Code: Select all
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("login") or die(mysql_error());
$username = $_COOKIE['ID_my_site'];
if (isset($_POST[submit]))
{
$sql_username_output = mysql_real_escape_string($_POST['username_output']);
$sql_username = mysql_real_escape_string($username);
mysql_query("UPDATE users SET username='$sql_username_output' WHERE username='$sql_username';") or die("ERROR");
$sql_first_name_output = mysql_real_escape_string($_POST['first_name_output']);
mysql_query("UPDATE users SET first_name='$sql_first_name_output' WHERE username='$sql_username';") or die("ERROR");
}
$user_myself = mysql_query ("SELECT * from users where username = '$username';") or die ("error");
echo "<form method='POST' action ='profile_edit.php'>";
while ($output = mysql_fetch_array ($user_myself))
{
$html_username = htmlspecialchars($output['username'], ENT_QUOTES);
echo "Username: <input type='text' value='$html_username' name='username_output'><p>";
$html_first_name = htmlspecialchars($output['first_name'], ENT_QUOTES);
echo "First Name: <input type='text' value='$html_first_name' name='first_name_output'><p>";
echo "<p>";
}
?>
<input type="submit" name="submit" value="submit">
</form>
<p>
<a href="members.php">Back</a>