Empty query

I am trying to allow my users to update their own profile info. Yet, the query is empty(Nothing recorded into the database though it states “Your profile has been updated!”)
What did I do wrongly?

userlist.php is where my list of users are displayed

<?php

    include ('connect.php')

    ?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Insert title here</title>
    </head>
    <body>
    	<div>
    		<?php
    		foreach(fetch_users() as $user) {
    		?>
    			<p><a href="profile.php?id=<?php echo $user['id'];?>"><?php echo $user['username']; ?></a></p>
    		<?php
    		}
    		?>
    	</div>
    </body>
    </html>

userinc.php is used to store all functions

    <?php

    function fetch_users() {
    	$result = mysql_query("SELECT `user_id` AS `id`, `user_name` AS `username`, `email` AS `email`, `description` AS `description` FROM `userprofile`");
    	
    	$users = array();
    	
    	while (($row = mysql_fetch_assoc($result)) !== false) {
    		$users[] = $row;
    	}
    	
    	return $users;
    }

    // fetch profile info for the given user
    function fetch_user_info($id) {
    	$id = (int)$id;
    	$sql = "SELECT `user_id` AS `id`, `user_name` AS `username`, `email` AS `email`, `description` AS `description` FROM `userprofile` WHERE `user_id` = '$id'";
    	$result = mysql_query($sql);
    	
    	return mysql_fetch_assoc($result);
    }

    // update the current users profile info
    function set_profile_info($username, $email, $description){
    	$username = mysql_real_escape_string(htmlentities($username));
    	$email = mysql_real_escape_string(nl2br(htmlentities($email)));
    	$description = mysql_real_escape_string(htmlentities($description));

    	$sql = "UPDATE `userprofile` SET `user_name` = $username
    									 `email` = $email
    									 `description` = $description
    								WHERE user_id =". $_GET['id'];
    	
    	mysql_query($sql);

    }

    if(!mysql_query($sql)) {
    	die ('Error: '. mysql_error());
    }
    ?>

profile.php

<?php

    include ('connect.php');
    $user_info = fetch_user_info($_GET['id']);

    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Profile Information</title>
    </head>
    <body>
    	<div>
    		<?php
    		
    		if($user_info == false){
    			echo 'That user does not exist.';
    		}
    		else {
    		?>
    			<h1>Profile</h1>
    			<p>Username: <?php  echo $user_info['username']; ?> </p>
    			<p>Email: <?php echo $user_info['email']; ?></p>
    			<p>Description: <?php echo $user_info['description']; ?></p>
    		<?php
    		}
    		?>
    	</div>
    	<div>
    			<p><a href="editprofile.php?id=<?php echo $user_info['id'];?>">Edit</a></p>
    	</div>
    </body>
    </html>

editprofile.php

<?php

    include ('connect.php');

    if (isset($_POST['username'], $_POST['email'], $_POST['description'])) {
    	$errors = array();
    	
    	if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
    		$errors[] = 'Invalid email address!';
    	}
    	
    	if (empty($errors)) {
    		set_profile_info($_POST['username'],$_POST['email'], $_POST['description']);
    	}
    	
    	$user_info = array(
    	'username' => htmlentities($_POST['username']),
    	'email' => htmlentities($_POST['email']),
    	'description' => htmlentities($_POST['description'])
    	) ;
    	
    }

    else {
    $user_info = fetch_user_info($_GET['id']); //change to $_SESSION once the user is logged in, successfully
    }
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <style type = "text/css">
    	form { margin: 10px 8px 8px 8px; }
    	form div { float: left; clear: both; margin: 0px 0px 4px 0px; }
    	label { float: left; width: 100px; }
    	input[type = "text"], textarea { float: left; width: 400px; }
    	input[type = "submit"] { margin: 18px 8px 0px 100px }
    </style>
    <title>Edit Your Profile</title>
    </head>
    <body>
    	<div>
    		<?php
    		
    		if (isset($errors) == false){
    			echo 'Click update to edit your profile.';
    		}
    		else if (empty($errors)){
    			echo 'Your profile has been updated!';
    		}
    		else {
    			echo '<ul><li>', implode('</li><li>', $errors), '</li></ul>';
    		}
    		
    		?>
    	</div>
    	<form action = "" method = "post">
    		<div>
    			<label for = "username">Username:</label>
    			<input type = "text" name = "username" id = "username" value = "<?php echo $user_info['username']; ?>" />
    		</div>
    		<div>
    			<label for = "email">Email:</label>
    			<input type = "text" name = "email" id = "email" value = "<?php echo $user_info['email']; ?>" />
    		</div>
    		<div>
    			<label for = "description">Description:</label>
    			<textarea name = "description" id = "description" rows = "14" cols = "50"><?php echo strip_tags($user_info['description']); ?></textarea>
    		</div>
    		<div>
    			<input type = "submit" value = "Update" />
    		</div>
    	</form>
    </body>
    </html>

HELP PLEASE

Even though your program is telling you the profile has been updated, you’ve no way to know if the query was successful or not as your set_profile_info function doesn’t check the result from mysql_query (which would be false if the query fails) and doesn’t return anything itself:

function set_profile_info($username, $email, $description) {
    	$username = mysql_real_escape_string(htmlentities($username));
    	$email = mysql_real_escape_string(nl2br(htmlentities($email)));
    	$description = mysql_real_escape_string(htmlentities($description));
    
    	$sql = "UPDATE `userprofile` SET `user_name` = $username
    									 `email` = $email
    									 `description` = $description
    								WHERE user_id =". $_GET['id'];
    	
    	mysql_query($sql);
    
}

Looking at your query, I expect the problem is that you’re missing commas after the $username and $email values.

Try rewriting your function something like this:

function set_profile_info($username, $email, $description) {
    $username = mysql_real_escape_string(htmlentities($username));
    $email = mysql_real_escape_string(nl2br(htmlentities($email)));
    $description = mysql_real_escape_string(htmlentities($description));

    $sql = "UPDATE `userprofile` 
            SET `user_name` = $username, `email` = $email, `description` = $description
            WHERE user_id =". $_GET['id'];
    
    return mysql_query($sql);
}

This way when you call the function, you can check if it returns false and display an error message.

Two other things I should mention - first, it’s not a good idea to hardcode that reference to $_GET['id'] into your function. It’s better to pass it in as an argument, as this will allow you to reuse the function in other contexts (i.e. where the ID comes from a different source) and makes it easier to test.

Second, you really shouldn’t be using the mysql_* functions, as they have been depreciated and the mysql extension will be removed from PHP. Look into switching to [fphp]mysqli[/fphp] or [fphp]PDO[/fphp] instead.