Can anyone please tell what am i doing wrong in this code , i am trying to fetch the data from the database and display in textboxes and then i am trying to edit it but it is giving me the error :
Notice: Undefined variable: password ,Notice: Undefined variable: email ,Notice: Undefined variable: phone.I really can'tunderstand what am i doing wrong here:( ?


<?php

include "sessioncheck.php";
?>


<?php


if(isset($_POST["update"])){
//echo'<pre>';print_r($_POST);exit();

//$user_name =$_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
$phone = $_POST["tel"];
$id =$_POST["id"];

//***** DB Connection *****//
$hostname = 'localhost';
$dbname = 'shopping';
$username = 'root';

mysql_connect('localhost', 'root', '') or DIE('Connection Not FOUND..!');
mysql_select_db('shopping') or DIE('Database name is not available!');
//***** DB Connection END*****//

$query = "SELECT id, email , password, status FROM users WHERE id='$id' , email='$email' , password='$password' , status='$phone'";
//echo $query;exit();
$result = mysql_query($query);

$rows = mysql_num_rows($result);
// //echo'USER EXIST';
if ($rows==1){
while($rs = mysql_fetch_array($result)){
$id = $rs["id"];
$email = $rs["email"];
$phone =$rs["status"];
$password=$rs["password"];


}
}

$query = "UPDATE users SET id = '$id' , email='$email' , password = '$password' , status= '$phone'";

$result = mysql_query($query);
if($result==false){
die(mysql_error());
}
header("Location: Grid.php");
return mysql_affected_rows();

//echo'<pre>';print_r($result);exit();

exit();


}


?>

<!DOCTYPE html>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
<div class="form">
<h2>Edit Data</h2>
<form method="post" action="update1.php">
<input type="hidden" value="<?php echo $id;?>" name="id">
<!-- <input type="text" name="name" placeholder="Username"/> -->
<input type="password" name="password" value="<?php echo $password;?>" placeholder="Password"/>
<input type="email" name="email" value="<?php echo $email;?>" placeholder="Email Address"/>
<input type="tel" name="tel" value="<?php echo $phone;?>" placeholder="Phone Number"/>
<input type="submit" name = "update" value="Update">
</form>
</div>
</body>
</html>

There is almost nothing about this code that's worth saving. Sorry to have to say that. It looks like a random jumble of things found on the web, that don't match each other or match the stated task.

So, first step, you need to retrieve a row of existing data to populate the form fields with. To do that, you need -

1) A user permission check to make sure the current visitor is logged in and allowed to edit data. I'm guessing your include "sessioncheck.php"; code may be doing this. You should however, use 'require' for code that is required for your application to work.

2) A piece of input data that tells the code what row to match in the database table. If the purpose of this is to allow a user to edit his own data, you would need the user id of the current visitor. If the purpose of this is to allow an administrator to edit anyone's data, you would need a method of picking which user to edit, that would supply that user's id as an input to this code.

3) A database connection. Note: the mysql statements are obsolete and have been removed from php. You need to use either the PDO, which is the best choice, or the mysqli database extension. You also need to use prepared queries, with place-holders in the sql statement for input data values, then bind the input data to those place-holders. You should also use exceptions to handle database statement errors. This will eliminate the need to add logic around each statement that can fail due to an error.

4) If the edit form hasn't been submitted, you need to perform the following items #5 through #7. If the edit form has been submitted, skip to item #8 and populate the form fields with the data from the edit form submission.

5) Produce a SELECT query with a WHERE clause that will match the correct row of data. To safely supply the id to the sql query statement, you would put a place-holder in the sql statement for the id value. then supply the actual value when the query is executed. If using the PDO extension, this would look like -


$query = "SELECT list_the_columns_you_want FROM users WHERE id = ?";
$stmt = $pdo->prepare($query);
$stmt->execute(array($id)); // the $id variable holds the id of the user you are trying to retrieve the row of data for

6) Execute the SELECT query.

7) Test if the query matched a row and retrieve that row of data.

8) Populate the form fields with either the data that was retrieved from the SELECT query or from the edit form submission.

The easiest way of determining if the code should perform the steps to retrieve the data from the database table or use the data from an edit form submission is to use an array variable ($data for example) to hold the data. Initialize the variable to an empty array near the top of the code. Inside the form processing logic, copy the $_POST data to this array variable, making it not empty. In the logic that decides to run the SELECT query, if the array variable is empty, run that logic and put the retrieved data into the array variable. The code for the form would just use this array variable as its source of data.

You also need to be constant in your coding. The database column names and anything related to those should carry the same name throughout the code.

To handle application errors that may occur, you should use another array variable ($errors for example). Initialize it to an empty array near the top of the code. Set elements in this variable when your logic detects errors, such as no id value, the SELECT query did not match any row, form field validation errors, ... Then at each step that requires it, test if there are no errors at that point (the array will be empty), before proceeding with the next step. You would display the errors in this array variable at the point of re-displaying the form.

Once you have all of this working, you can go onto the next step of processing the edit form submission to produce and execute an UPDATE query.