Vamshi King Vamshi King - 1 month ago 9
HTML Question

I Want to allow users who are logged in to edit their info

I want to make the user who are logged in can allow their details i'm am confused as when i use the following code it doesnot allow me to edit a particular user's info
This is my edit.php in this old details of user should be displayed in textboxes but the text boxes are shown empty can anyone fix this

edit.php

<?php

$connection = mysql_connect('localhost','root','root') or die ("Couldn't connect to server.");
$db = mysql_select_db('test', $connection) or die ("Couldn't select database.");



$data ="select first_name,last_name,father_name,address,pincode,dob,phone from acc";
$query = mysql_query($data) or die("Couldn't execute query. ". mysql_error());
$data2 = mysql_fetch_array($query);

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
</head>

<body>

<!-- form to display record from database -->
<center>
<form name="form" method="POST" action="abcd2.php">
first Name: <input type="text" name="firstname" value="<?php echo $query['first_name']?>"/> <br>
last Name : <input type="text" name="lastname" value="<?php echo $query['last_name']?>"/> <br>
father Name: <input type="text" name="fathername" value="<?php echo $query['father_name']?>"/> <br>
address: <input type="text" name="address" value="<?php echo $query['address']?>"/> <br>
pincode: <input type="text" name="pincode" value="<?php echo $query['pincode']?>"/> <br>
DOB: <input type="text" name="dob" value="<?php echo $query['dob']?>"/><br>
phone: <input type="text" name="phone" value="<?php echo $query['phone']?>"/> <br>
<input type="submit" value="submit">
</form>
</center>
</body>

</html>


update.php

<?php

$connection = mysql_connect('localhost','root','root') or die ("Couldn't connect to server.");
$db = mysql_select_db('test', $connection) or die ("Couldn't select database.");

$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$fathername=$_POST['fathername'];
$address=$_POST['address'];
$pincode=$_POST['pincode'];
$dob=$_POST['dob'];
$phone=$_POST['phone'];

$data = "UPDATE `acc` SET first_name='$firstname', last_name='$lastname', father_name='$fathername', address='address', pincode='$pincode', dob='$dob', phone='$phone' ";
$query = mysql_query($data) or die("Couldn't execute query. ". mysql_error());

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
</head>

<body>

<!-- display the changed record from database -->
<center>
First Name: <?php echo $firstname?><br>
Last Name: <?php echo $lastname?><br>
Father Name: <?php echo $fathername?><br>
Address: <?php echo $address?> <br>
Pincode: <?php echo $pincode?><br>
DOB: <?php echo $dob?><br>
Phone: <?php echo $phone?><br><br>
</center>
</body>

</html>

Answer

Brother, for the sake of least security purpose of the users of your website, please do not implement these codes to edit or update informations. i may tell you some reasons for that.

  1. You are using mysql* that is the stuff of php4 and you must know that current version is php7 so you are using a really old version. You must learn PDO or MySQLi. PDO would be preferable.

    Learning new stuff like MySQLi/PDO is not a rocket science, it will take just couple of days, but the result would be far more better than your current situation.

  2. You are using queries like UPDATE xyz SET x = "123", y="456" WHERE z = "987" A really novice hacker may retrieve your database information using merely address bar of browser. Precisely learn about special chars escaping like htmlspecialchars,or PDO Params for the purpose like $firstname = htmlspecialchars($_POST['firstName']).

  3. For retrieving the data from database for a unique user, preferably use session. `

    Session is nothing but the access data on server for the environment of your website. Each time you run a login script, then at the line where your code completes all check, use this code:

    session_start(); 
    $_SESSION['firstname'] = htmlspecialchars($_POST['firstname'])
    // and so on...
    

    That is ok. Now in the form where you want to fill the user data, use

    <input type="text" value="<?php echo $_SESSION['firstname'];?>">`