homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

the update text field past nothing on the update.php

 6:39 am on Dec 4, 2012 (gmt 0)

this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...

$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);

$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());

$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());

$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
echo mysql_error();
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){

$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];

if (!$result)
die("Error: Data not found..");
$negara=$rows['negara'] ;

$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];

$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";

header("Location: index.php");

<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>



 12:40 pm on Dec 4, 2012 (gmt 0)

I know your question is not this, but your code leaves the door wide open to SQL injection.

$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";

Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.

Ref: [imgs.xkcd.com...]

In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.


 6:47 am on Dec 5, 2012 (gmt 0)

i still don't understand n what solution or suggestion for the sql command

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved