Welcome to WebmasterWorld Guest from

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

the update text field past nothing on the update.php



6:39 am on Dec 4, 2012 (gmt 0)

this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...

$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);

$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());

$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());

$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
echo mysql_error();
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){

$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];

if (!$result)
die("Error: Data not found..");
$negara=$rows['negara'] ;

$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];

$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";

header("Location: index.php");

<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>


12:40 pm on Dec 4, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

I know your question is not this, but your code leaves the door wide open to SQL injection.

$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";

Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.

Ref: [imgs.xkcd.com...]

In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.


6:47 am on Dec 5, 2012 (gmt 0)

i still don't understand n what solution or suggestion for the sql command

Featured Threads

Hot Threads This Week

Hot Threads This Month