BetterPHP

I followed the youtube video on creating a user profile system, and have got the profile part going, but the edit profile page doesn't seem to update my database. I have check the code for errors and can't seem to find anything. When I type into the edit_profile page fields and submit, I get the imploded message, "Your profile has been updated." but nothing has changed in the database.

Please help.

edit_profile.php
[syntax=php]<?php

$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/members/core/init.inc.php";
include_once($path);


if (isset($_POST['email'], $_POST['location'], $_POST['info'])){
$errors = array();

if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = 'The email is not valid.';
}

if (preg_match('#^[a-z0-9 ]+$#i', $_POST['location']) === 0){
$errors[] = 'Your location must...';

}

if (empty($errors)){
set_profile_info($_POST['email'], $_POST['location'], $_POST['info']);
}

$user_info = array(
'email' => htmlentities($_POST['email']),
'location' => htmlentities($_POST['location']),
'info' => htmlentities($_POST['info'])
);
}else{
$user_info = fetch_user_info($_SESSION['id']);
}

$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/members/includes/header.php";
include_once($path);
?>

<html>
<title>Edit Your Profile</title>
<body>
<div>
<?php

if (isset($errors) === false){
echo '';
}else if (empty($errors)){
echo 'Your profile has been updated.';
}else{
echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
}

?>
</div>

<form action="" method="post" class="registration_form">
<fieldset>
<legend>Edit Details</legend>

<p>Edit Your Profile <span style="background:#EAEAEA none repeat scroll 0 0;line-height:1;margin-left:210px;;padding:5px 7px;">Already a member? <a href="login.php">Log in</a></span> </p>

<div class="elements">
<label for="email">Email:</label>
<input type="text" name="email" id="email" size="25" value="<?php echo $user_info['email']; ?>"></input>
</div>
<div class="elements">
<label for="location">Location:</label>
<input type="text" name="location" id="location" size="25" value="<?php echo $user_info['location']; ?>"></input>
</div>
<div class="elements">
<label for="info">Info:</label>
<textarea name="info" id="info" rows="8" cols="50"><?php echo $user_info['info']; ?></textarea>
</div>
<div class="submit">
<input type="submit" value="Update" />
</div>
</form>
</body>
</html>
</div>
<br>
<?php

$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/includes/menu.php";
include_once($path);

$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/members/includes/footer.php";
include_once($path);


?> [/syntax]

init.inc.php
[syntax=php]<?php

//Database connection.
session_start();

$DB_HOST = 'localhost';
$DB_USER = 'root';
$DB_PASS = 'admin';
$DB_NAME = 'members';

$conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASS) or die('<h3>Couldn\'t Connect To MySQL Server</h3><h4>Reason:</h4><p>' . mysql_error() . '</p>');

mysql_select_db($DB_NAME, $conn) or die('<h3>Couldn\'t Select MySQL Database [' . $DB_NAME . ']</h3><h4>Reason:</h4><p>' . mysql_error($conn) . '</p>');


include("user.inc.php");

//login in check.
$_SESSION['id'] = 1

?>[/syntax]

user.inc.php
[syntax=php]<?php

//fetches all of the users from the table.
function fetch_users(){
$result = mysql_query("SELECT `id` AS `id`, `company_name` AS `company_name` FROM `trades`");

$users = array();

while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}

return $users;
}

//fetches profile info.
function fetch_user_info($id){
$id = (int)$id;

$sql = "SELECT
`id` AS `id`,
`firstname` AS `firstname`,
`surname` AS `surname`,
`company_name` AS `company_name`,
`email` AS `email`,
`location` AS `location`,
`info` AS `info`
FROM `trades`
WHERE `id` = {$id}";

$result = mysql_query($sql);

return mysql_fetch_assoc($result);

}

//updates the current users profile info.
function set_profile_info($email, $location, $info){
$email = mysql_real_escape_string(htmlentities($email));
$location = mysql_real_escape_string($location);
$info = mysql_real_escape_string(nl2br(htmlentities($info)));

$sql = "UPDATE `trades` SET
`email` = `{$email}`
`location` = `{$location}`
`info` = `{$info}`
WHERE `id` = {$_SESSION['id']}";

mysql_query($sql);
}

?>[/syntax]

[syntax=php]$sql = "UPDATE `trades` SET
`email` = `{$email}`
`location` = `{$location}`
`info` = `{$info}`
WHERE `id` = {$_SESSION['id']}";[/syntax]
Not sure haven't done much php but shouldn't those be quotes instead of backticks (around the variables)

ExtremeGaming wrote:[syntax=php]$sql = "UPDATE `trades` SET
`email` = `{$email}`
`location` = `{$location}`
`info` = `{$info}`
WHERE `id` = {$_SESSION['id']}";[/syntax]
Not sure haven't done much php but shouldn't those be quotes instead of backticks (around the variables)

I'm not too sure, but I believe backticks should work, either way I've tried both and neither solves my problem.

When I can't figure something out I force php to show errors Add this to your code:
[syntax=php]error_reporting(E_ALL);
ini_set('display_errors', '1');[/syntax]

This should show all errors

rabatos wrote:

ExtremeGaming wrote:[syntax=php]$sql = "UPDATE `trades` SET
`email` = `{$email}`
`location` = `{$location}`
`info` = `{$info}`
WHERE `id` = {$_SESSION['id']}";[/syntax]
Not sure haven't done much php but shouldn't those be quotes instead of backticks (around the variables)

I'm not too sure, but I believe backticks should work, either way I've tried both and neither solves my problem.

