Member Avatar for wastedkill

Hi I am having some issues with getting data to update for a logged in users account, I have got it to display the data in the database which i want to edit but for some reason it just wont go through it says it has updated but when I check it hasn't updated.

Also another thing I am trying to get the ['joined'] to work show the data inside the disabled box but it won't anyone know why? Its the "location", "occupation" that I want to get updated when they type something in the boxes and click on the submit button.

Here is the code for the bit where all the data will be edited edit_accountdata.php

<?php

     require("config.php");
    include("modules/headerbar.php");

$con = mysql_connect("localhost","u1908470_cms","124553das");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("u1908470_cms", $con);

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."'");

while($row = mysql_fetch_array($result))
  {

    $location = $row['location'];
    $occupation = $row['occupation'];


  echo $row['location'] . " " . $row['joined'] . " " . $row['username'];
  echo "<br />";
  }
?>
<div id="advancedchange">
 <form action="edit_accountdataupdate.php" method="post" />
    Joined: <input type="text" name="joined" value="<? echo $row['joined']; ?>" disabled />
    location: <input type="text" name="location" value="<? echo $location; ?>" />
    occupation:<input type="text" name="occupation" value="<? echo $occupation; ?>" />
    <input type="submit" name="submit" value="update" />
 </form>
</div>

and Here is the code for where the form submit button goes to edit_accountdataupdate.php:

<?php
mysql_connect("localhost","u1908470_cms","124553das") or die("Error: ".mysqlerror());
mysql_select_db("u1908470_cms"); 

    $location = $_POST['location'];
    $occupation = $_POST['occupation'];

    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '".$_SESSION['username']."'");

    mysql_query($sql) or die ("Error: ".mysql_error());

    echo "Database updated. <a href='edit_accountdata.php'>Return to edit info</a>";

?>
  • 2 Contributors
  • 2 Replies
  • 203 Views
  • 3 Hours Discussion Span
  • Latest Post Latest Post by wastedkill
Member Avatar for diafol

before you do anything else - clean your input - mysql_real_escape_string() should do.

Member Avatar for wastedkill

Do you mean like this?

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '". mysql_real_escape_string ($_SESSION['username'])."'");

and

    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '". mysql_real_escape_string($_SESSION['username'])."'");

EDIT!: Thanks for all the help guys but solved it, needed to put

session_start();

on both files now it works perfectly!

Edited by wastedkill because: Sorted it :)
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.