0

here is my code My goal is to be able to fetch data from the database and place it in a text box so the user can update their profile. I have not gotten to the update function yet. Right now i am trying to figure out how to get the data to show in the text box

<?php

 $userID = htmlspecialchars($_GET["userID"]);
 $lastName = htmlspecialchars($_GET["lastName"]);
 $_SESSION["userID"] = $userID;

include 'inc/connect.php';
$query = "SELECT * FROM USERS WHERE userID = '$userID'";

$result = mysqli_query($link, $query) or die(mysql_errno());
$row = mysqli_fetch_assoc($result); 

 ?>

<div class="container">
<h1> <?php if(isset($_SESSION['username'])) { 
echo  $_SESSION['username'];
echo "'s Profile";
} ?>   
</h1>
<form class="form-horizontal" action="func/func_user_profile.php" method="post">
<div class="form-group">
    <label class="control-label col-sm-2"> Email:</label>
    <div class="col-sm-10">
        <input type="email" class="form-control" name="email" value="<?php echo $row["email"];?>">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-2"> Password:</label>
    <div class="col-sm-10">
        <input type="password" class="form-control" name="password" value="<?php echo $row["password"];?>">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-2"> Current monthly expenses:</label>
    <div class="col-sm-10">
        <input type="text" class="form-control" name="monthlyExpenses" value="<?php echo $row["monthlyExpenses"];?>">
    </div>
</div>


<div class="form-group" id="submit">
<input type="submit" class="btn btn-success" value="Update Profile" >
<input type="button" class="btn btn-danger" onClick="window.location.replace('welcome.php')" value="cancel">
</div>
</form>
 </div>


 <?php
 include 'inc/footer.php';
 ?>


  </body>
  </html>
sean vitale
  • 71
  • 1
  • 1
  • 4
  • Your code is vulnerable to [**SQL injection attacks**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 24 '17 at 21:43

1 Answers1

0

I tested your code and it do show the information form the database. If it is not showing anything it should be because there is something wrong with your connection. 

<?php

 $userID = "1";
 $lastName = "Boo";
$server = "localhost";
$userName = "root";
$password = "";
$database = "test";




$conn =  mysqli_connect($server,$userName,$password , $database);
$query = "SELECT * FROM Boo WHERE userID = '$userID'";

$result = mysqli_query($conn, $query) or die(mysql_errno());
$row = mysqli_fetch_assoc($result); 

 ?>
<html>
<head>

</head>
<body>
<div class="container">
<h1> 
</h1>
<form class="form-horizontal" action="func/func_user_profile.php" method="post">
<div class="form-group">

    <label class="control-label col-sm-2"> Email:</label>
    <div class="col-sm-10">
        <input type="email" class="form-control" name="email" value="<?php echo $row["email"];?>">
    </div>
</div>
<div class="form-group">
    <label class="control-label col-sm-2"> Password:</label>
    <div class="col-sm-10">
        <input type="password" class="form-control" name="password" value="<?php echo $row["password"];?>">
    </div>
</div>


<div class="form-group" id="submit">
<input type="submit" class="btn btn-success" value="Update Profile" >
<input type="button" class="btn btn-danger" onClick="window.location.replace('welcome.php')" value="cancel">
</div>
</form>
 </div>




  </body>
  </html>

Use the connection i have used if it is different.

Buwendra
  • 19
  • 5