I'm relatively new to PHP and MySQL, I am trying to learn how to create a user profile page that allows users to edit their information. The issue I am having is that some fields do not change, such as the username, email, and contact field. However, I am able to change the name field alone but not with the other fields. I don't get redirected back and no errors pop up, so I am unsure as to how to fix the issue. Below is my code.
<?php
include 'db_conn.php';
session_start();
if (!isset($_SESSION['userid'])){
header("Location:login.php");
}
$select = mysqli_query($con, "SELECT * FROM user WHERE userid = $_SESSION[userid]") or die('query failed');
if(mysqli_num_rows($select) > 0){
$fetch = mysqli_fetch_assoc($select);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Profile</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/water.css@2/out/water.css">
</head>
<body>
<form action="update-profile-check.php" method="post">
<h2>PROFILE</h2>
<?php if (isset($_GET['error'])) { ?>
<p class="error"><?php echo $_GET['error']; ?></p>
<?php } ?>
<?php if (isset($_GET['success'])) { ?>
<p class="success"><?php echo $_GET['success']; ?></p>
<?php } ?>
<label>User Name</label>
<input type="text"
name="uname"
placeholder="User Name"
value="<?php echo $fetch['username']; ?>"><br>
<label>Name</label>
<input type="text"
name="name"
placeholder="Name"
value="<?php echo $fetch['name']; ?>"><br>
<label>Email</label>
<input type="text"
name="email"
placeholder="Email"
value="<?php echo $fetch['email']; ?>"><br>
<label>Contact</label>
<input type="text"
name="contact"
placeholder="Contact"
value="<?php echo $fetch['contact']; ?>"><br>
<button type="submit">Update Profile</button>
<a href="profile.php" class="delete-btn">go back</a>
<a href="change-pw.php" class="delete-btn">change password</a>
</form>
</body>
</html>
<?php
session_start();
include "db_conn.php";
$select = mysqli_query($con, "SELECT * FROM user WHERE userid = $_SESSION[userid]") or die('query failed');
if(mysqli_num_rows($select) > 0){
$fetch = mysqli_fetch_assoc($select);
}
$oguname = $fetch['username'];
$ogemail = $fetch['email'];
$ogcontact = $fetch['contact'];
$ogname = $fetch['name'];
$userid = $_SESSION["userid"];
if (isset($_POST['uname']) || isset($_POST['name']) || isset($_POST['email']) || isset($_POST['contact'])) {
function validate($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$uname = validate($_POST['uname']);
$name = validate($_POST['name']);
$email = validate($_POST['email']);
$contact = validate($_POST['contact']);
$user_data = 'uname='. $uname. '&name='. $name. '&email='. $email. '&contact='. $contact;
if (empty($uname)) {
header("Location: update-profile.php?error=User Name is required&$user_data");
exit();
}
else if(empty($name)){
header("Location: update-profile.php?error=Name is required&$user_data");
exit();
}
else if(empty($email)){
header("Location: update-profile.php?error=Email is required&$user_data");
exit();
}
else if(empty($contact)){
header("Location: update-profile.php?error=Contact is required&$user_data");
exit();
}
else if(!preg_match("/^([a-zA-Z-' ]+)$/", $name)){
header("Location:update-profile.php?error=Name can only contain letters&$user_data");
exit();
}
else if (strlen($name) > 51){
header("Location:update-profile.php?error=Name is too long&$user_data");
exit();
}
else if ($oguname !== $_POST['uname']){
$sql = "SELECT * FROM user WHERE username='$uname' ";
$result = mysqli_query($con, $sql);
if (!preg_match("/^[A-Za-z][A-Za-z0-9]{2,16}$/", $uname)){
header("Location: update-profile.php?error=Username can only contain letters (a-z) and numbers (0-9) and must have a minimum of three characters and maximum of 15 characters&$user_data");
exit();
}
if (mysqli_num_rows($result) > 0) {
header("Location: update-profile.php?error=That username is already taken&$user_data");
exit();
}
}
else if($ogemail !== $_POST['email']){
$sql2 = "SELECT * FROM user WHERE email='$email' ";
$result2 = mysqli_query($con, $sql2);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)){
header("Location: update-profile.php?error=Invalid Email&$user_data");
exit();
}
if (mysqli_num_rows($result2) > 0) {
header("Location: update-profile.php?error=That email has already been used!&$user_data");
exit();
}
}
else if ($ogcontact !== $_POST['contact']){
$sql3 = "SELECT * FROM user WHERE contact='$contact' ";
$result3 = mysqli_query($con, $sql3);
if(!preg_match("/^[89]\d{7}$/", $contact)){
header("Location: update-profile.php?error=Invalid Phone Number&$user_data");
exit();
}
if (mysqli_num_rows($result3) > 0) {
header("Location: update-profile.php?error=Phone number has already been used&$user_data");
exit();
}
}
else{
$sql4= "UPDATE user SET username = ?, email = ?, contact = ?, name = ? WHERE userid = ?; ";
$query = $con->prepare($sql4);
$query->bind_param("ssisi" ,$uname, $email, $contact, $name, $userid);
if ($query -> execute()){
header("Location: update-profile.php?success=Succesfully updated");
exit();
}else {
header("Location: update-profile.php?error=unknown error occurred&$user_data");
exit();
}
}
}
else{
header("Location:update-profile.php");
exit();
}
I am not sure as to why only the name field is able to be changed but the rest just redirects and changes nothing. Also, I am trying to incorporate more prepared statements to prevent SQL injections later on.
Solved this issue by removing the else statement with the $sql4.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.