1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:58 pm Apr 27, 2026

Forum Moderators: coopster

Message Too Old, No Replies

the update text field past nothing on the update.php

         

nixsham

6:39 am on Dec 4, 2012 (gmt 0)

10+ Year Member



this the code on edit.php...before that i'm sory because i'm a newbie in this php..and i need all yor assistance to help me finish my project...
the problem is when i click the button update on page index.php it go to this page edit.php, the data didn't display according to the data that i want to update..please help me...

<?php
$hostname_doktor = "localhost";
$database_doktor = "doktor";
$username_doktor = "root";
$password_doktor = "";
$doktor = mysql_pconnect($hostname_doktor, $username_doktor, $password_doktor) or trigger_error(mysql_error(),E_USER_ERROR);

$IdWarga = isset($_POST['IdWarga']);
$negara = isset($_POST['negara']);
$link = mysql_connect('localhost', 'root', '');
if (!$link) {
die('Not connected : ' . mysql_error());
}


$db_selected = mysql_select_db('doktor', $link);
if (!$db_selected) {
die ('Can\'t use database : ' . mysql_error());
}

$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";
$result=mysql_query($query);
echo mysql_error();
$rows=mysql_num_rows($result);
if(mysql_num_rows($result) >0){
while ($rows = mysql_fetch_array($result) or die (mysql_error())){

$IdWarga = $_POST['IdWarga'];
$negara = $_POST['negara'];

}
if (!$result)
{
die("Error: Data not found..");
}
$negara=$rows['negara'] ;
//$IdWarga=$rows['IdWarga'];

if(isset($_POST['save']))
{
$negara_save = $_POST['Negara'];
$IdWarga_save = $_POST['IdWarga'];


$query = "UPDATE warganegara SET negara='" . $_POST['negara_save'] . "' WHERE IdWarga='" . $_POST['IdWarga'] . "'";
echo $query;
echo "Saved!";

header("Location: index.php");
}
}
mysql_close($doktor);
?>

<td><label for="negara"></label>
<input type="text" name="negara" id="negara" value="<?php echo $rows['negara']; ?>"></td>

swa66

12:40 pm on Dec 4, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I know your question is not this, but your code leaves the door wide open to SQL injection.

$IdWarga = isset($_POST['IdWarga']);
$query ="SELECT * FROM warganegara WHERE IdWarga = '$IdWarga'";


Do not send unfiltered data to mysql: the interpretation mysql will do will result in somebody sending what your code assumes is data but contains commands.

Ref: [imgs.xkcd.com...]

In fact, since you're still in the learning phase:
- forget about the mysql interface it is bsolete anyway
- switch to the mysqli (note the i)
- use prepared statements (they prevent most of this trouble as mysql then knows what is data and what are commands and does not have to "guess" and get it wrong.

nixsham

6:47 am on Dec 5, 2012 (gmt 0)

10+ Year Member



i still don't understand n what solution or suggestion for the sql command
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:58 pm Apr 27, 2026