| the update text field past nothing on the update.php
|
nixsham
msg:4524794 | 6:39 am on Dec 4, 2012 (gmt 0) |
this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...
<?php
$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);
$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());
}
$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
$result=mysql_query($query);
echo mysql_error();
$rows=mysql_num_rows($result);
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){
$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];
}
if (!$result)
{
die("Error: Data not found..");
}
$negara=$rows['negara'] ;
//$IdWarga=$rows['IdWarga'];
if(isset($_POST['save']))
{
$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];
$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";
header("Location: index.php");
}
}
mysql_close($doktor);
?>
<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>
|
swa66
msg:4524939 | 12:40 pm on Dec 4, 2012 (gmt 0) |
I know your question is not this, but your code leaves the door wide open to SQL injection.
$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'"; |
|
Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.
Ref: [imgs.xkcd.com...]
In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.
|
nixsham
msg:4525188 | 6:47 am on Dec 5, 2012 (gmt 0) |
i still don't understand n what solution or suggestion for the sql command
|
|
|
