Image for Database Columns from Workbench here
Thanks beforehand to everyone who takes the trouble to review and answer my question here. I am working on a website where I am required to make a dashboard for my registered visitors so that they can view and edit their profile information. However, I have run into some problem with my code. When a user submits changes to his profile, the server updates the information stored in a MySQL table and informs the user that the information has been updated. On the outside, it seems to be smoothly working. When I upload a profile picture or set a new name or set a new email address, it shows me "Successfully Updated". But when I check the 'actual' database entries (using Workbench) I find that absolutely nothing has been updated.
P.S. I have already checked my source code for errors on http://phpcodechecker.com . And my MySQL connection is correctly working(because I have used the same snippet in other php files as well).
P.P.S (if at all necessary) I am using Windows 10 64-bit and PHP 7 with IIS 10 Server and MySQL Workbench for Windows version 6.2.4(64 bit)
The Source Codes: edit_profile.php
<?php
ob_start();
session_start();
require('./functions.php');
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$name = $_POST["name"];
$email = $_POST["email"];
$user_id = $_SESSION["user_id"];
$profile_picture = $_POST["profile_picture"];
echo 'Changing Contents of your profile..';
if ($name != $_SESSION["name"]) {
if (setUserName($user_id, $name)) {
echo 'Successfully changed User Name.<br/>';
} else {
echo 'Unsuccessful';
}
}
if ($email != $_SESSION["email"] && $email != "") {
if (setEmail($user_id, $email)) {
echo 'Successfully changed Email.<br/>';
} else {
echo 'Unsuccessful';
}
}
if ($profile_picture != getProfilePicture_base64_encoded($user_id) && $profile_picture != "") {
if (setProfilePicture_base64_encoded($user_id, $profile_picture)) {
echo 'Successfully changed Profile Picture.<br/>';
} else {
echo 'Unsuccessful';
}
}
} else {
?>
<!DOCTYPE html>
<html>
<head>
<title>StoryDorado | Edit Profile</title>
<meta name="theme-color" content="">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="nocache,noarchive,nofollow,nosnippet">
<meta name="Description" content="">
<meta name="keywords" content="">
</head>
<body>
<form action="edit_profile.php" method="post" enctype="multipart/form-data">
Set New Profile Picture (Max. 15 MB): <input name="profile_picture" id="profile_picture" accept="image/JPEG" type="file"><br/>
Set User Name: <input type="text" name="name" id="name"><br/>
Set New E-mail:<input type="text" name="email" id="email"><br/>
<input type="submit" value="submit" name="submit" />
</form>
<br/>
<div id="Current_Info" style="display:block;">
<pre>
Your Current Information:
1.Profile Picture:
<?php
$profile_picture = getProfilePicture_base64_encoded($_SESSION["user_id"]);
if ($profile_picture === NULL) {
echo '<img src="default.jpg" />';
} else {
echo '<img src="data:image/jpeg;base64,' . $profile_picture . '" />';
}
?><br/>
2. User Name:
<?php echo $_SESSION["name"]; ?><br/>
3. E-Mail:
<?php
if ($_SESSION["email"] != "") {
echo $_SESSION["email"];
} else {
echo 'Not Provided';
}
?>
</pre>
</div>
</body>
</html>
<?php
}
?>
And functions.php located in the same folder
<?php
function encrypt_password($password) {
$cost = 10;
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
$salt = sprintf("$2a$%02d$", $cost) . $salt;
$hash = crypt($password, $salt);
return $hash;
}
function check_user($user_id, $password) {
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "SELECT * FROM users";
$list = $conn->query($query);
$result = false;
while ($row = $list->fetch_assoc()) {
if ($user_id == $row["user_id"] && $row["subscription_code"] != 0 && hash_equals($row["subscription_code"], crypt($password, $row["subscription_code"]))) {
$result = true;
}
}
$conn->close();
return $result;
}
function getProfilePicture_base64_encoded($user_id) {
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "SELECT * FROM users WHERE user_id='" . $user_id . "'";
$list = $conn->query($query);
$image = null;
while ($row = $list->fetch_assoc()) {
$image = $row["profile_picture"];
}
$conn->close();
return $image;
}
function setProfilePicture_base64_encoded($user_id, $picture) {
$picture = base64_encode($picture);
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "UPDATE users SET profile_picture='" . $picture . "' WHERE user_id='" . $user_id . "';";
$result = false;
if ($conn->query($query) === TRUE) {
$result = true;
}
$conn->close();
return $result;
}
function setUserName($user_id, $name) {
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "UPDATE users SET name='" . $name . "' WHERE user_id='" . $user_id . "';";
$result = false;
if ($conn->query($query) === TRUE) {
$result = true;
}
$conn->close();
return $result;
}
function setPassword($user_id, $password) { //WARNING: Be Cautious About When You Let A User Change His Password
$password = encrypt_password($password);
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "UPDATE users SET subscription_code='" . $password . "' WHERE user_id='" . $user_id . "';";
$result = false;
if ($conn->query($query) === TRUE) {
$result = true;
}
$conn->close();
return $result;
}
function setEmail($user_id, $email) {
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "UPDATE users SET email='" . $email . "' WHERE user_id='" . $user_id . "';";
$result = false;
if ($conn->query($query) === TRUE) {
$result = true;
}
$conn->close();
return $result;
}
function UnRegister($user_id) { //WARNING: Be Cautious About This. Changes are not reversible. Provide proper sure-checking to end users.
$conn = new mysqli("localhost", "root", "", "login_system") or die("Connection Failed:" . $conn->connect_error);
$query = "DELETE FROM users WHERE user_id='" . $user_id . "';";
$result = false;
if ($conn->query($query) === TRUE) {
$result = true;
}
$conn->close();
return $result;
}
function validate($data) {
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
What could be the cause of this? And how to fix it?
EDIT :
I ran the same query I have used in the functions above in MySQL Workbench. There was an error! It said : Executing:
UPDATE `login_system`.`users` SET `name`='Rojaxius' WHERE `user_id`='facebook000000000';
ERROR 1175: 1175: You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column
SQL Statement:
UPDATE `login_system`.`users` SET `name`='Mr Who' WHERE `user_id`='facebook000000000'
Operation failed: There was an error while applying the SQL script to the database.
Now what does that mean ?