I am trying to allow my users to update their own profile info. Yet, the query is empty(Nothing recorded into the database though it states "Your profile has been updated!")
What did I do wrongly?

userlist.php is where my list of users are displayed

<?php

include ('connect.php')

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
    <div>
        <?php 
        foreach(fetch_users() as $user) {
        ?>
            <p><a href="profile.php?id=<?php echo $user['id'];?>"><?php echo $user['username']; ?></a></p>
        <?php 
        }
        ?>
    </div>
</body>
</html>

userinc.php is used to store all functions

<?php

function fetch_users() {
    $result = mysql_query("SELECT `user_id` AS `id`, `user_name` AS `username`, `email` AS `email`, `description` AS `description` FROM `userprofile`");

    $users = array();

    while (($row = mysql_fetch_assoc($result)) !== false) {
        $users[] = $row;
    }

    return $users;
}

// fetch profile info for the given user
function fetch_user_info($id) {
    $id = (int)$id;
    $sql = "SELECT `user_id` AS `id`, `user_name` AS `username`, `email` AS `email`, `description` AS `description` FROM `userprofile` WHERE `user_id` = '$id'";
    $result = mysql_query($sql);

    return mysql_fetch_assoc($result);
}

// update the current users profile info
function set_profile_info($username, $email, $description){
    $username = mysql_real_escape_string(htmlentities($username));
    $email = mysql_real_escape_string(nl2br(htmlentities($email)));
    $description = mysql_real_escape_string(htmlentities($description));

    $sql = "UPDATE `userprofile` SET `user_name` = $username
                                     `email` = $email
                                     `description` = $description
                                WHERE user_id =". $_GET['id'];

    mysql_query($sql);

}

if(!mysql_query($sql)) {
    die ('Error: '. mysql_error());
}
?>

profile.php

<?php

include ('connect.php');
$user_info = fetch_user_info($_GET['id']);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Profile Information</title>
</head>
<body>
    <div>
        <?php 

        if($user_info == false){
            echo 'That user does not exist.';
        }
        else {
        ?>
            <h1>Profile</h1>
            <p>Username: <?php  echo $user_info['username']; ?> </p>
            <p>Email: <?php echo $user_info['email']; ?></p>
            <p>Description: <?php echo $user_info['description']; ?></p>
        <?php 
        }
        ?>
    </div>
    <div>
            <p><a href="editprofile.php?id=<?php echo $user_info['id'];?>">Edit</a></p>
    </div>
</body>
</html>

editprofile.php

<?php

include ('connect.php');

if (isset($_POST['username'], $_POST['email'], $_POST['description'])) {
    $errors = array();

    if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
        $errors[] = 'Invalid email address!';
    }

    if (empty($errors)) {
        set_profile_info($_POST['username'],$_POST['email'], $_POST['description']);
    }

    $user_info = array(
    'username' => htmlentities($_POST['username']),
    'email' => htmlentities($_POST['email']),
    'description' => htmlentities($_POST['description'])
    ) ;

}

else {
$user_info = fetch_user_info($_GET['id']); //change to $_SESSION once the user is logged in, successfully
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<style type = "text/css">
    form { margin: 10px 8px 8px 8px; }
    form div { float: left; clear: both; margin: 0px 0px 4px 0px; }
    label { float: left; width: 100px; }
    input[type = "text"], textarea { float: left; width: 400px; }
    input[type = "submit"] { margin: 18px 8px 0px 100px }
</style>
<title>Edit Your Profile</title>
</head>
<body>
    <div>
        <?php 

        if (isset($errors) == false){
            echo 'Click update to edit your profile.';
        }
        else if (empty($errors)){
            echo 'Your profile has been updated!';
        }
        else {
            echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
        }

        ?>
    </div>
    <form action = "" method = "post">
        <div>
            <label for = "username">Username:</label>
            <input type = "text" name = "username" id = "username" value = "<?php echo $user_info['username']; ?>" />
        </div>
        <div>
            <label for = "email">Email:</label>
            <input type = "text" name = "email" id = "email" value = "<?php echo $user_info['email']; ?>" />
        </div>
        <div>
            <label for = "description">Description:</label>
            <textarea name = "description" id = "description" rows = "14" cols = "50"><?php echo strip_tags($user_info['description']); ?></textarea>
        </div>
        <div>
            <input type = "submit" value = "Update" />
        </div>
    </form>
</body>
</html>

HELP PLEASE

Please use this and run your query in the phpmyadmin or your admin tool.

 $sql = "UPDATE `userprofile` SET `user_name` = $username
                                     `email` = $email
                                     `description` = $description
                                WHERE user_id =". $_GET['id'];

 echo $sql;                             

it says

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$sql = "UPDATE `userprofile` SET `user_name` = $username
                       ' at line 1 

Can you please try this as your query

$sql = "UPDATE userprofile SET user_name = '".$username."',
                                     email = '".$email."',
                                     description = '".$description."'
                                WHERE user_id = '". $_GET['id']."'";
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.