0

I want to make a function that changes the user's profile picture. I don't want to upload custom images, so I have mines. I have a modal, which is displaying the pictures, and when the user click onto the image, it navigates the user to change-prof.php. After the user gets navigated to php file, nothing happens. Just a blank page.

 <a href='change-prof.php?id={$id}'>
    <div class='prof-img-con'>
        <img src='/assets/images/profiles/smile.jpg'>
    </div>
</a>

The PHP file:

<?php

$db = mysqli_connect("localhost", "root", "", "phplogin");
if(!$db)

{

  die("Connection failed: " . mysqli_connect_error());

}
$id = $_GET['id'];
$qry = mysqli_query($db,"SELECT profile_picture FROM accounts WHERE id='$id'");

$data = mysqli_fetch_array($qry);
if (isset($_POST['suspendok'])) {
    $smile= '/assets/images/profiles/smile.jpg';

    $edit = mysqli_query($db,"UPDATE accounts SET profile_picture='$smile' WHERE id='$id'");
    
    if($edit)
    {
        mysqli_close($db); // Close connection
        header("location: index.php?change=success");
        exit;
    }
    else
    {
        echo mysqli_error();
    }       
}
?>
scrummy
  • 795
  • 1
  • 6
  • 20
  • A blank page probably indicates an error in the PHP, but that you have on-screen error reporting switched off in your PHP config (which is normally what you'd do in a live site rather than development). Configure on-screen error reporting and/or error logging to a file so you can get the underlying error message. – ADyson Apr 06 '21 at 21:31
  • Alternatively, it could simply be that your page produces no output! Certainly, `$_POST['suspendok']` won't exist because the link the user clicks on generates a GET, not a POST, and there's no data submitted (apart from the id on the querystring). So really if you're expecting this to take some action based on navigating to it from a hyperlink, then relying on a POST variable makes no sense at all. – ADyson Apr 06 '21 at 21:33
  • since you have your predefined pics, add element to each pic. use Ajax to register what the user choice is. then save the chosen pic. use Ajax call –  Apr 06 '21 at 21:34
  • P.S. **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Apr 06 '21 at 21:34
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php). Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped input values. – ADyson Apr 06 '21 at 21:34
  • And never configure your web app to login to the database as root. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. – ADyson Apr 06 '21 at 21:35

1 Answers1

1

Your whole code is written under if block

if (isset($_POST['suspendok'])) {

I dont see this property getting posted. Try adding else condition to this block you will notice the message being printed there.

So you need to either post this value or remove it.

ADyson
  • 57,178
  • 14
  • 51
  • 63
Satwinder Singh
  • 229
  • 2
  • 9