function updUser($user_id)
{
global $connection, $uimgdest, $allowedTypes;
if (!$connection) {
die('Could not connect: ' . mysqli_error($connection));
} else {
//Case when user wants to delete avatar and update new data
if (isset($_POST['addnew']) & is_numeric($user_id)) {
$detectedType = $_FILES['file']['name'];
$ext = pathinfo($detectedType, PATHINFO_EXTENSION);
if (in_array($ext, $allowedTypes)) {
//Connect Database
$userData = getuserData($user_id);
$userimg = $userData["usrimg"];
$userimgdest = $uimgdest . $userimg;
if ($userimg && file_exists($userimgdest)) {
unlink($userimgdest);
}
//Case where image upload fails
if ($_FILES['file']['error'] > 0) {
$error = "Error: " . $_FILES['file']['error'] . "<br>";
return $error;
} else {
//Move image to upload destination
global $imgdest;
if (!is_dir($imgdest)) {
$old = umask(0);
mkdir($imgdest, 0755, true);
umask($old);
}
move_uploaded_file($_FILES['file']['tmp_name'], $imgdest . basename($_FILES['file']['name']));
//Escape variables for security
$name = mysqli_real_escape_string($connection, $_POST["name"]);
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$usrtel = mysqli_real_escape_string($connection, $_POST["usrtel"]);
$gender = mysqli_real_escape_string($connection, $_POST["gender"]);
$usrimg = mysqli_real_escape_string($connection, $_FILES['file']['name']);
//Insert new data
$sql = "UPDATE users SET name='{$name}', username='******' ,\n email='{$email}', usrtel='{$usrtel}', gender='{$gender}', usrimg='{$usrimg}'\n WHERE id='{$user_id}'";
}
} else {
die('Filetype not allowed!');
}
} else {
//Escape variables for security
$name = mysqli_real_escape_string($connection, $_POST["name"]);
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$usrtel = mysqli_real_escape_string($connection, $_POST["usrtel"]);
$gender = mysqli_real_escape_string($connection, $_POST["gender"]);
//Insert new data
$sql = "UPDATE users SET name='{$name}', username='******' ,\n email='{$email}', usrtel='{$usrtel}', gender='{$gender}' WHERE id='{$user_id}'";
}
if ($connection->query($sql) === TRUE) {
header("Location: index.php");
} else {
$error = "ERROR: " . $sql . "<br>" . $connection->error;
return $error;
}
}
}
<?php
error_reporting(E_ALL);
ini_set('display_errors', true);
include 'Config/functions.php';
include 'Config/static_config.php';
$user_id = $_GET['id'];
$user_id = (int) $user_id;
$userData = getuserData($user_id);
$regdate = date($format, strtotime($userData["regdate"]));
$replacement_array = array($userData["username"] . 's - Profile', '<div class="pageheading">
<h3>Profile info</h3>
</div>
<div class="content-box">
<div class="row">
<div class="userprofile">
<div class="col-1-3">
<img src="' . $imgdest . $userData["usrimg"] . '" alt="' . $userData["username"] . 's avatar">
</div>
<div class="col-2-3 content-box-lr userprofiledata">
<h4>' . $userData["name"] . '</h4>
<ul>
<li>Username: '******'<li>
<li>Email: ' . $userData["email"] . '<li>
<li>Telephone: ' . $userData["usrtel"] . '<li>
<li>Gender: ' . $userData["gender"] . '<li>
</br>
<li>Registration date: ' . $regdate . '</li>
</ul>
<div class="col-1-1 user_nav_bar">
<div class="user-nav-btn">