Member Avatar for Jesse_21

I am attempting to update my accounts table for the current session ID with the data posted from a form. My first prepare statement is functioning fine and can be seen functioning through the placeholder variables in the form. It is my second prepare statement that doesnt seem to be working. From what I can tell, form doesn't seem to be posting the data correctly and I am unsure what the error is. It may very well be a simple error but I am stuck. Any help would be massively appreciated!

<?php


if(!isset($_SESSION['account_loggedin']))
{
    header("Location: index.php");
}
$pdo=mysqli_connect("localhost","root","root","shoppingcart_advanced");


    if(!$pdo)
    {
        echo(' Please Check Your Connection'.mysqli_connect_error($pdo));
    }


$msg = ' ';         
$stmt = $pdo->prepare('SELECT email, first_name, last_name, address_street, address_city, address_state, address_zip, address_country FROM accounts WHERE id = ?');
// In this case we can use the account ID to get the account info.
$stmt->bind_param('i', $_SESSION['account_id']);
$stmt->execute();
$stmt->bind_result($email, $first_name, $last_name, $address_street, $address_city, $address_state, $address_zip, $address_country);
$stmt->fetch();
$stmt->close();

// Handle edit profile post data
if (isset($_POST['submit'], $_POST['email'], $_POST['first_name'], $_POST['last_name'], $_POST['address_street'], $_POST['address_city'], $_POST['address_city'], $_POST['address_state'], $_POST['address_zip'], $_POST['address_country'])) {
    // Make sure the submitted registration values are not empty.
    if (!$_POST['email'] ||!$_POST['first_name'] || !$_POST['last_name'] || !$_POST['address_street'] ||  !$_POST['address_city'] || !$_POST['address_city'] || !$_POST['address_state'] || !$_POST['address_zip'] || !$_POST['address_country'] ) {
        $msg = 'The input fields must not be empty!';
    } else if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
        $msg = 'Please provide a valid email address';
    }
    if (empty($msg)) {
        // Check if new email already exists in database
        $stmt = $pdo->prepare('SELECT * FROM accounts WHERE email = ? AND email != ?');
        $stmt->bind_param('ss', $_POST['email'], $email);
        $stmt->execute();
        $stmt->store_result();
        if ($stmt->num_rows > 0) {
            $msg = 'Account already exists with that username and/or email!';
        } else {
            // no errors occured, update the account...
            $stmt->close();
            $uniqid = $email != $_POST['email'] ? uniqid() : $email;
            $stmt = $pdo->prepare('UPDATE accounts SET email = ?,first_name = ?, last_name = ?, address_street = ?, address_city = ?, address_state = ?, address_zip = ?, address_country = ? WHERE id = ?');
            $stmt->bind_param('ss', $_POST['email'],$_POST['first_name'], $_POST['last_name'], $_POST['address_street'], $_POST['address_city'], $_POST['address_state'], $_POST['address_zip'], $_POST['address_country'], $_SESSION['account_id']);
            $stmt->execute();       
            $stmt->close();     

            $msg = 'account updated!';
        }
    }
}
    ?>
    <?=template_header('Edit Profile')?>

    <!DOCTYPE html>
<html>
    <div class="EditProfile">
            <h2>Edit delivery information</h2>
            <div class="block">
                <form action="index.php?page=saveProfile" method="post">
                    <label for="email">Email</label>
                    <input type="email" value="<?=$email?>" name="email" id="email" placeholder="Email">
                <br>
                <label for="first_name">First Name</label>
                    <input type="text" value="<?=$first_name?>" name="first_name" id="first_name" placeholder="First Name">
                    <br>
                    <label for="last_name">Last Name</label>
                    <input type="text" value="<?=$last_name?>"name="last_name" id="last_name" placeholder="Last Name">
                    <br>
                    <label for="address_street">Street</label>
                    <input type="text"value="<?=$address_street?>" name="address_street" id="address_street" placeholder="Street">
                    <br>
                    <label for="address_state">City</label>
                    <input type="text" value="<?=$address_state?>" name="address_state" id="address_state" placeholder="Address">
                    <br>
                    <label for="address_zip">Postcode</label>
                    <input type="address_zip" value="<?=$address_zip?>" name="address_zip" id="address_zip" placeholder="Postcode">
                    <br>
                    <label for="address_country">Country</label>
                    <input type="text"value="<?=$address_country?>" name="address_country" id="address_country" placeholder="Country">
                    <br>
                    <input class="submit" name="submit" type="submit" value="Submit">
                    <p><?=$error?></p>
                    <p><?=$msg?></p>

                </form>
            </div>
            <p><img src="Images/PSign.PNG" alt="Logo" width="100" height="100"></p>
        </div>
        <?=template_footer()?>
</html>
  • 2 Contributors
  • 1 Reply
  • 88 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by Dani
Member Avatar for Dani

I just came across this thread now but I’m on my phone while laying in bed so it’s pretty hard to read the code.

However, just from reading your question, the first thing I would check would be the error log for any PHP notices, warnings, or errors. Are you logging errors anywhere?

Also, at first glance, it looks like you aren’t escaping your variables when sending them to the browser with htmlspecialchars() or htmlentities()

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.