It is so much much easier to do it in PDO, why don't you use it ? And it is even more secure.
dbconnection:
try {
$username = "db_username";
$password = "db_password";
$db = new PDO("mysql:host=localhost;dbname=your_dbname", $username, $password);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
echo "Connected !";
} catch (PDOException $e) {
echo $e->getMessage();
}
then your script to insert those values:
try {
$sql = "UPDATE users SET Username=:username, Email=:email, EmployeeID=:empid, Designation=:design, Password=:password WHERE Id = :id";
$stmt = $db->prepare($sql);
$stmt->bindParam(":username", $username);
$stmt->bindParam(":email", $email);
$stmt->bindParam(":empid", $employee);
$stmt->bindParam(":design", $designation);
$stmt->bindParam(":password", $password);
$stmt->bindParam(":id", $id);
if($stmt->execute()){
echo "<font face='Verdana' size='2' color='green'> You have successfully updated your profile <br /> </font>";
} else {
$msg = "<font face='Verdana' size='2' color='red'> There is some problem in updating your profile. Please contact site admin <br /></font>";
}
} catch (PDOException $e) {
print_r($e->getMessage());
}
This is a clean way to do what you want but in PDO not MySQLi.