Hi I am having some issues with getting data to update for a logged in users account, I have got it to display the data in the database which i want to edit but for some reason it just wont go through it says it has updated but when I check it hasn't updated.

Also another thing I am trying to get the ['joined'] to work show the data inside the disabled box but it won't anyone know why? Its the "location", "occupation" that I want to get updated when they type something in the boxes and click on the submit button.

Here is the code for the bit where all the data will be edited edit_accountdata.php



$con = mysql_connect("localhost","u1908470_cms","124553das");
if (!$con)
  die('Could not connect: ' . mysql_error());

mysql_select_db("u1908470_cms", $con);

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."'");

while($row = mysql_fetch_array($result))

    $location = $row['location'];
    $occupation = $row['occupation'];

  echo $row['location'] . " " . $row['joined'] . " " . $row['username'];
  echo "<br />";
<div id="advancedchange">
 <form action="edit_accountdataupdate.php" method="post" />
    Joined: <input type="text" name="joined" value="<? echo $row['joined']; ?>" disabled />
    location: <input type="text" name="location" value="<? echo $location; ?>" />
    occupation:<input type="text" name="occupation" value="<? echo $occupation; ?>" />
    <input type="submit" name="submit" value="update" />

and Here is the code for where the form submit button goes to edit_accountdataupdate.php:

mysql_connect("localhost","u1908470_cms","124553das") or die("Error: ".mysqlerror());

    $location = $_POST['location'];
    $occupation = $_POST['occupation'];

    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '".$_SESSION['username']."'");

    mysql_query($sql) or die ("Error: ".mysql_error());

    echo "Database updated. <a href='edit_accountdata.php'>Return to edit info</a>";

5 Years
Discussion Span
Last Post by wastedkill

before you do anything else - clean your input - mysql_real_escape_string() should do.


Do you mean like this?

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '". mysql_real_escape_string ($_SESSION['username'])."'");


    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '". mysql_real_escape_string($_SESSION['username'])."'");

EDIT!: Thanks for all the help guys but solved it, needed to put


on both files now it works perfectly!

Edited by wastedkill: Sorted it :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.