Please I need professionals to help me identify any error that is in this code.

I created a form where after login, members will have to update there profile before accessing other part of the portal. Everything is working fine but the update profile page failed to work. This is the code. Please, I need your help. Though I have similar one which was successful but I can't figure out what is wrong here.

Thanks

if(isset($_POST['update'])){

if($_POST['addy']="" || $_POST['tel']=="" || $_POST['email']=="" || $_POST['age']=="" || $_POST['prof']=="" || $_POST['work']=="" || $_POST['post']==""{
echo "<script>alert('Please fill all the fields before you proceed')</script>";
}else{

$uname = $_POST['username'];
$fname = $_POST['fname'];
$mname = $_POST['mname'];
$add = $_POST['addy'];
$tel = $_POST['tel'];
$mail = $_POST['email'];
$age = $_POST['age'];
$prof = $_POST['prof'];
$work =$_POST['work'];
$post = $_POST['post'];



$suid = $_SESSION['user_id'];
$qupdate = "UPDATE registermember SET Address = '$add', Phone='$tel', Email='$mail', Age Bracket='$age', Profession='$prof', Place of work='$work', Position='$post' WHERE id=$suid ";
$res = mysql_query($qupdate);
header('Location: dashboard.php');
}
}

First,
if($_POST['addy']="" || should be
if($_POST['addy']=="" ||

You missed one equals sign.

Then I don't know if you actually named your database table columns with spaces in them for eg: "Age Bracket".
If you did, that's bad. Change it ASAP.

onyengbu:
First,
if($_POST['addy']="" || should be
if($_POST['addy']=="" ||
You missed one equals sign.
Then I don't know if you actually named your database table columns with spaces in them for eg: "Age Bracket".
If you did, that's bad. Change it ASAP.

Ok onyengbu. I will effect the correction right away and get back to you. Thanks so much

Cordova:
Please I need professionals to help me identify any error that is in this code.

I created a form where after login, members will have to update there profile before accessing other part of the portal. Everything is working fine but the update profile page failed to work. This is the code. Please, I need your help. Though I have similar one which was successful but I can't figure out what is wrong here.

Thanks

if(isset($_POST['update'])){

if($_POST['addy']="" || $_POST['tel']=="" || $_POST['email']=="" || $_POST['age']=="" || $_POST['prof']=="" || $_POST['work']=="" || $_POST['post']==""{
echo "<script>alert('Please fill all the fields before you proceed')</script>";
}else{

$uname = $_POST['username'];
$fname = $_POST['fname'];
$mname = $_POST['mname'];
$add = $_POST['addy'];
$tel = $_POST['tel'];
$mail = $_POST['email'];
$age = $_POST['age'];
$prof = $_POST['prof'];
$work =$_POST['work'];
$post = $_POST['post'];



$suid = $_SESSION['user_id'];
$qupdate = "UPDATE registermember SET Address = '$add', Phone='$tel', Email='$mail', Age Bracket='$age', Profession='$prof', Place of work='$work', Position='$post' WHERE id=$suid ";
$res = mysql_query($qupdate);
header('Location: dashboard.php');
}
}

Also, you are setting a session without setting the session id,
$suid = $_SESSION['user_id'];

$suid is undefined. whats the value of the 'user_id'


to properly use session , make it the first line like

<?php session_start();?>

<html>
......
</html>

Hope this helps

If your variable is holding a string, while updating values of your db table[column] use '".$variable."' and if the variable is an integer use ".$variable."

And always try to catch exceptions, for instance after querying the db before relocating members back to another page use:

If($query){
//redirect
}else{//log the error somewhere}

@Cordova Try to validate your inputs because of sql injection attacks and try to use new mysqli object oriented or PDO because mysql has been depreciated

Your database should not necessarily contain uppercase and spaces, your db should be easier to understand

Check your <input type='submit' name='update'> if yu misspelt the word update


Then please and please use the empty() function
$addy=htmlspecialchars(strip_tags($_POST['addy'])):
//that is how to validate, I gat no time to write you a function for that

if(empty($_POST['addy']) || empty($_POST['tel']......);
{
echo "<script>alert('Please fill all the fields before you
proceed')</script>";
}
// please try and create a div class for displaying errors so you will just echo the error msg **
else
{
session_start();
$suid=$_SESSION['user_id'];

$qupdate = "UPDATE registermember SET Address = '$addy',
Phone='$tel', Email='$mail', Age Bracket='$age',
Profession='$prof', Place of work='$work', Position='$post'
WHERE id=$suid ";
$res = mysql_query($qupdate);
header();
}
Change all your address, phone, email to lowercases and remove all spaces because in your code, you didn't give room for an error message from your sql server...

Did you even echo your $suid to know if it corresponds with the data on your db??

Greetings to my boss that will correct my codes.... Am a learner trying to be a geek

You did not open a connection to the database. Try enabling error reporting in your program.

I appreciate every single suggestion by all and by God's grace everything has been noted.

However, I just copied a part of the code to examine the lines of code.

The application starts by members registering to create account with first name, surname etc

After login, they will be prompted to change the default assigned password before proceeding to the dashboard where they can choose to update their profile. The login was successful, password change was successful, login, session and logout worked well, downloads work well etc. The only aspect that refused to work was the edit profile function that was why I pasted only the aspect that deals with the edit profile.

The page actually started with this

ob_start();
error_reporting(1);
session_start();
include 'cons.php';
include 'session.php';

if(loggedin()){
echo 'Welcome You are logged In ';
}else{
header('Location: login_rl.php');
}

The session created is in login file and a function was created in session.php for the login


each time I echo the session id, I get the value that is in the database.

Concerning the sql injection, I uses addslashes(htmlentities($_POST['addy'])) for the fields.

Once again I appreciate all our suggestion.

Cordova:
I appreciate every single suggestion by all and by God's grace everything has been noted.

However, I just copied a part of the code to examine the lines of code.

The application starts by members registering to create account with first name, surname etc

After login, they will be prompted to change the default assigned password before proceeding to the dashboard where they can choose to update their profile. The login was successful, password change was successful, login, session and logout worked well, downloads work well etc. The only aspect that refused to work was the edit profile function that was why I pasted only the aspect that deals with the edit profile.

The page actually started with this

ob_start();
error_reporting(1);
session_start();
include 'cons.php';
include 'session.php';

if(loggedin()){
echo 'Welcome You are logged In ';
}else{
header('Location: login_rl.php');
}

The session created is in login file and a function was created in session.php for the login


each time I echo the session id, I get the value that is in the database.

Concerning the sql injection, I uses addslashes(htmlentities($_POST['addy'])) for the fields.

Once again I appreciate all our suggestion.

if it can output the session id or variable correctly ensure that mysql query to update the set password to what the user supplied in the input box.
should u need further advice, don't hesitate to WhatsApp/call/SMS 07031175291