Welcome to WebmasterWorld Guest from 54.226.25.231

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

the update text field past nothing on the update.php

     

nixsham

6:39 am on Dec 4, 2012 (gmt 0)



this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...

<?php
$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);

$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());
}


$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}

$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
$result=mysql_query($query);
echo mysql_error();
$rows=mysql_num_rows($result);
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){

$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];

}
if (!$result)
{
die("Error: Data not found..");
}
$negara=$rows['negara'] ;
//$IdWarga=$rows['IdWarga'];

if(isset($_POST['save']))
{
$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];


$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";

header("Location: index.php");
}
}
mysql_close($doktor);
?>

<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>

swa66

12:40 pm on Dec 4, 2012 (gmt 0)

WebmasterWorld Senior Member swa66 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I know your question is not this, but your code leaves the door wide open to SQL injection.

$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";


Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.

Ref: [imgs.xkcd.com...]

In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.

nixsham

6:47 am on Dec 5, 2012 (gmt 0)



i still don't understand n what solution or suggestion for the sql command
 

Featured Threads

Hot Threads This Week

Hot Threads This Month