homepage Welcome to WebmasterWorld Guest from 54.205.52.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
the update text field past nothing on the update.php
nixsham




msg:4524794
 6:39 am on Dec 4, 2012 (gmt 0)

this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...

<?php
$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);

$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());
}


$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}

$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
$result=mysql_query($query);
echo mysql_error();
$rows=mysql_num_rows($result);
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){

$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];

}
if (!$result)
{
die("Error: Data not found..");
}
$negara=$rows['negara'] ;
//$IdWarga=$rows['IdWarga'];

if(isset($_POST['save']))
{
$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];


$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";

header("Location: index.php");
}
}
mysql_close($doktor);
?>

<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>

 

swa66




msg:4524939
 12:40 pm on Dec 4, 2012 (gmt 0)

I know your question is not this, but your code leaves the door wide open to SQL injection.

$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";


Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.

Ref: [imgs.xkcd.com...]

In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.

nixsham




msg:4525188
 6:47 am on Dec 5, 2012 (gmt 0)

i still don't understand n what solution or suggestion for the sql command

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved