<!DOCTYPE HTML><html><head><title></title></head><body><form id='upda

1. <!DOCTYPE HTML>
2. <html>
3. <head>
4. <title>
5.  
6. </title>
7.  
8. </head>
9. <body>
10.  
11.  
12. <form id='updateholder' action='updateacc.php' method='post'>
13. <fieldset >
14. <legend>Update Account</legend>
15.  
16. Username:
17. <input type='text' name='username' id='username' value = "<?php echo $row['user_Username']?>"/>
18. Current Password:
19. <input type='text' name='curpassword' id='curpassword' value = "" maxlength="50" />
20. New Password:
21. <input type='text' name='confirm' id='newpassword' value = "" maxlength="50" />
22. Confirm New Password:
23. <input type='text' name='confirm' id='confirmpassword' value = "" maxlength="50" />
24. Middle Name:
25. <input type='text' name='middlename' id='middlename' value = "<?php echo $row['user_Mname']?>"/>
26. Last Name:
27. <input type='text' name='lastname' id='lastname' value = "<?php echo $row['user_Lname']?>"/>
28.  
29. <input type='Submit' name='Submit' value='Submit' />
30. </fieldset>
31. </form>
32.  
33. <a href = "logout.php">LOGOUT</a>
34. </body>
35. </html>
36.  
37. <?php
38. session_start();
39. include('dbconn.php');
40.  
41. $user_ID = $_SESSION['user_ID'] ;
42.  
43.  
44. $sql = "SELECT * FROM tbl_user WHERE user_ID = '$user_ID'";
45.  
46. $result = mysqli_query($con, $sql);
47. $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
48.  
49. if (isset($_POST['Submit'])) {
50. $username = $_POST["username"];
51. $curpassword = $_POST["curpassword"];
52. $middlename = $_POST["middlename"];
53. $lastname = $_POST["lastname"];
54.  
55. $username = trim(mysqli_escape_string($con, $username));
56. $curpassword = trim(mysqli_escape_string($con, $curpassword));
57. $middlename = trim(mysqli_escape_string($con, $middlename));
58. $lastname = trim(mysqli_escape_string($con, $lastname));
59.  
60. $sql2= "SELECT user_Username FROM tbl_user WHERE user_Username='$username'";
61. $sql3= "SELECT user_Password FROM tbl_user WHERE user_ID='$accholder_ID'";
62. $result2 = mysqli_query($con, $sql2);
63. $result3 = mysqli_query($con, $sql3);
64. $row2 = mysqli_fetch_array($result, MYSQLI_ASSOC);
65. $row3 = mysqli_fetch_array($result2, MYSQLI_ASSOC);
66.  
67. if (mysqli_num_rows($result) == 1) {
68. echo "Sorry...This Username already exist..";
69. } else {
70. $query = mysqli_query($con, "Update tbl_user SET user_Mname = "$middlename", user_Lname = "$lastname", user_Username = "$username", user_Password = "$curpassword"");
71.  
72. if ($query) {
73. echo "Account Updated";
74. }
75. }
76. }
77. ?>