prepare(" SELECT username, full_name, email, branch_id FROM users WHERE user_id = ? "); $stmt->execute([$user_id]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if (!$user) { $_SESSION['error'] = "User not found."; header("Location: my_profile.php"); exit(); } // Handle form submission if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (!isset($_POST['csrf']) || $_POST['csrf'] !== $_SESSION['csrf_token']) { $_SESSION['error'] = "Invalid CSRF token."; } else { $full_name = trim($_POST['full_name'] ?? ''); $email = trim($_POST['email'] ?? ''); if (empty($full_name) || empty($email)) { $_SESSION['error'] = "All fields are required."; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $_SESSION['error'] = "Invalid email address."; } else { try { $stmt = $pdo->prepare(" UPDATE users SET full_name = ?, email = ? WHERE user_id = ? "); $stmt->execute([$full_name, $email, $user_id]); $_SESSION['success'] = "Profile updated successfully!"; // Refresh user data $user['full_name'] = $full_name; $user['email'] = $email; } catch (PDOException $e) { $_SESSION['error'] = "Update failed: " . h($e->getMessage()); } } } header("Location: edit_profile.php"); exit(); } ?>
Edit Profile
Profile

@

Please enter your full name.
Please enter a valid email.
Cancel