I want to update Admin profile data on my Portal but It's return Success message with no update?

I am working in the HR management system and I want to update admin-profile but It is returning success message with zero updates how am I fix this
Kindly read my code and guide me how to fix this issue

Here is my admin page


and Here is the front-end part of personal details form

 <form action="../includes/admin.pro.inc.php" method="post" class="p-md-2 col-md-6">
	<div class="form-group ">
	<label for="First Name" class=" form-control-label">First Name</label>
<input type="text" name="fname" id="firstName" value ="<?= $row['fname']; ?>" class="form-control">
	 </div>
         <div class="form-group">
         <label for="Last Name" class=" form-control-label">Last Name</label>
         <input type="text" name="lname" id="lastname"value ="<?= $row['lname']; ?>"class="form-control">
        </div>
        <div class="form-group">
       	<label for="username" class="form-control-label">Username</label>
       	<input type="text" name="username" id="username" value ="<?= $row['user_name']; ?>"class="form-control">
        </div>
         <div class="form-group">
        <label for="Email" class=" form-control-label">Email</label>
        <input type="email" name="email" value ="<?= $row['email']; ?>"class="form-control">
        </div>
                               
	<?php endif; ?>
	                        	
	<button class="btn btn-info btn-lg" name="update-profile" type="submit">Update</button>
	                        	
 </form>

And back-end Code of this Form is given Below

<?php 
session_start();
if (isset($_POST['update-profile'])) {
	require_once 'db.inc.php';
	$user_id = $_SESSION[' user-id'];
	$fname = $_POST['fname'];
	$lname = $_POST['lname'];
	$username = $_POST['username'];
	$email = $_POST['email'];
	$sql = "UPDATE sys_employee SET user_name = ?, fname = ?, lname = ?,email = ? WHERE  emp_id = '$user_id' ";
	$stmt = mysqli_stmt_init($conn);
	

	if (empty($fname) || empty($lname) || empty($username) || empty($email)) {
	 	if ($_SESSION['user-type'] == 'admin')  {
		 	header("Location: ../admin/admin-profile.php?error= EmptyFields", true);
		 	exit();
		 	}
	 	else {
	 		header("Location: ../users/user-profile.php?error= EmptyFields", true);
	 		exit();
	 	}
	 }
	elseif (!preg_match("/^[a-zA-Z0-9]*$/",$username)) {
  			
  			if ($_SESSION['user-type'] == 'admin') {
  			header("Location:../admin/admin-profile.php?Error=Please_Enter_Valid_Field_Names", true);
  			exit();
			}
  			else {
  			header("Location:../users/users-profile.php?Error=Please_Enter_Valid_Field_Names", true);
  			exit();
  			}
  		}
  	elseif (!preg_match("/^[a-zA-Z]*$/",$fname,$lname)) {
  			
  			if ($_SESSION['user-type'] == 'admin') {
  			header("Location:../admin/admin-profile.php?Error=Please_Enter_Valid_Name", true);
  			exit();
			}
  			else {
  			header("Location:../users/users-profile.php?Error=Please_Enter_Valid_Field_Names", true);
  			exit();
  			}
  		}
  	elseif (!filter_var($email,FILTER_VALIDATE_EMAIL)) {
			if ($_SESSION['user-type'] == 'admin') {
				header("Location:../admin/admin-profile.php?Error=Please_Enter_Valid_EmailAddress", true);
				exit();
			}
			else{
				header("Location:../users/user-profile.php?Error=Please_Enter_Valid_EmailAddress", true);
				exit();

			}

  	}
	else if (!mysqli_stmt_prepare($stmt,$sql)) {
		
		if ($_SESSION['user-type'] == 'admin') {
			header("Location: ../admin/admin-profile.php?Sqlerror");
			exit();
		}
		else {
			header("Location: ../users/user-profile.php?Sqlerror");
			exit();
		}
	}
	else{

		mysqli_stmt_bind_param($stmt,"ssss",$username,$fname,$lname,$email);
		mysqli_stmt_execute($stmt);
		mysqli_stmt_store_result($stmt);
			if ($_SESSION['user-type'] == 'admin') {
				header("Location: ../admin/admin-profile.php?result=Success", true);
				exit();
			}
			else {
				header("Location: ../users/user-profile.php?result=Success", true);
				exit();

			}


  		}
  		mysqli_stmt_close($stmt);
  		mysqli_close($conn);
}


			if ($_SESSION['user-type'] == 'admin') {
				header("Location: ../admin/admin-profile.php?result=Success", true);
				exit();
			}

This condition is nonsense. Why is it a success to be an admin? Ask for errors:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

You don’t check whether the query has worked or not, you redirect to the “success” page regardless. As long as it passes all your validation checks, you just presume the query has executed without error.

In this bit:

$sql = "UPDATE sys_employee SET user_name = ?, fname = ?, lname = ?,email = ? WHERE  emp_id = '$user_id' ";

why do you only partly-use parameters? Why do it the right way for the first four, and then ruin it by concatenating the user-id into the query?

$user_id = $_SESSION[' user-id'];

Do spaces count in array indices? It seems as if they do, as this:

$a['username'] = "Mike";
echo $a[' username'];

gives me “E_NOTICE : type 8 – Undefined index: username – at line 4”

Your code’s not updating anything because there is a typo in a session variable index name (which @droopsnoot just posted about as well), which should be producing a php undefined index error, if php’s error related settings are set to display or log all errors and/or you weren’t redirecting everywhere.

The session variable in question is an input to your code. It needs to be validated, just like the rest of the inputs (this form and form processing code should not do anything if there is not a logged in user.) If your code was validating this input, your code would be telling you that there is no logged in user, to help you pin down the cause of the problem.

This code contains 2-3 times too much logic.due to the fact that the form and the form processing code is not on the same page. Put the form and the form processing code on the same page, validate all the inputs at once, if there are no validation errors use the submitted data, if there are validation errors, display all of them when you re-display the form, populating the form fields with the previously submitted data, so that the user doesn’t need to keep re-entering the changes over and over.

Another error buried in this wall of code is this -

preg_match does not accept a comma separated list values like that.

I wondered, but I have managed so far to steer clear of regular expressions, something I am hoping to continue with.

A lot of code could be dispensed with by checking whether the user is an admin once at the start, and creating a variable to contain the beginning of the redirect destination, as that seems to be the only difference between where a user is redirected on failure or success.

ETA - or maybe not. It depends on whether the start of this should always be the same:

header("Location: ../users/user-profile.php?Sqlerror");

vs.

header("Location:../users/users-profile.php?Error=Please_Enter_Valid_Field_Names", true);
                              ^

If it’s supposed to be the same all the time, using a variable that is set once would fix these differences.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.