echo "<form action=\"?do=update\" method=\"post\">
first name: <input type=\"text\" name=\"firstname\" value=\"\" /><br />
last name: <input type=\"text\" name=\"lastname\" /><br />
nick name: <input type=\"text\" name=\"nickname\" /><br />
location: <input type=\"text\" name=\"location\" /><br />
email: <input type=\"text\" name=\"email\" /><br />
gender: <input type=\"checkbox\" name=\"male\" /> male <input type=\"checkbox\" name=\"female\" /> female<br />
bio: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"bio\" /><br />
fav movies: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmovies\" /><br />
fav music: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmusic\" /><br />
fav books: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favbooks\" /><br />
<input type=\"submit\" value=\"update profile\" />
</form><br />
<br />
want to change your password?
<form action=\"?do=updatepw\" method=\"post\">
current password: <input type=\"password\" name=\"currentpassword\" /><br />
new password: <input type=\"password\" name=\"newpassword\" /><br />
<input type=\"submit\" value=\"update password\" />
</form>";

On the text inputs I want to add a value with an echo inside it, how would I do that? +rep

What do you mean? As in, in the boxes you get the data from the database and put that as the values?

If you meant that try this:


$profile = mysql_query("SELECT * from users where username = '$logged[username]'");
$profile = mysql_fetch_array($profile);

echo "<form action=\"?do=update\" method=\"post\">
first name: <input type=\"text\" name=\"firstname\" value=\"$user[name]\" /><br />
last name: <input type=\"text\" name=\"lastname\" value=\"$user[lastname] /><br />
nick name: <input type=\"text\" name=\"nickname\" value=\"$user[nickname] /><br />
location: <input type=\"text\" name=\"location\" value=\"$user[location] /><br />
email: <input type=\"text\" name=\"email\" value=\"$user[email] /><br />
gender: <input type=\"checkbox\" name=\"male\" /> male <input type=\"checkbox\" name=\"female\" /> female<br />
bio: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"bio\" value=\"$user[bio] /><br />
fav movies: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmovies\" value=\"$user[favmovies] /><br />
fav music: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmusic\" value=\"$user[favmusic] /><br />
fav books: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favbooks\" value=\"$user[favbooks] /><br />
<input type=\"submit\" value=\"update profile\" />
</form><br />
<br />
want to change your password?
<form action=\"?do=updatepw\" method=\"post\">
current password: <input type=\"password\" name=\"currentpassword\" /><br />
new password: <input type=\"password\" name=\"newpassword\" /><br />
<input type=\"submit\" value=\"update password\" />
</form>";

I'm not 100% sure what you mean, but couldn't you just put the text that you want to display into a variable, then add the variable into value?
i.e.

<input type='text' value='$textHere' />

Trinity: I tried that, gives me an error.

try what i suggested :P

You both suggested the same thing.

well what do you mean by 'add an echo inside it'?

Exactly what you thought I meant, just what you gave me errored.

okay.
It errored because i did it wrong ;)



$profile = mysql_query("SELECT * from users where username = '$logged[username]'");
$user = mysql_fetch_array($profile);


try that instead of the:


$profile = mysql_query("SELECT * from users where username = '$logged[username]'");
$profile = mysql_fetch_array($profile);

No, not the mysql codes, the code inside the form.

To be honest, I'd be tempted to just end the PHP tag and use standard HTML. It's much cleaner, and if you're using an IDE, you're going to be able to see your variables much easier.

// We haven't pressed edit profile, so lets edit it!

// Get some information out of the database
$getuser = mysql_query("SELECT * FROM members WHERE id = '$_SESSION[user_id]' ") or die(mysql_error());
// Get the information into an array
$profile = mysql_fetch_array($getuser);

// Spit all the information we grabbed from the database out
// and enter it into the fields.
echo("<form method=\"post\">
<p>E-mail: <input type=\"text\" name=\"email\" value=\"$profile[email]\" /><br />
Location: <input type=\"text\" name=\"location\" value=\"$profile[location]\" /><br />
MSN address: <input type=\"text\" name=\"MSN\" value=\"$profile[MSN]\" /><br />
Password:<font color=\"#FF0000\">*</font>
<input type=\"password\" name=\"password\" value=\"\" /><br />
Confirm Password: <input type=\"password\" name=\"cpassword\" value=\"\" /><br />
<input type=\"submit\" name=\"update\" value=\"Update password\"><br />
<font color=\"#FF0000\" size=\"2\">* Leave empty if you do not wish to change</font> </p>
</form>");

