Leaderboard

If you're going to ask the same question, then it's going to be the same answer: If you don't want to use PDO and have it throw exceptions when you make a mistake, then you need to check for errors yourself. If prepare returned false, then you need to print the error message from MySQL. You have a problem with the SQL query you're trying to prepare. You changed the format of that UPDATE query between the two pieces of code and now the query is wrong. UPDATE queries do not use the same format as INSERT queries.

There are several problems with that upload code. The major one is that you are doing no error checking or validation on the file that was uploaded. If someone uses that form to upload a .php file, you'll just copy it to your server where someone can then access the URL, and now you're running some random PHP code that someone uploaded. That's probably the single easiest way to get your server hacked. You need to validate the file to make sure that it's allowed, and you also need to check for errors that may have happened during the upload: http://php.net/manual/en/features.file-upload.errors.php You also need to use prepared statements when you're sending data to the database. Don't put variables right into the query, use a prepared statement with placeholders that you can use to send the data separately to protect your database. The mysqli extension supports prepared statements: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php To avoid re-submitting the form when someone refreshes the browser, after you finish processing the form you should send a location header to redirect the user. Then if they refresh they will only refresh the redirected URL instead of the form submission. You can redirect them to a thank you page, some other page that shows a message from the form, back to the form, etc. You should also move all of your form processing code to the top of your file, before any HTML output. If you're just going to end up redirecting the user there's no reason to send any HTML at all. The first thing the file should do is figure out if it needs to process or display the form, and go from there. For some reason you used an embed tag, you only need to use a video tag. Look up the video reference to see how to use that. You also messed up with the quotes in that string, if you view the source code of that page in the browser you'll see the problem.

It is so much much easier to do it in PDO, why don't you use it ? And it is even more secure. dbconnection: try { $username = "db_username"; $password = "db_password"; $db = new PDO("mysql:host=localhost;dbname=your_dbname", $username, $password); $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); echo "Connected !"; } catch (PDOException $e) { echo $e->getMessage(); } then your script to insert those values: try { $sql = "UPDATE users SET Username=:username, Email=:email, EmployeeID=:empid, Designation=:design, Password=:password WHERE Id = :id"; $stmt = $db->prepare($sql); $stmt->bindParam(":username", $username); $stmt->bindParam(":email", $email); $stmt->bindParam(":empid", $employee); $stmt->bindParam(":design", $designation); $stmt->bindParam(":password", $password); $stmt->bindParam(":id", $id); if($stmt->execute()){ echo "<font face='Verdana' size='2' color='green'> You have successfully updated your profile <br /> </font>"; } else { $msg = "<font face='Verdana' size='2' color='red'> There is some problem in updating your profile. Please contact site admin <br /></font>"; } } catch (PDOException $e) { print_r($e->getMessage()); } This is a clean way to do what you want but in PDO not MySQLi.

Upon refreshing, the video is still uploaded to database ? Not the folder, because i might be thinking that it displays you the page because in database there is a video saved with an url but on your host in the videos folder there is no video with the url from db, that's mostly why you have that error.