header('Location: index.php?action=editpost'); $_SESSION['error'] = "sorry! there was an error while updating"; } } else { if (isset($_POST['editprofile'])) { $tmp_name = $_FILES["avatar"]["tmp_name"]; $name = $_FILES["avatar"]["name"]; //var_dump($name);die; move_uploaded_file($tmp_name, "uploads/{$name}"); $id = $_SESSION['userid']; $user = new User(); $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; $query = "update users set username='******', email='{$email}', password='******', pic='{$name}' where userid= '{$id}'"; $result = $user->edituser($query); if ($result) { $_SESSION['success'] = "Congrats! the profile has been updated sucessfully"; header('Location: index.php?action=profile'); } else { $_SESSION['success'] = "sorry! the profile could updated sucessfully"; header('Location: index.php?action=profile'); } } else { if (isset($_POST['messages'])) { //$_SESSION['pagetitle'] = 'newarticle'; if (filter_var($_POST['fname'], FILTER_SANITIZE_STRING)) { $_SESSION['error'] = "sorry! the fname is not valid"; } else { if (filter_var($_POST['phoneno'], FILTER_VALIDATE_INT)) { $_SESSION['error'] = "sorry! the phone no is not valid";