I Want to allow users who are logged in to edit their info

Question

I want to make the user who are logged in can allow their details i'm am confused as when i use the following code it doesnot allow me to edit a particular user's info This is my edit.php in this old details of user should be displayed in textboxes but the text boxes are shown empty can anyone fix this

edit.php

    <?php 

$connection = mysql_connect('localhost','root','root') or die ("Couldn't connect to server.");  
$db = mysql_select_db('test', $connection) or die ("Couldn't select database.");  



$data ="select first_name,last_name,father_name,address,pincode,dob,phone from acc"; 
  $query = mysql_query($data) or die("Couldn't execute query. ". mysql_error()); 
  $data2 = mysql_fetch_array($query); 

?> 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
      <title></title> 
 </head> 

<body> 

<!-- form to display record from database --> 
<center>
<form name="form" method="POST" action="abcd2.php"> 
  first Name: <input type="text" name="firstname" value="<?php echo $query['first_name']?>"/> <br> 
 last Name : <input type="text" name="lastname" value="<?php echo $query['last_name']?>"/> <br>
 father Name: <input type="text" name="fathername" value="<?php echo $query['father_name']?>"/> <br> 
 address: <input type="text" name="address" value="<?php echo $query['address']?>"/> <br> 
 pincode: <input type="text" name="pincode" value="<?php echo $query['pincode']?>"/> <br> 
  DOB: <input type="text" name="dob" value="<?php echo $query['dob']?>"/><br>
  phone: <input type="text" name="phone" value="<?php echo $query['phone']?>"/> <br> 
      <input type="submit"  value="submit"> 
</form> 
</center>
</body> 

</html>

update.php

    <?php 

$connection = mysql_connect('localhost','root','root') or die ("Couldn't connect to server.");  
$db = mysql_select_db('test', $connection) or die ("Couldn't select database."); 

$firstname=$_POST['firstname']; 
$lastname=$_POST['lastname']; 
$fathername=$_POST['fathername']; 
$address=$_POST['address']; 
$pincode=$_POST['pincode'];
$dob=$_POST['dob'];
$phone=$_POST['phone'];

$data = "UPDATE `acc` SET first_name='$firstname', last_name='$lastname', father_name='$fathername', address='address', pincode='$pincode', dob='$dob', phone='$phone' "; 
  $query = mysql_query($data) or die("Couldn't execute query. ". mysql_error()); 

?> 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
      <title></title> 
 </head> 

<body> 

<!--  display the changed record from database --> 
<center>
  First Name: <?php echo $firstname?><br> 
  Last Name: <?php echo $lastname?><br>
  Father Name: <?php echo $fathername?><br>
  Address: <?php echo $address?> <br> 
  Pincode: <?php echo $pincode?><br>
  DOB: <?php echo $dob?><br>
  Phone: <?php echo $phone?><br><br> 
</center>
</body> 

