Hi I am having some issues with getting data to update for a logged in users account, I have got it to display the data in the database which i want to edit but for some reason it just wont go through it says it has updated but when I check it hasn't updated.

Also another thing I am trying to get the ['joined'] to work show the data inside the disabled box but it won't anyone know why? Its the "location", "occupation" that I want to get updated when they type something in the boxes and click on the submit button.

Here is the code for the bit where all the data will be edited edit_accountdata.php



$con = mysql_connect("localhost","u1908470_cms","124553das");
if (!$con)
  die('Could not connect: ' . mysql_error());

mysql_select_db("u1908470_cms", $con);

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."'");

while($row = mysql_fetch_array($result))

    $location = $row['location'];
    $occupation = $row['occupation'];

  echo $row['location'] . " " . $row['joined'] . " " . $row['username'];
  echo "<br />";
<div id="advancedchange">
 <form action="edit_accountdataupdate.php" method="post" />
    Joined: <input type="text" name="joined" value="<? echo $row['joined']; ?>" disabled />
    location: <input type="text" name="location" value="<? echo $location; ?>" />
    occupation:<input type="text" name="occupation" value="<? echo $occupation; ?>" />
    <input type="submit" name="submit" value="update" />

and Here is the code for where the form submit button goes to edit_accountdataupdate.php:

mysql_connect("localhost","u1908470_cms","124553das") or die("Error: ".mysqlerror());

    $location = $_POST['location'];
    $occupation = $_POST['occupation'];

    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '".$_SESSION['username']."'");

    mysql_query($sql) or die ("Error: ".mysql_error());

    echo "Database updated. <a href='edit_accountdata.php'>Return to edit info</a>";

Member Avatar

before you do anything else - clean your input - mysql_real_escape_string() should do.

Do you mean like this?

$result = mysql_query ("SELECT * FROM `users` WHERE `username` = '". mysql_real_escape_string ($_SESSION['username'])."'");


    $sql = ("UPDATE `users` SET `location` = '$location',`occupation` = '$occupation' WHERE `username` = '". mysql_real_escape_string($_SESSION['username'])."'");

EDIT!: Thanks for all the help guys but solved it, needed to put


on both files now it works perfectly!