Gumbo
Erfahrenes Mitglied
Probier mal Folgendes:
PHP:
<?php
include 'connectdb.php';
include 'checkuser.php';
echo '<h2>-=]Members[=-</h2>';
if( $profil == 1 ) {
$query = "
SELECT
`id`,
`Nickname`,
`Mail`,
`Vorname`,
`Nachname`,
`Wohnort`,
`Games`,
`Fähigkeiten`
FROM
`benutzerdaten`
WHERE
`id` = '.$_SESSION['user_id'].'
";
$result = mysql_query($query);
while( $row = mysql_fetch_object($result) ) {
[…]
}
} elseif( $_POST['editprofil'] ) {
$query = "
UPDATE
`benutzerdaten`
SET
`Nickname` = '".mysql_real_escape_string($_POST['Nickname'])."',
`Mail` = '".mysql_real_escape_string($_POST['Mail'])."',
`Vorname` = '".mysql_real_escape_string($_POST['Vorname'])."',
`Nachname` = '".mysql_real_escape_string($_POST['Nachname'])."',
`Wohnort` = '".mysql_real_escape_string($_POST['Wohnort'])."',
`Games` = '".mysql_real_escape_string($_POST['Games'])."',
`Fähigkeiten` = '".mysql_real_escape_string($_POST['Fähigkeiten'])."'
WHERE
`id` = '".mysql_real_escape_string($_POST['id'])."'
AND `Kennwort` = '".md5($_POST['passwort'])."'
";
mysql_query($query);
if( !empty($_POST['newpwd']) && $_POST['newpwd'] === $_POST['newpwd2'] ) {
$query = "
UPDATE
`benutzerdaten`
SET
`Kennwort` = '".md5($_POST['newpwd'])."'
WHERE
`id` = '".mysql_real_escape_string($_POST['id'])."'
AND `Kennwort` = '".md5($_POST['passwort'])."'
";
mysql_query($query);
}
[…]
} else {
[…]
}
?>