It should be backticks for the column names and quotes for the strings (variables)

[syntax=php]$sql = "UPDATE `trades` SET
`email` = '{$email}'
`location` = '{$location}'
`info` = '{$info}'
WHERE `id` = {$_SESSION['id']}";[/syntax]

I've changed the backticks, and this is the current file:

[syntax=php]<?php

//fetches all of the users from the table.
function fetch_users(){
$result = mysql_query("SELECT `id` AS `id`, `company_name` AS `company_name` FROM `trades`");

$users = array();

while (($row = mysql_fetch_assoc($result)) !== false){
$users[] = $row;
}

return $users;
}

//fetches profile info.
function fetch_user_info($id){
$id = (int)$id;

$sql = "SELECT
`id` AS `id`,
`firstname` AS `firstname`,
`surname` AS `surname`,
`company_name` AS `company_name`,
`email` AS `email`,
`location` AS `location`,
`info` AS `info`
FROM `trades`
WHERE `id` = {$id}";

$result = mysql_query($sql);

return mysql_fetch_assoc($result);

}

//updates the current users profile info.
function set_profile_info($email, $location, $info){
$email = mysql_real_escape_string(htmlentities($email));
$location = mysql_real_escape_string($location);
$info = mysql_real_escape_string(nl2br(htmlentities($info)));

$sql = "UPDATE `trades` SET
`email` = '{$email}'
`location` = '{$location}'
`info` = '{$info}'
WHERE `id` = {$_SESSION['id']}";

mysql_query($sql);
}

?>[/syntax]

Yet still the database is not being updated and thus the profile remains the same.

I added echo mysql_error(); under the function and now get this error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`location` = 'sgsdgsg' `info` = 'dsvsvsdvds' ' at line 3

You forgot to delimit the values.
[syntax=php] $sql = "UPDATE `trades` SET
`email` = '{$email}'
`location` = '{$location}'
`info` = '{$info}'
WHERE `id` = {$_SESSION['id']}";
[/syntax]
[syntax=php] $sql = "UPDATE `trades` SET
`email` = '{$email}',
`location` = '{$location}',
`info` = '{$info}'
WHERE `id` = {$_SESSION['id']}";[/syntax]
It's supposed to be comma-separated.

I've fixed that, yet still the profile is not updated. Could be be something to do with the session?

Are all the errors gone?
Is the $_SESSION['id'] variable populated?

Yeah no errors are showing up.
The message "your profile had been updated" shows when you submit.

What do you mean by, "Is the $_SESSION['id'] variable populated?" ?

I mean, if you do this:
[syntax=php]echo $_SESSION['id'];[/syntax]
does it give you a value, or is it empty?

Ya thats my next question too? I just watched the user profile tutorial which is great. (So are all of the tuts XD)

In that tut he just sets the session to 1.

[syntax=php]$_SESSION['uid'] = 1;[/syntax]

So to combine the login with the profile I need to grab info from the cookie that was set at login correct?

All that was set was the username and password.

So I need to grab the username and run a query to get the id?

Then set uid to that number?

[syntax=php]$_SESSION['uid'] = 1;[/syntax]

Is there a tut for this? For getting information from the cookie? Or is there a "better" way to do this?

Temor wrote:I mean, if you do this:
[syntax=php]echo $_SESSION['id'];[/syntax]
does it give you a value, or is it empty?

Yes is gives, 1

Hey Rabotos does your edit_profile form show info in it?

Mine wasn't putting data in my form I changed:

on the edit_profile file change $_SESSION to $_GET

[syntax=php]$user_info = fetch_user_info($_GET['uid']);[/syntax]

now it puts stuff in the form but it still isn't updating the table.

I want to sign in and have it go straight to the profile page.

So I need to change the "header" on login.php

[syntax=php]header("Location: profile.php?uid=".$_POST['user_id']);[/syntax]

My guess is that there needs to be a new function that pulls "user_id" from doing a query with "user_username" once they have logged in.

I don't know I need to take a break Xp

I think it still has to do with setting the "uid" and cookies which I don't understand all the way XP

What do you mean "does your edit_profile form show info in it?"

My page shows the form, and I can fill it in and hit update button and the message saying, "your profile has been updated" shows, but the table doesn't get updated

Go into your table in your database and manually fill in some data. Then go to the edit profile page and see if it pulls that data from your table into your form.

For the win!!

Ok so on the tut to make profile: User Profiles [part 04] (@ 6min) if you want to see.

He just made the update table chunk:

[syntax=php]$sql = "UPDATE `users` SET
`user_email` = '{$email}',
`user_location` = '{$location}',
`user_about` = '{$about}'
WHERE `user_id` = {$_SESSION['uid']}";[/syntax]

But there needs to be some single quotes ' ' around {$_SESSION['uid']}

the fixed code should be:

[syntax=php]$sql = "UPDATE `users` SET
`user_email` = '{$email}',
`user_location` = '{$location}',
`user_about` = '{$about}'
WHERE `user_id` = '{$_SESSION['uid']}'";[/syntax]

That fixed it for me anyway... no guarantee that you might have errors in other places.

Hey keystone,

Great that yours works, but I had added the single quotes for the uid already. So I don't think thats the problem for me.

Could you please post your, init.inc, user.inc, and edit_profile files on here, so I can compare and find the errors in mine.

Thanks