Search code examples
phpmysqlformsregistration

need assistance adding an "edit profile" page to my project on a small social network website

I have a project so set up a small social network website. registration form does work with a username, but when I add an area for firstname and lastname, it does not work. I have no idea how to add an "edit profile" page where the user can add a profile photo and bio with basic information. Below is the file I use when trying to add a firstname and lastname that does not work.

if (isset($_POST['reg_user'])) {


$username = mysqli_real_escape_string($db, $_POST['username']);
$firstname = mysqli_real_escape_string($db, $_POST['firstname']);
$lastname = mysqli_real_escape_string($db, $_POST['lastname']);
$email = mysqli_real_escape_string($db, $_POST['email']);
$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);


if (empty($username)) { array_push($errors, "Username is required"); }
if (empty($email)) { array_push($errors, "Email is required"); }
if (empty($password_1)) { array_push($errors, "Password is required"); }
if ($password_1 != $password_2) {
array_push($errors, "The two passwords do not match");
}


$user_check_query = "SELECT * FROM clients WHERE username='$username' OR 
email='$email' LIMIT 1";
$result = mysqli_query($db, $user_check_query);
$user = mysqli_fetch_assoc($result);

if ($user) { // if user exists
if ($user['username'] === $username) {
  array_push($errors, "Username already exists");
}

if ($user['email'] === $email) {
  array_push($errors, "email already exists");
}
}

if (count($errors) == 0) {
$password = md5($password_1);

$query = "INSERT INTO clients (username, firsname, lastname, email, 
password) 
          VALUES('$username', '$firstname', '$lastname' '$email', 
'$password')";

mysqli_query($db, $query);
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: indexclient.php');
}
}
Solution

  • I still don't understand the problem 100% but I did spot an error in your INSERT query. you need to add a semicolon after '$lastname'

    So this:

    $query = "INSERT INTO clients (username, firsname, lastname, email, 
password) 
          VALUES('$username', '$firstname', '$lastname' '$email', 
'$password')";

    Needs to be:

    $query = "INSERT INTO clients (username, firsname, lastname, email, 
password) 
          VALUES('$username', '$firstname', '$lastname', '$email', 
'$password')";

    On a side note your query opens you up to SQL injection, how to prevent SQL injection