Globaly-CSS-Practice/php/update-user.php

<?php
require 'connect.inc.php';

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    // Retrieve data from the form
    $name = mysqli_real_escape_string($con, $_POST['name']);
    $surname = mysqli_real_escape_string($con, $_POST['surname']);
    $email = mysqli_real_escape_string($con, $_POST['email']);
    $password = mysqli_real_escape_string($con, $_POST['password']);
    $password_again = mysqli_real_escape_string($con, $_POST['password_again']);
    $city = mysqli_real_escape_string($con, $_POST['city']);
    $birth_day = mysqli_real_escape_string($con, $_POST['birth_day']);
    $birth_month = mysqli_real_escape_string($con, $_POST['birth_month']);
    $birth_year = mysqli_real_escape_string($con, $_POST['birth_year']);
    $admin = mysqli_real_escape_string($con, $_POST['admin']);

    // Hash the password if it was provided
    if (!empty($password) && $password == $password_again) {    
        $password_hashed = md5($password);
        $password_update = "password = '$password_hashed',";
    } else {
        $password_update = "";
    }

    $query = "UPDATE `globaly_accounts` SET 
                name = '$name',
                surname = '$surname',
                email = '$email',
                $password_update
                city = '$city',
                birth_day = '$birth_day',
                birth_month = '$birth_month',
                birth_year = '$birth_year',
                admin = '$admin'
              WHERE email = '$email'";

    if (mysqli_query($con, $query)) {
        echo '<script type="text/javascript">
        alert("You have successfully edit the user!");
        window.location.href = "../admin_panel.php";
        </script>';
    } else {
        echo "Error updating user information: " . mysqli_error($con);
    }
}
?>