That is what I use to edit my profile :s

Blinger when I use your idea I get:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/x/public_html/test/editprofile.php on line 43

Blinger when I use your idea I get:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/x/public_html/test/editprofile.php on line 43

Post your code.

echo "<form action=\"?do=update\" method=\"post\">
first name: <input type=\"text\" name=\"firstname\" value=\"$value['firstname']\" /><br />
last name: <input type=\"text\" name=\"lastname\" /><br />
nick name: <input type=\"text\" name=\"nickname\" /><br />
location: <input type=\"text\" name=\"location\" /><br />
email: <input type=\"text\" name=\"email\" /><br />
gender: <input type=\"checkbox\" name=\"male\" /> male <input type=\"checkbox\" name=\"female\" /> female<br />
bio: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"bio\" /><br />
fav movies: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmovies\" /><br />
fav music: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmusic\" /><br />
fav books: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favbooks\" /><br />
<input type=\"submit\" value=\"update profile\" />
</form><br />
<br />
want to change your password?
<form action=\"?do=updatepw\" method=\"post\">
current password: <input type=\"password\" name=\"currentpassword\" /><br />
new password: <input type=\"password\" name=\"newpassword\" /><br />
<input type=\"submit\" value=\"update password\" />
</form>";

I only did the value on the first input.

Is that what it is in your database?

echo "<form action=\"?do=update\" method=\"post\">
first name: <input type=\"text\" name=\"firstname\" value=\"{$value['firstname']}\" /><br />
last name: <input type=\"text\" name=\"lastname\" /><br />
nick name: <input type=\"text\" name=\"nickname\" /><br />
location: <input type=\"text\" name=\"location\" /><br />
email: <input type=\"text\" name=\"email\" /><br />
gender: <input type=\"checkbox\" name=\"male\" /> male <input type=\"checkbox\" name=\"female\" /> female<br />
bio: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"bio\" /><br />
fav movies: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmovies\" /><br />
fav music: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favmusic\" /><br />
fav books: <input type=\"text\" height=\"200px\" width=\"300px\" name=\"favbooks\" /><br />
<input type=\"submit\" value=\"update profile\" />
</form><br />
<br />
want to change your password?
<form action=\"?do=updatepw\" method=\"post\">
current password: <input type=\"password\" name=\"currentpassword\" /><br />
new password: <input type=\"password\" name=\"newpassword\" /><br />
<input type=\"submit\" value=\"update password\" />
</form>";

Beau I've tried what you said to do:


echo ( ?>
<form action="?do=update" method="post">
first name: <input type="text" name="firstname" value="echo /><br />
last name: <input type="text" name="lastname" /><br />
nick name: <input type="text" name="nickname" /><br />
location: <input type="text" name="location" /><br />
email: <input type="text" name="email" /><br />
gender: <input type="checkbox" name="male" /> male <input type="checkbox" name="female" /> female<br />
bio: <input type="text" height="200px" width="300px" name="bio" /><br />
fav movies: <input type="text" height="200px" width="300px" name="movies" /><br />
fav music: <input type="text" height="200px" width="300px" name="movies" /><br />
fav books: <input type="text" height="200px" width="300px" name="movies" /><br />
<input type="submit" value="update profile" />
</form><br />
<br />
want to change your password?
<form action="?do=updatepw" method="post">
current password: <input type="password" name="currentpassword" /><br />
new password: <input type="password" name="newpassword" /><br />
<input type="submit" value="update password" />
</form>
<?php
);
}
?>

however I get an error: Parse error: syntax error, unexpected ';' in /home/kolzy/public_html/test/editprofile.php on line 42 42 is the echo line. "echo ( ?>". There is no ';'.

EDIT: Thanks Trinity.

Why echo all that out? Just end your PHP tag

?>

and then do that.. and then restart it...

<?php



?>
<form action="?do=update" method="post">

first name: <input type="text" name="firstname" value="<?php echo $value['firstname']; ?>" />
<br/>
last name: <input type="text" name="lastname" />
<br/>
nick name: <input type="text" name="nickname" />
<br/>
location: <input type="text" name="location" />
<br/>
email: <input type="text" name="email" />
<br/>
gender: <input type="checkbox" name="male" />male <input type="checkbox" name="female" />female
<br/>
bio: <input type="text" height="200px" width="300px" name="bio" />
<br/>
fav movies: <input type="text" height="200px" width="300px" name="favmovies" />
<br/>
fav music: <input type="text" height="200px" width="300px" name="favmusic" />
<br/>
fav books: <input type="text" height="200px" width="300px" name="favbooks" />
<br/>
<input type="submit" value="update profile" />

</form>

<br/>
<br/>

want to change your password?

