PHP update rows in table

Question

Hello I am having some issue here i created a script to update users account details but when the form is filled in and submit button clicked no errors come up but at the same time no changes are made in the table

THIS IS ONLY A DUMMY APPLICATION SO EVERYTHING IS KEEP BASIC

     <?php


session_start();


    include('connect_mysql.php');



        if(isset($_POST['update']))
        {

            $usernameNew = stripslashes(mysql_real_escape_string($_POST["username"]));
            $passwordNew = stripslashes(mysql_real_escape_string($_POST["password"]));
            $first_nameNew = stripslashes(mysql_real_escape_string($_POST["first_name"]));
            $last_nameNew = stripslashes(mysql_real_escape_string($_POST["last_name"]));
            $emailNew = stripslashes(mysql_real_escape_string($_POST["email"]));



            $user_id = $_SESSION['user_id'];
            $editQuery = mysql_query("UPDATE users SET username='$usernameNew', password='$passwordNew', first_name='$first_nameNew', last_name='$last_nameNew' , email='$emailNew' WHERE user_id='$user_id'");


            if(!$editQuery)
            {
                echo mysql_error($editQuery);
                die($editQuery);
            }
        }

?>


<html>
<head>

<title>Edit Account</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />

</head>
<body>
<div id="wrapper">
<header><h1>E-Shop</h1></header>

    <article>
        <h1>Welcome</h1>
            <h1>Edit Account</h1>

<div id="login">
    <ul id="login">
    <form method="post" name="editAccount" action="userEditAccount.php"  >
        <fieldset>  
            <legend>Fill in the form</legend>
                <label>Select Username : <input type="text" name="username" /></label>
                <label>Password : <input type="password" name="password" /></label>
                <label>Enter First Name : <input type="text" name="first_name" /></label>
                <label>Enter Last Name : <input type="text" name="last_name" /></label>
                <label>Enter E-mail Address: <input type="text" name="email" /></label>
        </fieldset>
        <br />


                <input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">


    </form>

</div>
    <form action="userhome.php" method="post">
    <div id="login">
        <ul id="login">
            <li>
                <input type="submit" value="back" onclick="index.php" class="button">   
            </li>
        </ul>
    </div>      
</article>

<aside>
</aside>

<div id="footer">Text</div>
</div>

</body>
</html>

SOrry for some reason the I forgotten to copy this part faceslap

login.php:

<?php
session_start();

    require('connect_mysql.php');

     if($_SERVER['REQUEST_METHOD'] == 'POST')
     {

        $username = $_POST["username"];
        $password = $_POST["password"];
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);

        $query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
        $numrow = mysql_num_rows($query);

    if($username && $password){



    $query = mysql_query("SELECT * FROM  users WHERE username='$username'");
    $numrow = mysql_num_rows($query);

    if($numrow !=0){

        while($row = mysql_fetch_assoc($query)){

            $dbusername = $row['username'];
            $dbpassword = $row['password'];         
        }

        if($username == $dbusername && $password == $dbpassword ){

            $_SESSION['user_id'] = $user_id;
            header("Location: userhome.php");

        }
        else{
            echo "Incorect password";
        }

    }
    else{
        die("This user dosent exists");
    }
}
else{

    $reg = die("Please enter username and password");
}
}


?>

Answer 1

You haven't called session_start() at the beginning of the file, so $username will be an empty string, and the update command will only update rows where the username is an empty string.

Edit: In fact, that code won't even be run, because you haven't called session_start(), isset($_SESSION['update']) will evaluate to false.

Did you mean to write $_SESSION['update']? Shouldn't that be $_POST['update']?

Last but not least, personally I would replace this:

<input name="update" type="submit" submit="submit" value="Edit Account" class="button">

with this:

<input type="submit" value="Edit Account" class="button">
<input type="hidden" name="update" value="update">

At least for clarity. I don't know if it's still the case, but in time gone by not all browsers submitted the name/value of the submit button.

Answer 2

Sir from the code given above i think you have error in your login.php

$_SESSION['user_id'] = $user_id;

You are not assigning value to $user_id that why it is setting blank value to $_SESSION['user_id'].

  <?php
session_start();

    require('connect_mysql.php');

     if($_SERVER['REQUEST_METHOD'] == 'POST')
     {

        $username = $_POST["username"];
        $password = $_POST["password"];
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);

        $query = mysql_query("SELECT * FROM users WHERE Username='$username' AND Password='$password'");
        $numrow = mysql_num_rows($query);

    if($username && $password){



    $query = mysql_query("SELECT * FROM  users WHERE username='$username'");
    $numrow = mysql_num_rows($query);

    if($numrow !=0){
        $user_id = 0;  
        while($row = mysql_fetch_assoc($query)){

            $dbusername = $row['username'];
            $dbpassword = $row['password'];         
            $user_id = $row['user_id'];
        }

        if($username == $dbusername && $password == $dbpassword ){

            $_SESSION['user_id'] = $user_id;
            header("Location: userhome.php");

        }
        else{
            echo "Incorect password";
        }

    }
    else{
        die("This user dosent exists");
    }
}
else{

    $reg = die("Please enter username and password");
}
}


?>