detect if a post method form has been submitted. 3) validate the submitted form data. note: using an array to hold validation error messages will result in the simplest code and if you put your form and form processing code on the same page, it will be simple to display any validation errors and re-populate the form field values when you (re)display the form. 4) if there are no validation errors, use the submitted form data. 5) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. 6) produce the sql query statement to UPDATE the data. note: you should use a prepared query to do this as it is the simplest and most effective way of preventing sql special characters in the data from breaking the sql query syntax/preventing sql injection. 7) execute the sql query statement. you can setup a success message, but the lack of an error would generally be the indication that the query worked. also, your current error message, to go back and try again, is not correct. if the query failed with an error, it means you have a programming problem and if the query ran but didn't update the row, it could just mean that none of the data values were 'edited'. Edited February 26, 2017 by mac_gyver 1 Quote Link to comment https://forums.phpfreaks.com/topic/303298-how-to-allow-users-to-edit-their-profiles/#findComment-1543411 Share on other sites More sharing options...
mal14 Posted February 26, 2017 Author Share Posted February 26, 2017 does your form page have any php code in it to retrieve the correct data from the database table? wouldn't that explain the undefined variable errors? next, the php code you have posted is a jumble of things that make little sense, and if they don't make sense to a human reader, they will make zero sense to the computer. it's got multiple session variables that indicate the logged in state (you should only have one), a call to some custom query() function that doesn't appear to be defined anywhere, no apparent code making the database connection, a mix of mysqli and mysql (no i) statements that won't work together, looping to retrieve data from a query that's expected to match a single row of data, not doing anything to validate the data, not doing anything to protect against sql special characters in the data from breaking the sql query statement (which is how sql injection is done), it is retrieving the correct row of data from the database table but is not using it, and it's processing the form data after the query that's retrieving the data, so any changes made to the data won't show up until the next page load, if you were using the retrieved data somewhere. i recommend that before you try to write code to do something, that you define what you want the code and data to do. you have two tasks - 1) display a form with the form fields populated with existing values (or the submitted values if there are validation errors), and 2) processing the form data. both of these tasks should first test that the current visitor is logged in. break each of these tasks down into a list of steps needed to accomplish the task, then write and test the code needed for each of the defined steps. only go onto the next step after you have successfully tested that the code for the previous step works. what should your form code do? - 1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form will not be displayed. 2) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. i also recommend that you use the php PDO extension (the mysql extension is obsolete and the mysqli extension is not the easiest to use.) 3) query for and retrieve the correct row of data from the users table. 4) use the retrieved row of data to populate the form field values. what should your form processing code do? - 1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form processing code will not be executed. 2) detect if a post method form has been submitted. 3) validate the submitted form data. note: using an array to hold validation error messages will result in the simplest code and if you put your form and form processing code on the same page, it will be simple to display any validation errors and re-populate the form field values when you (re)display the form. 4) if there are no validation errors, use the submitted form data. 5) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. 6) produce the sql query statement to UPDATE the data. note: you should use a prepared query to do this as it is the simplest and most effective way of preventing sql special characters in the data from breaking the sql query syntax/preventing sql injection. 7) execute the sql query statement. you can setup a success message, but the lack of an error would generally be the indication that the query worked. also, your current error message, to go back and try again, is not correct. if the query failed with an error, it means you have a programming problem and if the query ran but didn't update the row, it could just mean that none of the data values were 'edited'. Thank a lot for the advice! It's helped a lot! Quote Link to comment https://forums.phpfreaks.com/topic/303298-how-to-allow-users-to-edit-their-profiles/#findComment-1543432 Share on other sites More sharing options...
Jacques1 Posted February 27, 2017 Share Posted February 27, 2017 A fair warning: Stealing old code from other people and randomly piecing it together will neither teach you PHP nor produce anything useful. You may in fact end up violating software licenses (contrary to popular belief, open source doesn't mean you can do with the code whatever you want). It may surprise you, but learning to program is a lot about writing code. How do you learn a foreign language? You certainly don't collect a bunch of random sentences, put them all together and hope the text somehow makes sense. Instead, you learn the language basics and then start speaking or writing yourself. Quote Link to comment https://forums.phpfreaks.com/topic/303298-how-to-allow-users-to-edit-their-profiles/#findComment-1543433 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.