the email and passowrd & phone box update

[abdullah1]

$host="localhost";

$user="root";

$password="";

$db="schoolproject";

$data=mysqli_connect($host,$user,$password,$db);


$name=$_SESSION['username'];


$sql="SELECT * FROM user WHERE username='$name' ";


$result=mysqli_query($data,$sql);


$info=mysqli_fetch_assoc($result);



if(isset($_POST['update_profile']))

{

    $s_email=$_POST['email'];

    $s_phone=$_POST['phone'];

    $s_password=$_POST['password'];




    $sql2=" UPDATE user SET email='$s_email',phone='$s_phone',passowrd='$s_password' WHERE username='$name'";


    $result2=mysqli_query($data,$sql2);


    if($result2)

    {

        echo "Update successfully";

    }

}

 

[Barand]

Do you have a question?

[Andou]

I'm pretty sure OP is asking what's wrong. A couple of things I noticed: 

1. You have no question (so far, anyway). I'm not a mind reader. I'd be happy to help, but I need to know what you're asking. Are you asking for help to fix an error? Or something else?
2. I see that from the variable name alone, this is (probably) a school project. However, this leads me onto point #3, which is...
3. Just because it is a school project does not mean you should forsake security. I see that your $sql variable holds a query vulnerable to SQL injection. If you like, read up on prepared statements or PDO.
4. "passowrd" should probably be "password".
5. You have no opening <?php tag.
6. Quoting from @ginerjm's excellent advice, you should always put "error_reporting(E_ALL);" and "ini_set('display_errors', '1');" on top of the file so you can see what goes wrong.

That's all off the top of my head, if I think anything else is wrong I'll come back to it.

* * *

edit: Oh, and yes, even though this is just a school project, keeping passwords and security information in the source code itself is a security hole. Assume, for instance, the site gets hacked. Now they have access to the DB itself.

Edited January 19 by Andou