<form action="?do=updatepw" method="post">
current password: <input type="password" name="currentpassword" />
<br/>
new password: <input type="password" name="newpassword" />
<br/>
<input type="submit" value="update password" />
</form>
<?php

Nothing wrong with putting a form in an echo. I personally like to put my form in a variable and every time there's an error it says.

echo "Error: Wrong username or password. <br /> $form";

Thats the way I do it. But you can do it anyway you want really.

Waz ;]

Or you could just remove $form, and don't put an else on the action, and the form will magically show again..

Thanks Caleb, I'm going to go with you and Beau's idea.

Or you could just remove $form, and don't put an else on the action, and the form will magically show again..

What ever floats your boat.
There are no bad ways, only bad adventures lol

waz ;]

There are bad ways of doing things.. :\ I'm not saying echoing out a variable is a bad thing, don't take it that way as it's just a way to do something..

But there are appropriate and inappropriate ways of doing something.. like using sprintf here:



$username = "Bla";
$password = "blabla";

$credentials = sprintf( "%s:%s", $username, $password );


when you could just as easily, and recommended do:



$credentials = "{$username}:{$password}";

New problem:


mysql_query("UPDATE `users` (`firstname`, `lastname`, `nickname`, `location`, `email`, `gender`, `bio`, `favmovies`, `favmusic`, `favbooks`) VALUES ('".$fname."', '".$lname."', '".$nname."', '".$location."', '".$email."', '".$gender."', '".$bio."', '".$fmovies."', '".$fmusic."', '".$fbooks."',)");

That code doesn't update the mysql database.

dunno if it does anything but theres a random comma at the end :]

@ Dentafrice: is there a difference between '".$bio."' and '$bio'? Always wanted to know :]

Waz ;]

New problem:


mysql_query("UPDATE `users` (`firstname`, `lastname`, `nickname`, `location`, `email`, `gender`, `bio`, `favmovies`, `favmusic`, `favbooks`) VALUES ('".$fname."', '".$lname."', '".$nname."', '".$location."', '".$email."', '".$gender."', '".$bio."', '".$fmovies."', '".$fmusic."', '".$fbooks."',)");

That code doesn't update the mysql database.

mysql_query( "UPDATE `users` (`firstname`, `lastname`, `nickname`, `location`, `email`, `gender`, `bio`, `favmovies`, `favmusic`, `favbooks`) VALUES ('$fname', '$lname', '$nname', '$location', '$email', '$gender', '$bio', '$fmovies', '$fmusic', '$fbooks')" ) or die( mysql_error() );



dunno if it does anything but theres a random comma at the end :]

@ Dentafrice: is there a difference between '".$bio."' and '$bio'? Always wanted to know :]

Waz ;]


''s can't handle inline variables..




$text = "Hello, world!";

echo '$text';


^^ That won't work.



$text = "Hello, world!";

echo "$text";


^^ This will..

Caleb, when I use your code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`firstname`, `lastname`, `nickname`, `location`, `email`, `gender`, `bio`, `fav' at line 1

BOX! go and read a damn tutorial site and stop asking so many questions, 99% of them will be answered on a tutorial site.

Caleb, when I use your code:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`firstname`, `lastname`, `nickname`, `location`, `email`, `gender`, `bio`, `fav' at line 1
that's why you need to use UPDATE `table` SET `field`='$value', `field`='$value'

Hey,

Can't tell if this was ever fixed. So will post a quick solution. When echoing/setting a variable to text inside double quotes you can easily add in variables by simply using {$myvar} directly in the text.
The errors are most likely due to a missing character escape. A solution to that would be make use of a more advanced method of creating a string. Rather than double quotes use:



ecgo <<<EOF

text you 'want' "here"

EOF;


The advantage of EOF tags is you don't have to worry about escaping any quotation marks :)

Finally the problem with your mysql is that your using the syntax to add a new row. Not to update one :)
Update syntax should be as follows

UPDATE table_name SET column1=value, column2=value2 WHERE some_column=some_value
assuming you are updating an existing row. If you trying to create a new row though, your syntax is correct, but you should be using the command "INSERT INTO" rather than UPDATE.

