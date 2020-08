Because external data can be altered and set to anything and cannot be trusted, you cannot safely pass the role_id, status, and id through the form when the user is not an administrator. You must leave these out of the form, out of the SET part of the UPDATE query and you must use $_SESSION['id'] as the value for the :id place-holder in the WHERE clause, i.e. a non-administrator can only edit those fields that they originally provided the values for when they registered.

When the user is an administrator, who is trusted and has the ability to edit all the fields for any user, you would pass the role_id, status, and id through the form, include the role_id and status in the SET part of the query, and use the id from the form in the WHERE clause.

All of your form processing code will be simpler if your dynamically build one UPDATE query with only those parts that it should have, using conditional logic only for the parts of it that are conditional. You would also build a $params array with the corresponding values for the place-holders, then just supply this array to the ->execute($params) method call.

jmyrtle: jmyrtle: if($role_id != '1') {

I recommend that you use a defined constant in your code instead of literal numbers and numbers should not be quoted anyway. Use something like -

define(ROLE_ADMIN, 1);

The logic tests then will look like -