php - Automatically reload data from database into HTML form after submitting -

i trying create user profile registration site. basics in place, users can signup , login site.

each member receives unique member id in db , after logging in given access page below. simple form loads data database pre-filled values in html form input fields. changing data , submit data, stores data correctly in database. examples , advice experts @ site.

my question how make form reload, or fields update new data db without having reload page manually after clicking submit button?

it appreciated feedback security of form. have tried study mysql pdo , prepared statements avoid sql injection feel have long way go before understand , make sure site secure.

<?php require('includes/config.php');   //redirect login page if not logged in if(!$user->is_logged_in()){ header('location: login.php'); }  //get user profile data db $sth= $db->query ("select username, firstname, middlename, lastname, email members");  $sth->bindcolumn (1, $username); $sth->bindcolumn (2, $firstname); $sth->bindcolumn (3, $middlename); $sth->bindcolumn (4, $lastname); $sth->bindcolumn (5, $email); while ($sth->fetch (pdo::fetch_bound))  //process form when submitted if(isset($_post['submit'])){     //if nothing wrong, store data in db     if(!isset($error)){         try {             //update user profile in database prepared statement             $sql = "update members set username = :username,                 firstname = :firstname,             middlename = :middlename,             lastname = :lastname,             email = :email             memberid = :memberid";         $stmt = $db->prepare($sql);          $stmt->bindparam(':username', $_post['username'], pdo::param_str);         $stmt->bindparam(':firstname', $_post['firstname'], pdo::param_str);         $stmt->bindparam(':middlename', $_post['middlename'], pdo::param_str);         $stmt->bindparam(':lastname', $_post['lastname'], pdo::param_str);         $stmt->bindparam(':email', $_post['email'], pdo::param_str);         $stmt->bindparam(':memberid', $_session['memberid'], pdo::param_str);         $stmt->execute();       //catch error message if wrong     } catch(pdoexception $e) {         $error[] = $e->getmessage();         }     } } //define page title $title = 'profile registration';  //include member header require('layout/header_member.php');  ?> <div class="container"> <h2>please register profile</h2> <p>get started , register profile below</p> <p>your member id is: <?php echo $_session['memberid']; ?> </p> <?php     //show error messages database here     if(isset($error)){         foreach($error $error){             echo '<p class="bg-danger">'.$error.'</p>';         }     } ?> </div> <hr> <div class="container">        <form class="form-horizontal" role="form" method="post" action="<? echo $_server['php_self']; ?>">  <div class="form-group">  <label class="control-label col-sm-2" for="username">display name</label>  <div class="col-sm-10">   <input type="text" required class="form-control" name="username"    id="username" placeholder="your display name" value="<?php if(isset($error)){    echo $_post['username']; } ?><?php echo $username; ?>" >  </div>  </div>  <div class="form-group">  <label class="control-label col-sm-2" for="firstname">first name</label>  <div class="col-sm-10">   <input type="text" required class="form-control" name="firstname" id="firstname" placeholder="your first name" value="<?php if(isset($error)){ echo $_post['firstname']; } ?><?php echo $firstname; ?>" >  </div>  </div> <div class="form-group">  <label class="control-label col-sm-2" for="middlename">middle initials</label>  <div class="col-sm-10">   <input type="text" class="form-control" name="middlename" id="middlename" placeholder="middle initials" value="<?php if(isset($error)){ echo $_post['middlename']; } ?><?php echo $middlename; ?>" >  </div>  </div> <div class="form-group">      <label class="control-label col-sm-2" for="lastname">last name</label>  <div class="col-sm-10">   <input type="text" required class="form-control" name="lastname" id="lastname" placeholder="your last name" value="<?php if(isset($error)){ echo $_post['lastname']; } ?><?php echo $lastname; ?>" >  </div>  </div> <div class="form-group">  <label class="control-label col-sm-2" for="email">email</label>  <div class="col-sm-10">   <input type="email" required class="form-control" name="email" id="email" placeholder="your email address" value="<?php if(isset($error)){ echo $_post['email']; } ?><?php echo $email; ?>" >  </div>  </div>        <button type="submit" name="submit" value="submit" class="btn btn-default">submit</button>   </form>        </div> <?php  //include footer require('layout/footer.php');  ?> 

you can change values of html form this:

value="<?php  if(isset($_post['username'])) {      echo $_post['username'];  } else {      echo $username;  } ?>" 

the values submitted show if form failed (which have used $error) , should form submit , update database. in other words, have either $username or value last submitted in form.

you "sanitize filters" filter away unwanted characters user posts.