Hope that helps.
CS-Dude

Just put {} around the var so it would be like {$database['username']}

Hey,

Can't tell if this was ever fixed. So will post a quick solution. When echoing/setting a variable to text inside double quotes you can easily add in variables by simply using {$myvar} directly in the text.
The errors are most likely due to a missing character escape. A solution to that would be make use of a more advanced method of creating a string. Rather than double quotes use:



ecgo <<<EOF

text you 'want' "here"

EOF;
The advantage of EOF tags is you don't have to worry about escaping any quotation marks :)

Finally the problem with your mysql is that your using the syntax to add a new row. Not to update one :)
Update syntax should be as follows

UPDATE table_name SET column1=value, column2=value2 WHERE some_column=some_valueassuming you are updating an existing row. If you trying to create a new row though, your syntax is correct, but you should be using the command "INSERT INTO" rather than UPDATE.

Hope that helps.
CS-Dude

They're called HEREDOC tags and can be anything, i.e


$what = <<<HELLO

HELLO;

$what = <<<HURFDURF

HURFDURF;
The only thing that you need to know is that the HELLO; part must be at the very start of the line, there can't be anything in front of it.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' nickname=, location=, email=, gender=, bio=, favouritemovie=, favouritemusic=, ' at line 1


mysql_query("INSERT INTO users SET firstname={$fname}, lastname={$lname}, nickname={$nname}, location={$location}, email={$email}, gender={$gender}, bio={$bio}, favouritemovie={$fmovies}, favouritemusic={$fmusic}, favouritebooks={$fbooks} WHERE username={$grab_username}") or die(mysql_error());

no dude.. for INSERT you use:

INSERT INTO `bla` (`ha`, `ha`) VALUES('$variable', '$bal')

for UPDATE:

UPDATE `bla` SET `field`='$value', `bla`='$bla'

oh, forgot to change it to update. however once I changed it to update I still get the error.

because you need to do.. `field`='$value'

you don't need {}'s and you need to have ''s around the value..

mysql_query("UPDATE `users` SET `firstname`='$fname', `lastname`='$lname', `nickname`='$nname', `location`='$location', `email`='$email', `gender`='$gender', `bio`='$bio', `favouritemovie`='$fmovies', `favouritemusic`='$fmusic', `favouritebooks`='$fbooks' WHERE `username`='$grab_username'") or die(mysql_error());

Thanks for that, it got rid of the error. I know I'm a complete noob at PHP but hopefully I'll improve. Anyway, that code doesn't update the database.

Are you sure the query is actually being executed? Post your full code.

<?php

$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$nname = $_POST['nickname'];
$location = $_POST['location'];
$email = $_POST['email'];
$gender = $_POST['gender'];
$bio = $_POST['bio'];
$fmovies = $_POST['favmovies'];
$fmusic = $_POST['favmusic'];
$fbooks = $_POST['favbooks'];

$fname = htmlspecialchars($fname);
$lname = htmlspecialchars($lname);
$nname = htmlspecialchars($nname);
$location = htmlspecialchars($location);
$email = htmlspecialchars($email);
$gender = htmlspecialchars($gender);
$bio = htmlspecialchars($bio);
$fmovies = htmlspecialchars($fmovies);
$fmusic = htmlspecialchars($fmusic);
$fbook = htmlspecialchars($fbooks);

$currentpassword = mysql_query("SELECT `password` FROM `users` WHERE `username` = '$grab_username'");
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);

$query = mysql_query("SELECT * FROM `users` WHERE `username` = '$grab_username'");
$value = mysql_fetch_array($query);

if($_GET['do'] == update){
mysql_query("UPDATE `users` SET `firstname`='$fname', `lastname`='$lname', `nickname`='$nname', `location`='$location', `email`='$email', `gender`='$gender', `bio`='$bio', `favouritemovie`='$fmovies', `favouritemusic`='$fmusic', `favouritebooks`='$fbooks' WHERE `username`='$grab_username'") or die(mysql_error());

echo "congrats, you have updated your info.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}

if($_GET['do'] == updatepw){
if($currentpassword != $value['password']){
echo "sorry, but the password you entered does not match your current one.";
} else {
mysql_query("UPDATE `users` WHERE `password` = '$newpassword'");
echo "congrats, you have updated your password.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}
}
else {
?>

