profile script

[csun]

helo,

can anyone have sample script on how to edit, update a profile.php of a user

thanks

[Accurax]

you know how to use forms to write information to a database right?

Well insteaed of usint INSERT... use UPDATE .... you can also call the info from the database into the forms "selected" or "value" tags.. to make the form display the current information for editing.

I know making a profile sounds complicated.... but it really isnt anythign special .... dont let it scare you ... just think about the logic.

Try and write something yourself, and then come back when it doesnt work and ill point you in the right direction.

[csun]

hello,

i have this script below but I'm not sure if this is correct, kindly check

thanks..

Code: Select all

<?php
ob_start();

require("../../include/z_db.php");

if($_POST['Uname'] == '')
{
header('location:login.php');
exit
}

//get the users profile
$result = mysql_query("SELECT * FROM staff_users WHERE Uname='{$_SESSION['Uname']}'") or die(mysql_error());

$row = mysql_fetch_array( $result );

if($_GET['action'] == 'update')
{
if($_POST['Email'] == '')
   {
      echo error("blank");
      exit;
   }
   else
   {

      //update
      $_Email = str_replace("<", "", $_POST['Email']);
     
      $result = mysql_query("UPDATE staff_users SET Email='" . $_Email . "' WHERE Uname='{$_SESSION['Uname']}'")
      or die(mysql_error());
   }
}
function error($error)
{
if($error == 'blank')
{
echo "<b>Please fill in all the fields</b>";
}
if($error == 'updated')
{
echo "<b>Updated successfully</b>";
}
}
?>

<form method=post action=profile.php?action=update>
<table>
<tr><td>Username:</td><td><b>" . $row['Uname'] . "</b></td></tr>
<tr><td>Email:</td><td><input type=text name=Email value=" . $row['Email'] . "></td></tr>
<tr><td><a href=changepass.php>Change password</a></td><td></td></tr>
<tr><td></td><td><input type=submit value=Update></td></tr>
</table></form>

[Accurax]

dont us "_" for your own variables .. eg ; $_Email should just be $email ... dont think it actually has any negative effects ... but its a bad habbit.

Apart from that it looks ok... easy enough to follow .... you might be better off usine $_SESSION[''] as opposed to $_POST to track a logged in user however.

Have you tried to use it yet ?

edit:

Instead of this:

Code: Select all

if($_POST['Uname'] == '')

use :

Code: Select all

if($_SESSION['Uname'] != "yes")

just remember to set $_SESSION['Uname] == "yes" .. when they first log in

[csun]

hello accurax thanks for the reply, i edit now the script and when i run it, there is an error occur

error:
Parse error: parse error, unexpected T_IF in F:\server\htdocs\coupon\cpanel\acct\profile.php on line 49

Code: Select all

<?php
ob_start();
require ("../../include/z_db.php");
$_SESSION['Uname'] == "yes"
//check if the session Uname is in use
if($_SESSION['Uname'] == "yes")
{
header("Location: login.php");
exit;
}
//get the users profile
$result = mysql_query("SELECT * FROM staff_users WHERE Uname='{$_SESSION['Uname']}'") or die(mysql_error());
$row = mysql_fetch_array( $result );
?>

<form method=post action=profile.php?action=update>
<table>
<tr><td>Username:</td><td><b><? $row['Uname']?></b></td></tr>
<tr><td>Email:</td><td><input type=text name=Email value="<? $row['Email'] ?>"></td></tr>
<tr><td><a href=changepassword.php>Change password</a></td><td></td></tr>
<tr><td></td><td><input type=submit value=Update></td></tr>
</table>
</form>

<?php

if($_GET['action'] == 'update')
{
if( $_POST['Email'] == '')
   {
      echo error("blank");
      exit;
   }
   else
   {

      //update
      $_Email = str_replace("<", "", $_POST['Email']);
    
      $result = mysql_query("UPDATE staff_users SET Email='" . $_Email . "' WHERE Uname='{$_SESSION['Uname']}'")
      or die(mysql_error());
   }
}
function error($error)
{
if($error == 'blank')
{
echo "<b>Please fill in all the fields</b>";
}
if($error == 'updated')
{
echo "<b>Updated successfully</b>";
}
}
?>