Two forms, two seperate pages want the first form to write to a table in sql and the second form to add to that specific table filling in the blanks

Question

( Just a fun little experiment for my first website ) So this part works fine, it receives the information that is inputted from the form on another page. It adds to the "user" table in which consists of 'user', 'pass' (which are added from this given php code) and also 'ID' which auto increments upon adding to the table and then 'screen_name' and 'email' which I want to further add to the given table via another form.

<?
    session_start();
    include('dbconn.php');
    $username = $_POST['user'];
    $password = $_POST['pass'];
    $sql = "INSERT INTO `user`(`user`, `pass`) VALUES ('".$username."','".$password."')";
    $run = mysql_query($sql);

    if($run){
        $_SESSION['username'] = $username;

    }
?>

This part of the code asks for an email address and a screen name which will be then further stored within the database, however I would like it to add to the specific user's information. As 'user' and 'pass' are already saved, the idea is to further then add 'screen_name' and 'email' to that specific user. Not sure what i've done wrong here. Also each time I refresh the page a blank user is added to a field in the database.

       <form id="contact-form" method="post">
            <div>
                <label>
                    <span>Userame/Screen Name:</span>
                    <input placeholder="Please enter your name" name="screen_name" type="text" tabindex="1" required autofocus>
                </label>
            </div>
            <div>
                <label>
                    <span>Email:</span>
                    <input placeholder="Please enter your email address" name="email" type="email" tabindex="2" required>
                </label>
            </div>
            <div>
                <button name="submit" type="submit" id="contact-submit" data-text="...Sending">Submit</button>
            </div>
                <input type="hidden" name="user" value="<?php echo $_POST['user']; ?> />
        </form>

Here is the code which is connected to the above form, it is on the same page and for some reason I am having trouble getting it to even add to any fields within the database let alone the one that is already active for the new user.

<?php
session_start();
include('dbconn.php');
$screen_name = $_POST['screen_name'];
$email = $_POST['email'];
$sql = "UPDATE `user` SET `screen_name` = '$screen_name', `email` = '$email' WHERE user = $username";
$run = mysql_query($sql);
?>  

Any help would be more than appreciated. Not usually a guy who asks for help but as being stuck on this problem for ages and looking through multiple Stackoverflow posts, thought I'd add my own question!

Answer 1

It seems that in your second php script you don't initialize $username. You should probably add $username = $_SESSION['username']; Also you need to put quotes around it in your query.

About the blank users being inserted on page refresh, my guess would be that the first php script gets executed, but the $_POST variable isn't set.

Finally you should read up on SQL injection http://php.net/manual/en/security.database.sql-injection.php