<form action="?do=update" method="post">
first name: <input type="text" name="firstname" value="<?php echo $value['firstname'] ?>" /><br />
last name: <input type="text" name="lastname" value="<?php echo $value['lastname'] ?>" /><br />
nick name: <input type="text" name="nickname" value="<?php echo $value['nickname'] ?>" /><br />
location: <input type="text" name="location" value="<?php echo $value['location'] ?>" /><br />
email: <input type="text" name="email" value="<?php echo $value['email'] ?>" /><br />
gender: <input type="radio" name="gender" value="male" /> male <input type="radio" name="gender" value="female" /> female<br />
bio: <input type="text" height="200px" width="300px" name="bio" value="<?php echo $value['bio'] ?>" /><br />
fav movies: <input type="text" height="200px" width="300px" name="favmovies" value="<?php echo $value['favmovies'] ?>" /><br />
fav music: <input type="text" height="200px" width="300px" name="favmusic" value="<?php echo $value['favmusic'] ?>" /><br />
fav books: <input type="text" height="200px" width="300px" name="favbooks" value="<?php echo $value['favbooks'] ?>" /><br />
<input type="submit" value="update profile" />
</form><br />
<br />
want to change your password?
<form action="?do=updatepw" method="post">
current password: <input type="password" name="currentpassword" /><br />
new password: <input type="password" name="newpassword" /><br />
<input type="submit" value="update password" />
</form>

<?php
}
?>

The config include, session_start and ob_start are all at the top of the page, so they're not in that code.

<?php

$query = mysql_query( "SELECT * FROM `users` WHERE `username` = '$grab_username'" );
$value = mysql_fetch_array( $query );

if($_GET ['do'] == 'update') {
$fname = htmlspecialchars( $_POST ['firstname'] );
$lname = htmlspecialchars( $_POST ['lastname'] );
$nname = htmlspecialchars( $_POST ['nickname'] );
$location = htmlspecialchars( $_POST ['location'] );
$email = htmlspecialchars( $_POST ['email'] );
$gender = htmlspecialchars( $_POST ['gender'] );
$bio = htmlspecialchars( $_POST ['bio'] );
$fmovies = htmlspecialchars( $_POST ['favmovies'] );
$fmusic = htmlspecialchars( $_POST ['favmusic'] );
$fbooks = htmlspecialchars( $_POST ['favbooks'] );

mysql_query( "UPDATE `users` SET `firstname`='$fname', `lastname`='$lname', `nickname`='$nname', `location`='$location', `email`='$email', `gender`='$gender', `bio`='$bio', `favouritemovie`='$fmovies', `favouritemusic`='$fmusic', `favouritebooks`='$fbooks' WHERE `username`='$grab_username'" ) or die( mysql_error() );

echo "congrats, you have updated your info.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}

if($_GET ['do'] == 'updatepw') {

$currentpassword = mysql_query( "SELECT `password` FROM `users` WHERE `username` = '$grab_username'" );
$newpassword = $_POST ['newpassword'];
$newpassword = md5( $newpassword );

if($currentpassword != $value ['password']) {
echo "sorry, but the password you entered does not match your current one.";
} else {
mysql_query( "UPDATE `users` WHERE `password` = '$newpassword'" );
echo "congrats, you have updated your password.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}
} else {
?>

<form action="?do=update" method="post">
first name: <input type="text" name="firstname" value="<?php echo $value['firstname'] ?>" />
<br/>
last name: <input type="text" name="lastname" value="<?php echo $value['lastname'] ?>" />
<br/>
nick name: <input type="text" name="nickname" value="<?php echo $value['nickname'] ?>" />
<br/>
location: <input type="text" name="location" value="<?php echo $value['location'] ?>" />
<br/>
email: <input type="text" name="email" value="<?php echo $value['email'] ?>" />
<br/>
gender: <input type="radio" name="gender" value="male" />male <input type="radio" name="gender" value="female" />female
<br/>
bio: <input type="text" height="200px" width="300px" name="bio" value="<?php echo $value['bio'] ?>" />
<br/>
fav movies: <input type="text" height="200px" width="300px" name="favmovies" value="<?php echo $value['favmovies'] ?>" />
<br/>
fav music: <input type="text" height="200px" width="300px" name="favmusic" value="<?php echo $value['favmusic'] ?>" />
<br/>
fav books: <input type="text" height="200px" width="300px" name="favbooks" value="<?php echo $value['favbooks'] ?>" />
<br/>
<input type="submit" value="update profile" />
</form>
<br/>
<br/>
want to change your password?
<form action="?do=updatepw" method="post">
current password: <input type="password" name="currentpassword" />
<br/>
new password: <input type="password" name="newpassword" />
<br/>
<input type="submit" value="update password" />
</form>

<?php
}
?>

It still doesn't update. :S

does the "congrats you have.." come up?

yes, it does.

