Jump to content

How to allow users to edit their profiles?


mal14

Recommended Posts

I'm trying to allow my users to edit their profile information. I've made an attempt at it and have this code so far...

 

edit.html page

 

   


<?php
      session_start();
    ?>
    <!DOCTYPE html>
    <html>
    <head>
    <title>Login</title>
      <link rel="stylesheet" type="text/css" href="style.css">
    </head>
    <body>
    <div class="header">
    </div>
    <section id="edit" >


    <div id="edit"> 


    <b>Edit your Profile</b>  
      <br><br>
       Please enter your details below to update your profile.  
      <br><br>
        <form method="post" action="editprofile.php" name="editform" id="editform"> 
        <table width=700px border=0 cellspacing=10><tr><td valign=top><table border=0>
    <b>Required Information:</b><br><br>
    <tr><td>  
        <b>Username:</b>
    </td><td>
        <?php echo($_SESSION["username"]); ?>
    </td></tr><tr><td>  
        <b>Email Address:</b>
    </td><td>
        <input type="text" name="email" value="<?php echo $email; ?>">
    </td></tr></table></td><td valign=top>
    <table border=0>
    <b>Optional Information:</b><br><br>
    <tr><td>
        <b>Gender:</b>
    </td><td>
     <input type="text" name="gender" id="gender" value="<?php echo $gender; ?>">
    </td></tr><tr><td>
     <b>dob:</b>
     </td><td>
     <input type="text" name="dob" id="dob" value="<?php echo $dob; ?>">
    </tr></td><tr><td valign=top>
     <b>height:</b>
    </td><td>
     <input type="text" name="height" id="height" value="<?php echo $height; ?>">
    </td></tr></td>
    </table> </td></tr> </table>
        <input type="submit" name="register" id="register" value="Update"     class=btn />  
    </form>   
    </div>
    </form>
    </body>
    </html> 

 

editprofile.php page

 

  


  <?php  


    if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['userid']))  
    {  
    $nameuser = $_SESSION['userid'];
    $checkinfo = query("SELECT * FROM users WHERE id = $_SESSION[userid]");
    $result = mysqli_query($con, $query);




    while($results = mysql_fetch_array($checkinfo,MYSQL_ASSOC)){
    
    $id = $results['userid'];
    $username = $results['username'];    
    $email = $results['email'];
    $gender = $results['gender'];
    $dob = $results['dob'];
    $height = $results['height'];
    }
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $editEMAIL=$_POST['email'];
    $editgender=$_POST['gender'];
    $editdob=$_POST['dob'];
    $editheight=$_POST['height'];
    $editusername=$_POST['username'];


    $editquery = mysql_query("UPDATE users SET Email='$editEMAIL' ,     gender='$editgender', dob='$editdob', height='$editheight' WHERE    username='$editusername'");


    if($editquery == true)  
        {  
            echo "<b>Success!</b>";  
            echo "Your profile was successfully updated. Please click<a     href=\"viewprofile.php\"> here </a>to view.";  
        }  
        else  
        {  
            echo "<b>Error</b>";  
            echo "<p>Sorry, your profile update failed. Please go back and try again.</p>";  
            }  
        }
    }
    ?>

 

However, I keep getting these errors but I'm not sure why

 

PHP Notice:  Undefined variable: email in /Applications/MAMP/htdocs/FitFab/edit.html on line 65

PHP Notice:  Undefined index: gender in /Applications/MAMP/htdocs/FitFab/edit.html on line 72

PHP Notice:  Undefined variable: dob in /Applications/MAMP/htdocs/FitFab/edit.html on line 76

PHP Notice:  Undefined variable: height in /Applications/MAMP/htdocs/FitFab/edit.html on line 80

 

Link to comment
Share on other sites

does your form page have any php code in it to retrieve the correct data from the database table? wouldn't that explain the undefined variable errors?

 

next, the php code you have posted is a jumble of things that make little sense, and if they don't make sense to a human reader, they will make zero sense to the computer. it's got multiple session variables that indicate the logged in state (you should only have one), a call to some custom query() function that doesn't appear to be defined anywhere, no apparent code making the database connection, a mix of mysqli and mysql (no i) statements that won't work together, looping to retrieve data from a query that's expected to match a single row of data, not doing anything to validate the data, not doing anything to protect against sql special characters in the data from breaking the sql query statement (which is how sql injection is done), it is retrieving the correct row of data from the database table but is not using it, and it's processing the form data after the query that's retrieving the data, so any changes made to the data won't show up until the next page load, if you were using the retrieved data somewhere.

 

i recommend that before you try to write code to do something, that you define what you want the code and data to do. you have two tasks - 1) display a form with the form fields populated with existing values (or the submitted values if there are validation errors), and 2) processing the form data. both of these tasks should first test that the current visitor is logged in.

