php - Updating Query Matter -

php - Updating Query Matter -

i've defined user settings page in website, , there several forms appears on page, i'v written query these fields updated upon clicking on "submit" button, how end having error below;

user not updated because:you have error in sql syntax; check manual corresponds mysql server version right syntax utilize near 'sha1(5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8)', ' id =' @ line 1

this profile settings page codes form:

<?php $uid = $_session['user_id']; $query = mysqli_query($dbc, "select * users id = $uid ")or die(mysql_error()); $arr = mysqli_fetch_assoc($query); ?> <form action="?page=profileset&id=<?php echo $arr['id']; ?>" method="post" role="form"> <label for="first">first name</label> <input class="form-control" type="text" name="first" id="first" value="<?php echo $arr['first']; ?>" placeholder="first name" autocomplete="off"> </div> <div class="from-group"> <label for="last">last name</label> <input class="form-control" type="text" name="last" id="last" value="<?php echo $arr['last']; ?>" placeholder="last name" autocomplete="off"> </div> <br> <div class="from-group"> <label for="email">email address</label> <input class="form-control" type="text" name="email" id="email" value="<?php echo $arr['email']; ?>" placeholder="email address" autocomplete="off"> </div> <div class="from-group"> <label for="password">password</label> <input class="form-control" type="password" name="password" id="password" value="<?php echo $arr['password']; ?>" placeholder="password" autocomplete="off"> </div> <button id="profile-btn-change" type="submit" class="btn">submit changes</button> <input type="hidden" name="submitted" value="1"> </form>

and query updates form;

if(isset($_post['submitted']) == 1){ $first = mysqli_real_escape_string($dbc, $_post['first']); $last = mysqli_real_escape_string($dbc, $_post['last']); $password = sha1($_post['password']); $action = 'updated'; $q = "update users set first = '".$first."', lastly = '".$last."', email = '".$_post['email']."', password = '".$password."' id = '".$_post['id']."'"; $r = mysqli_query($dbc, $q); if($r){ $message = '<p class="alert alert-success">user '.$action.'!</p>'; } else { $message = '<p class="alert alert-danger">user not '.$action.' because:'.mysqli_error($dbc); } }

any consideration appreciated

you repeating password = part in update query.

do

$password = sha1($_post[password]);

instead of

$password = " password = 'sha1($_post[password])', "; update

make sure seek update query like

$q = "update users set first = '".$first."', lastly = '".$last."', email = '".$_post['email']."', password = '".$password."' id = '".$_post['id']."'";

and seek sanitize variables while utilize them.

php mysql