diff --git a/create.php b/create.php
index 1bab151..ec2d3c7 100644
--- a/create.php
+++ b/create.php
@@ -93,13 +93,13 @@
                     <a href="index.php" >Home</a>
                 </li>
                 <li>
-                    <a href="authenticate.php" >New Post</a>
+                    <a href="authenticate.php" class="active">New Post</a>
                 </li>
                 <li>
                     <a href="registration.php">Register User</a>
                 </li>
                 <li>
-                    <a href="userList.php" class="active">User list</a>
+                    <a href="userList.php" >User list</a>
                 </li>
             </ul>
         <div id="all_blogs">
diff --git a/editUsers.php b/editUsers.php
new file mode 100644
index 0000000..3f3d7ca
--- /dev/null
+++ b/editUsers.php
@@ -0,0 +1,95 @@
+<?php
+
+/*******w******** 
+Name: John Kelvin A. Valerio
+Date: 03/13/23
+Description: Project 
+****************/
+
+require('connect.php');
+//require('authenticate.php');
+
+
+$user_id = 0;
+if (isset($_GET['user_id'])) {
+    $user_id = $_GET['user_id'];
+}
+
+function filteredData()
+{
+    if (filter_input(INPUT_GET, 'user_id', FILTER_VALIDATE_INT) === 0) {
+        return true;
+    } else {
+        return filter_input(INPUT_GET, 'user_id', FILTER_VALIDATE_INT);
+    }
+}
+
+if (filteredData()) {
+    // SQL is written as a String.
+    $query = "SELECT * FROM users WHERE user_id = $user_id";
+
+    // A PDO::Statement is prepared from the query.
+    $statement = $db->prepare($query);
+
+    // Execution on the DB server is delayed until we execute().
+    $statement->execute();
+
+    $userdata = $statement->fetch();
+    echo($userdata['name']);
+}
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="stylesheet" href="main.css">
+    <title>Edit users!</title>
+</head>
+
+<body>
+    <!-- Remember that alternative syntax is good and html inside php is bad -->
+    <div id="wrapper">
+        <div id="header">
+            <h1><a href="index.php">Kelvin's Blog- Edit Users</a></h1>
+        </div>
+        <ul class="menu">
+            <li><a href="index.php">Home</a></li>
+            <li><a href="create.php">New Post</a></li>
+        </ul>
+        <div id="all_users">
+            <form action="user_post.php" method="post">
+                <fieldset>
+                    <legend>Edit Blog Post</legend>
+                    <p>
+                
+                        <label for="name">Name</label>
+                        <input name="name" id="name" value="<?= $userdata['name']?>" >
+                    </p>
+                    <p>
+                        <label for="email">Email</label>
+                        <input name="email" id="email" value="<?= $userdata['email']?>" >
+                    </p>
+                    <p>
+                        <label for="userLvl">User Lvl</label>
+                        <input name="userLvl" id="userLvl" value="<?= $userdata['user_lvl']?>" >
+                    </p>
+                    <p>
+                        <input type="hidden" name="user_id" value=<?= $user_id?> >
+                        <input type="submit" name="update" value="Update" >
+                        <input type="submit" name="delete" value="Delete"
+                            onclick="return confirm('Are you sure you wish to delete this post?')" >
+                    </p>
+                </fieldset>
+            </form>
+        </div>
+        <div id="footer">
+            Copywrong 2023 - No Rights Reserved
+        </div>
+    </div>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/userList.php b/userList.php
index a3f2b2c..b4c3055 100644
--- a/userList.php
+++ b/userList.php
@@ -62,6 +62,7 @@
                                     <small>  User email: 
                                         <?=($row['email']) ?>
                                         <h3>Role: <?= $row['user_lvl'] ?></h3>
+                                        <a href="editUsers.php?user_id=<?= $row['user_id'] ?>">edit</a>
                                     </small>
                                 </p>
                             </div>
diff --git a/user_post.php b/user_post.php
new file mode 100644
index 0000000..74ecd75
--- /dev/null
+++ b/user_post.php
@@ -0,0 +1,86 @@
+<?php
+
+/*******w******** 
+Name: John Kelvin A. Valerio
+Date: 03/13/23
+Description: Project
+****************/
+
+require('connect.php');
+session_start();
+
+if (
+    $_POST
+) {
+    if (isset($_POST['update'])) {
+        //  Sanitize user input to escape HTML entities and filter out dangerous characters.
+        $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRIPPED);
+        $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRIPPED);
+        $user_lvl = filter_input(INPUT_POST, 'userLvl', FILTER_VALIDATE_INT);
+        $user_id = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
+
+        //  Build the parameterized SQL query and bind to the above sanitized values.
+        //$query = "UPDATE content_post SET title=$title, content=$content WHERE id=$id";
+        $query = "UPDATE users SET name = :name, email = :email, user_lvl = :user_lvl WHERE user_id = :user_id";
+        $statement = $db->prepare($query);
+
+        //  Bind values to the parameters
+        $statement->bindValue(":name", $name);
+        $statement->bindValue(":email", $email);
+        $statement->bindValue(":user_lvl", $user_lvl);
+        $statement->bindValue(":user_id", $user_id);
+
+        //  Execute the UPDATE.
+        //  execute() will check for possible SQL injection and remove if necessary
+        if ($statement->execute()) {
+            header("Location: userList.php");
+            exit;
+        }
+
+    } else if (isset($_POST['delete'])) {
+        //  Sanitize user input to escape HTML entities and filter out dangerous characters.
+        $user_id = filter_input(INPUT_POST, 'user_id', FILTER_VALIDATE_INT);
+
+        //  Build the parameterized SQL query and bind to the above sanitized values.";
+        $query = "DELETE FROM users WHERE user_id = :user_id";
+        $statement = $db->prepare($query);
+
+        //  Bind values to the parameters
+        $statement->bindParam(":user_id", $user_id);
+
+        //  Execute the DELETE.
+        //  execute() will check for possible SQL injection and remove if necessary
+        if ($statement->execute()) {
+            header("Location: userList.php");
+            exit;
+        }
+    }
+
+} else {
+    $errorMessage = "The tweet message or title is empty";
+}
+
+
+?>
+
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <link rel="stylesheet" href="main.css">
+    <title>My Drip Post!</title>
+</head>
+
+<body>
+    <!-- Remember that alternative syntax is good and html inside php is bad -->
+    <?php if (!empty($errorMessage)): ?>
+        <h1>
+            <?= $errorMessage ?>
+        </h1>
+    <?php endif ?>
+</body>
+
+</html>
\ No newline at end of file