I created a database with user's first name, last name, email, and temp password. When a user logs in for the first time they are shown a profile with the information already in the database as well as some additional fields they must fill in. On clicking submit the form should then update their profile in the database but it doesn't. The database is called 'users'. Could someone please tell me what I'm doing wrong?
<?php
$testerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$tester = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["tester"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
include "scripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM users WHERE id='$testerID' AND username='$tester' AND password='$password' LIMIT 1"); // query the person
$row = mysql_fetch_array($sql);
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tester Home</title>
</head>
<body>
<table width="886">
<tr>
<td width="876"><h1>Welcome
<?php
echo $fname;
?>
to the Closed Beta</h1></td>
</tr>
</table>
<p> </p>
<div id="content">
<?php
$date = getdate();
// Parse the form data and add inventory item to the system
if (isset($_POST['$new_password'])) {
$new_email = mysql_real_escape_string($_POST['email']);
$new_password = mysql_real_escape_string($_POST['new_password']);
$phone_model = mysql_real_escape_string($_POST['phone_model']);
$carrier = mysql_real_escape_string($_POST['carrier']);
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'");
}
if(is_null($test_start)){
echo "
<form action=\"index.php\" enctype=\"multipart/form-data\" name=\"myForm\" id=\"myform\" method=\"post\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"6\">
<tr>
<td width=\"20%\" align=\"right\">ID: </td>
<td width=\"80%\"><label>
$testerID
</label></td>
</tr>
<tr>
<td align=\"right\">Username: </td>
<td><label>
$tester
</label></td>
</tr>
<tr>
<td align=\"right\">First Name: </td>
<td><label>
$fname
</label></td>
</tr>
<tr>
<td align=\"right\">Last Name: </td>
<td><label>
$lname
</label></td>
</tr>
<tr>
<td align=\"right\">Email Address: </td>
<td><label>
<input type=\"text\" name=\"email\" id=\"email\" value=\"\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">Old password: (the one you were assigned)</td>
<td><label>
<input type=\"text\" name=\"old_password\" id=\"old_password\" value=\"$password\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">New Password: </td>
<td><label>
<input type=\"text\" name=\"new_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Confirm New Password: </td>
<td><label>
<input type=\"text\" name=\"confirm_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Phone Model: </td>
<td><label>
<input type=\"text\" name=\"phone_model\" id=\"phone_model\" value=\"$phone_model\"/> (a 4 digit number)
</label></td>
</tr>
<tr>
<td align=\"right\">Carrier: </td>
<td><label>
<input type=\"text\" name=\"carrier\" id=\"carrier\" cols=\"64\" rows=\"5\" value=\"$carrier\"/>
</label></td>
</tr>
<input type=\"submit\" name=\"button\" id=\"button\" value=\"Update\" />
</table>
</form>";
}else{
}
?>
</div>
<p> </p>
</body>
</html>