 

break each of these tasks down into a list of steps needed to accomplish the task, then write and test the code needed for each of the defined steps. only go onto the next step after you have successfully tested that the code for the previous step works.

 

what should your form code do? -

 

1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form will not be displayed.

 

2) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. i also recommend that you use the php PDO extension (the mysql extension is obsolete and the mysqli extension is not the easiest to use.)

 

3) query for and retrieve the correct row of data from the users table.

 

4) use the retrieved row of data to populate the form field values.

 

 

what should your form processing code do? -

 

1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form processing code will not be executed.

 

2) detect if a post method form has been submitted.

 

3) validate the submitted form data. note: using an array to hold validation error messages will result in the simplest code and if you put your form and form processing code on the same page, it will be simple to display any validation errors and re-populate the form field values when you (re)display the form.

 

4) if there are no validation errors, use the submitted form data.

 

5) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list.

 

6) produce the sql query statement to UPDATE the data. note: you should use a prepared query to do this as it is the simplest and most effective way of preventing sql special characters in the data from breaking the sql query syntax/preventing sql injection.

 

7) execute the sql query statement. you can setup a success message, but the lack of an error would generally be the indication that the query worked. also, your current error message, to go back and try again, is not correct. if the query failed with an error, it means you have a programming problem and if the query ran but didn't update the row, it could just mean that none of the data values were 'edited'.

Edited by mac_gyver
  • Like 1
Link to comment
Share on other sites

does your form page have any php code in it to retrieve the correct data from the database table? wouldn't that explain the undefined variable errors?

 

next, the php code you have posted is a jumble of things that make little sense, and if they don't make sense to a human reader, they will make zero sense to the computer. it's got multiple session variables that indicate the logged in state (you should only have one), a call to some custom query() function that doesn't appear to be defined anywhere, no apparent code making the database connection, a mix of mysqli and mysql (no i) statements that won't work together, looping to retrieve data from a query that's expected to match a single row of data, not doing anything to validate the data, not doing anything to protect against sql special characters in the data from breaking the sql query statement (which is how sql injection is done), it is retrieving the correct row of data from the database table but is not using it, and it's processing the form data after the query that's retrieving the data, so any changes made to the data won't show up until the next page load, if you were using the retrieved data somewhere.

 

i recommend that before you try to write code to do something, that you define what you want the code and data to do. you have two tasks - 1) display a form with the form fields populated with existing values (or the submitted values if there are validation errors), and 2) processing the form data. both of these tasks should first test that the current visitor is logged in.

 

break each of these tasks down into a list of steps needed to accomplish the task, then write and test the code needed for each of the defined steps. only go onto the next step after you have successfully tested that the code for the previous step works.

 

what should your form code do? -

 

1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form will not be displayed.

 

2) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list. i also recommend that you use the php PDO extension (the mysql extension is obsolete and the mysqli extension is not the easiest to use.)

 

3) query for and retrieve the correct row of data from the users table.

 

4) use the retrieved row of data to populate the form field values.

 

 

what should your form processing code do? -

 

1) detect if the current visitor is logged in. if not, either display a message or redirect elsewhere, then stop program execution so that the form processing code will not be executed.

 

2) detect if a post method form has been submitted.

 

3) validate the submitted form data. note: using an array to hold validation error messages will result in the simplest code and if you put your form and form processing code on the same page, it will be simple to display any validation errors and re-populate the form field values when you (re)display the form.

 

4) if there are no validation errors, use the submitted form data.

 

5) make a database connection. note: depending on what else your page may be doing, the point where you make the database connection can be different then in this list.

 

6) produce the sql query statement to UPDATE the data. note: you should use a prepared query to do this as it is the simplest and most effective way of preventing sql special characters in the data from breaking the sql query syntax/preventing sql injection.

 

7) execute the sql query statement. you can setup a success message, but the lack of an error would generally be the indication that the query worked. also, your current error message, to go back and try again, is not correct. if the query failed with an error, it means you have a programming problem and if the query ran but didn't update the row, it could just mean that none of the data values were 'edited'.

Thank a lot for the advice! It's helped a lot! :)

Link to comment
Share on other sites

A fair warning: Stealing old code from other people and randomly piecing it together will neither teach you PHP nor produce anything useful. You may in fact end up violating software licenses (contrary to popular belief, open source doesn't mean you can do with the code whatever you want).

 

It may surprise you, but learning to program is a lot about writing code. How do you learn a foreign language? You certainly don't collect a bunch of random sentences, put them all together and hope the text somehow makes sense. Instead, you learn the language basics and then start speaking or writing yourself.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.