</html>

Side note, stop using `mysql_*` functions: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?s=1|9.6200 — Rasclatt, Jul 07 '16 at 05:45
@Rasclatt yeah i know i shouldn't use but i'm stll learning but i'll later change it thanks — Vamshi King, Jul 07 '16 at 05:47
`$query` is the query, `$data2` is the array of data, so `$query['first_name']` etc. is probably `$data2['first_name']` instead. — Rasclatt, Jul 07 '16 at 05:47
@Rasclatt thansk now it displays the details in text boxes !! — Vamshi King, Jul 07 '16 at 05:49
Great! Now that you have it working, you should change `mysql_*` to `PDO`! No sense in doing it wrong right from the start. — Rasclatt, Jul 07 '16 at 05:50
If you have to do it for a particular user don't you think you need to fetch those particular details with his unique id — Rohan, Jul 07 '16 at 05:50
@Rasclatt but i have a problem when i insert phone number it takes input but diplayes some other number — Vamshi King, Jul 07 '16 at 05:51
Are you using sessions at all or how do you differentiate users? — Rasclatt, Jul 07 '16 at 05:53
You need a `where` clause so you update the right person's data, but you have to be able to know who the user is... — Rasclatt, Jul 07 '16 at 05:53
@Rasclatt i'm stll not using any session because i dont have knowledge about how to do it thanks — Vamshi King, Jul 07 '16 at 05:54
That is a problem then. You need to use sessions or cookies so you can tell each user apart from one another. — Rasclatt, Jul 07 '16 at 05:56
When you do an update without using a `where`, you are updating every row of your table with the same info. — Rasclatt, Jul 07 '16 at 05:57
You might want to look into using a framework that will do a lot of this stuff for you. — Rasclatt, Jul 07 '16 at 05:58
@Rasclatt i know i should use something like sessions or cookies but i dont know how to do it can you help me — Vamshi King, Jul 07 '16 at 05:58
@Vamshi in the table where you are storing this information don't you have a column that acts as a primary key for the user to show his uniqueness. If you do when you log in put that key in the session variable then when you are fetching the data use that key — Rohan, Jul 07 '16 at 06:02
Now when you add this value in the session variable you can start a session on any page and access this value with $_SESSION［'id'］ — Rohan, Jul 07 '16 at 06:08
@Rohan i have a doubt how does it identify the id from list of ids — Vamshi King, Jul 07 '16 at 06:13
I hope this data fetching is happening on the users end because when a particular user will log in only his id will be in his session. — Rohan, Jul 07 '16 at 06:15
@Rohan i did something like this `if(isset($_SESSION['user_id'])!="") { $data ="select first_name,last_name,father_name,address,pincode,dob,phone from acc"; $query = mysql_query($data) or die("Couldn't execute query. ". mysql_error()); $data2 = mysql_fetch_array($query); }` — Vamshi King, Jul 07 '16 at 06:22
In your select query use where clause to compare it with the user id — Rohan, Jul 07 '16 at 06:24
@Rohan is it like this `where user_id='($_SESSION['user_id'])' ` — Vamshi King, Jul 07 '16 at 06:29
Do you want me to post a sample algorithm as the answer. The complete flow from sign up — Rohan, Jul 07 '16 at 06:34
Please do not vandalize your question and invalidate existing answers. You probably want to read: http://meta.stackoverflow.com/q/255583/3933332 — Rizier123, Oct 29 '16 at 02:30

score 1 · Accepted Answer · answered Jul 07 '16 at 07:02

Sample steps
Sign up : insert into database with the assumption of the id is set as auto increment and primary key.

"Please add start_session() right after you open the PHP tag or a header related error might be thrown."

Log in :

Authenticate user
If login successful then add id,name,email in session variable

Else
Destroy session
User logs in his profile
Fetch the data of the user by comparing his user_id from session variable e.g. ( select * from tbl where user_id = '$_SESSION［‘id'］') Thus you will have the data of the user
Update data
( Update tbl set col = value.... where user_id = $_SESSION［‘id'］)

In this way if you follow these steps your insert,update,fetch updated values of particular users is handled. Since you have just started using sessions keep in mind that its unique per user so don't worry about the id which is in the variable it will be of the particular user.

score 1 · Answer 2 · edited Jul 07 '16 at 07:15

Brother, for the sake of least security purpose of the users of your website, please do not implement these codes to edit or update informations. i may tell you some reasons for that.

You are using mysql* that is the stuff of php4 and you must know that current version is php7 so you are using a really old version. You must learn PDO or MySQLi. PDO would be preferable.

Learning new stuff like MySQLi/PDO is not a rocket science, it will take just couple of days, but the result would be far more better than your current situation.
You are using queries like UPDATE xyz SET x = "123", y="456" WHERE z = "987" A really novice hacker may retrieve your database information using merely address bar of browser. Precisely learn about special chars escaping like htmlspecialchars,or PDO Params for the purpose like $firstname = htmlspecialchars($_POST['firstName']).
For retrieving the data from database for a unique user, preferably use session. `

Session is nothing but the access data on server for the environment of your website. Each time you run a login script, then at the line where your code completes all check, use this code:
```
session_start(); 
$_SESSION['firstname'] = htmlspecialchars($_POST['firstname'])
// and so on...
```
That is ok. Now in the form where you want to fill the user data, use
```
<input type="text" value="<?php echo $_SESSION['firstname'];?>">`
```

I Want to allow users who are logged in to edit their info

2 Answers2