Big Issues with getting a profile update page to update the databse

Question

I've got a big issue with my website. I've made a profile page which will allow users to amend their details, and then submit. Upon submitting the details should be updated in the database, however I just get a blank page and nothing happens. I've been up for 30+ hours trying to figure things out but no luck. It's likely to be screwed up, as now is my brain.

Any help would be GREATLY appreciated.

Profile amend page:

<?php 
session_start();     
if (!isset($_SESSION['Username'])) {
   echo 'Welcome, '.$_SESSION['Username']; 
} else {
echo 'Sorry, You are not logged in.';
}
?>


 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Index</title>
<link href="External style sheet layout.css" rel="stylesheet" type="text/css" />

<h1><?php echo date("D M d, Y G:i a"); ?>
    <?php $welcome = 'Hi';
if (date("H") < 12) {
    $welcome = 'Good Morning';
} else if (date('H') > 11 && date("H") < 18) {
    $welcome = 'Good Afternoon';
} else if(date('H') > 17) {
    $welcome = 'Good Evening';
}
echo $welcome;
?></h1> 


 <div class="Login">
<h3><ul>
<?php if(isset($_SESSION['authenticatedUser']) && $_SESSION['authenticatedUser'] != null ) {?>
    <li><a href="Profile.php">Welcome <?php echo $_SESSION["authenticatedUser"] ?></a></li>
    <li><a href="logout.php"><span>Log Out</span></a></li> 
<?php } else {?> <li><a href="login.php"><span>Log In</span></a></li> <?php } ?>

  <li><a href="createUser.php">Register</a></li>
  <li><a href="#">Basket</a></li>

</ul></h3>
</div>


</head>

<body>
<div id="container">
    <div id="header">

            <img src="Images/Schurter3.jpg" width="800" height="300" alt="Schurter" />
  </div>
<div id="navigation">
        <ul id="navbar">
            <li><a href="Index.php">Home</a></li>
            <li><a href="Components.html">Components</a>
                        <ul>
                            <li><a href="Circuit protection.html">Circuit Protection</a>
                            <li><a href="Connectors.html">Connectors</a></li>
                            <li><a href="Switches.html">Switches</a></li>
                            <li><a href="EMC Products.html">EMC Products</a></li>
                            <li><a href="Other Products.html">Other Products</a></li>
                        </ul>
                        </li> 
            <li><a href="EMS.html">Electronic Manufacturing Services</a>
                        <ul>
                            <li><a href="Application Examples.html">Application Examples</a></li>
                            <li><a href="Processes.html">Processes</a></li>
                        </ul>
                        </li> 
            <li><a href="About.html">About</a></li>
            <li><a href="Contact.php">Contact</a></li>
        </ul>
    </div>



<?php
  include 'db.inc';

 //Check to see if a customer ID has been passed in the URL 
  $memberID = $_GET["memberID"];

  // Has a custID been provided? If so, retrieve the customer
  // details for editing.
  if (!empty($memberID))
  {
      $connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!"); 

// select database 
      mysql_select_db($databasename) or die ("Unable to select database!"); 

      $query = "SELECT * FROM members WHERE id = " . $memberID;
      //Get the recordset
      $recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 
      $row = mysql_fetch_assoc($recordSet);
      //Check for errors
      //if (!$recordSet) 
      //   print $connection->ErrorMsg();
      // else
     // {
        // Load all the form variables with customer data
        $Firstname = $row['Firstname'];
        $Surname = $row['Surname'];
        $Emailaddress = $row['Emailaddress'];
        $Username = $row['Username'];
        $Password = $row['Password'];

     // }//End else
}     
?>








    <form name="RegisterForm"  action="ProfileUpdate.php"  method="post" > 
    <input type="hidden" name="memberID" value="<?php echo $memberID;?>">

    <label>First name*</label>
    <input name="Firstname" placeholder="Enter first name here" value="<?php echo $Firstname;?>" required/> 

    <label>Surname*</label>
    <input name="Surname" placeholder="Enter surname here" value="<?php echo $Surname;?>" required/> 

    <label>Email*</label>
    <input name="Emailaddress" type="email" placeholder="Enter email here" value="<?php echo $Emailaddress;?>" required/> 

    <label>Username*</label>
    <input name="Username" type="text" placeholder="Enter a desired username" value="<?php echo $Username;?>" required/> 

    <label>Password*</label>
    <input name="Password" type="password" placeholder="Enter a desired password" value="<?php echo $Password;?>" required/> 

    <input id="submit" name="submit" type="submit" value="Update Details">

</form>



</body>
</html>

And this is the update action page:

<?php
 require('db.inc');

  $memberID = $_GET["id"];
  echo $memberID;



  // trim the POSTed values - gets rid of unecessary whitespace 
$Firstname = $_POST['Firstname'];
$Surname = $_POST['Surname'];
$Emailaddress = $_POST['Emailaddress'];
$Username = $_POST['Username'];
$Password = $_POST['Password'];
  //Here we use validation at the server
  // Vaildate the firstname


?>
<!DOCTYPE HTML PUBLIC 
   "-//W3C//DTD HTML 4.0 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Customer Details Error</title></head>
<body bgcolor="white">  
<h1>Customer Details Error</h1>
<?=$errorString?>
<br><a href="ProfileAmend.php">Return to the customer form</a>
</body>
</html>
<?php      


   // If we made it here, then the data is valid
$connection = mysql_connect($hostname, $username, $password) or die ("Unable to connect!"); 

// select database 
mysql_select_db($databasename) or die ("Unable to select database!");  

//  this is an update
    if (!empty($memberID))
    {
       $query = "UPDATE members SET ". 
        "Firstname = '$Firstname', Surname = '$Surname', " .                    
       "Emailaddress = '$Emailaddress', Username = '$Username', Password = '$Password', " .
       " WHERE id = $memberID";


        $recordSet = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

        echo "Your updates are complete!"; 
     }

?>

Answer 1

<?php 
session_start();     
if (!isset($_SESSION['Username'])) {
   echo 'Welcome, '.$_SESSION['Username']; 
} else {
echo 'Sorry, You are not logged in.';
}
?>

Fix this one to:

<?php 
session_start();     
if (isset($_SESSION['Username'])) {
   echo 'Welcome, '.$_SESSION['Username']; 
} else {
echo 'Sorry, You are not logged in.';
}
?>

The first one is wrong, it checks for a username if there is no username then it displays the username else it doesnt.

On-topic:

<form name="RegisterForm"  action="ProfileUpdate.php"  method="post" >

Change the above line to:

<form name="RegisterForm"  action="ProfileUpdate.php?id=<?php echo $memberID ?>" method="post" >

As your profileUpdate.php is requesting a member ID, this is necessary and after this, the code should work!