Something tells me you should buy "PHP for Dummies", as all this is very basic stuff. Honestly.

Not insulting you are anything, just I think you need to spend more time leaning by yourself rather than getting the community to spoon feed it to you.

try this code, and tell me what displays..



<?php

$query = mysql_query( "SELECT * FROM `users` WHERE `username` = '$grab_username'" );
$value = mysql_fetch_array( $query );

if($_GET ['do'] == 'update') {
$fname = htmlspecialchars( $_POST ['firstname'] );
$lname = htmlspecialchars( $_POST ['lastname'] );
$nname = htmlspecialchars( $_POST ['nickname'] );
$location = htmlspecialchars( $_POST ['location'] );
$email = htmlspecialchars( $_POST ['email'] );
$gender = htmlspecialchars( $_POST ['gender'] );
$bio = htmlspecialchars( $_POST ['bio'] );
$fmovies = htmlspecialchars( $_POST ['favmovies'] );
$fmusic = htmlspecialchars( $_POST ['favmusic'] );
$fbooks = htmlspecialchars( $_POST ['favbooks'] );

exit("grab_username: {$grab_username}");

mysql_query( "UPDATE `users` SET `firstname`='$fname', `lastname`='$lname', `nickname`='$nname', `location`='$location', `email`='$email', `gender`='$gender', `bio`='$bio', `favouritemovie`='$fmovies', `favouritemusic`='$fmusic', `favouritebooks`='$fbooks' WHERE `username`='$grab_username'" ) or die( mysql_error() );

echo "congrats, you have updated your info.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}

if($_GET ['do'] == 'updatepw') {

$currentpassword = mysql_query( "SELECT `password` FROM `users` WHERE `username` = '$grab_username'" );
$newpassword = $_POST ['newpassword'];
$newpassword = md5( $newpassword );

if($currentpassword != $value ['password']) {
echo "sorry, but the password you entered does not match your current one.";
} else {
mysql_query( "UPDATE `users` WHERE `password` = '$newpassword'" );
echo "congrats, you have updated your password.";
echo "<meta HTTP-EQUIV=\"refresh\" CONTENT=\"5\"; URL=\"index.php\">";
}
} else {
?>

<form action="?do=update" method="post">first name: <input type="text"
name="firstname" value="<?php
echo $value ['firstname']?>" /> <br />
last name: <input type="text" name="lastname"
value="<?php
echo $value ['lastname']?>" /> <br />
nick name: <input type="text" name="nickname"
value="<?php
echo $value ['nickname']?>" /> <br />
location: <input type="text" name="location"
value="<?php
echo $value ['location']?>" /> <br />
email: <input type="text" name="email"
value="<?php
echo $value ['email']?>" /> <br />
gender: <input type="radio" name="gender" value="male" />male <input
type="radio" name="gender" value="female" />female <br />
bio: <input type="text" height="200px" width="300px" name="bio"
value="<?php
echo $value ['bio']?>" /> <br />
fav movies: <input type="text" height="200px" width="300px"
name="favmovies" value="<?php
echo $value ['favmovies']?>" /> <br />
fav music: <input type="text" height="200px" width="300px"
name="favmusic" value="<?php
echo $value ['favmusic']?>" /> <br />
fav books: <input type="text" height="200px" width="300px"
name="favbooks" value="<?php
echo $value ['favbooks']?>" /> <br />
<input type="submit" value="update profile" /></form>
<br />
<br />
want to change your password?
<form action="?do=updatepw" method="post">current password: <input
type="password" name="currentpassword" /> <br />
new password: <input type="password" name="newpassword" /> <br />
<input type="submit" value="update password" /></form>

<?php
}
?>

Maybe that's a good idea.

No offense taken, but I honestly don't understand why it's not working. I've done this before, the mysql_query codes are the same but this one still doesn't work.

@Caleb: grab_username: wsg14

do what I said above, tell me what outputs.

do what I said above, tell me what outputs.

it's in the edit.