[SOLVED] Need help with an "edit button" on a html mysql table

[nphls]

Hi everyone.

 

So I have a table similiar to the one below. It is grabbing the data from a mySQL database.

 

ID    FirstName    LastName 

01    John            Doe1        Edit this record

02    John            Doe2        Edit this record

03    John            Doe3        Edit this record

 

When "Edit this record" is clicked, it should go to a different page (edit_record.php) where there is a form whose values would be from that specific record. The user would edit the info and then click a button to save the changes.

 

What I don't know how to do, is how to pass the ID, for example, of the the record to edit to "edit_record.php".

 

Cheers. 

 

 

 

 

[p2grace]

You could pass the id through a $_GET variable in the url.

[seventheyejosh]

<a href=/edit_record.php?id=$id>EDIT THIS RECORD</a>

 

just make $id whatever variable u use to populate the ID field in your initial table display.

 

then in the edit_record.php do:

 

$id=$_GET['id'];

 

$res=mysql_query("SELECT * FROM table WHERE `id`='$id'");

[p2grace]

Make sure you clean the id to protect from sql injection.

 

<a href=/edit_record.php?id=$id>EDIT THIS RECORD</a>

 

just make $id whatever variable u use to populate the ID field in your initial table display.

 

then in the edit_record.php do:

 

// MAKE SURE YOU CLEAN THE ID FIRST TO PROTECT FROM SQL INJECTION

$id= mysql_real_escape_string($_GET['id']);

 

$res=mysql_query("SELECT * FROM table WHERE `id`='$id'");

[seventheyejosh]

sorry i always forget to secure my examples.. i just chuck out some (hopefully) functioning code

 

[nphls]

Thanks a lot seventheyejosh and p2grace.

You really solved my problem and I learned about SQL injection (just googled it) and how to prevent it to some extent.

Thanks. 

 

[nphls]

ID    FirstName    LastName 

01    John            Doe1        Edit this record        Delete this record

02    John            Doe2        Edit this record        Delete this record

03    John            Doe3        Edit this record        Delete this record

 

I am now trying to add a "Delete this record" link. However, I don't think it would be a very good idea use a $_GET variable for this. But maybe I am wrong. How can I use a $_POST variable here? Or how can I do it differently?

 

Thanks

[p2grace]

You can use a $_GET as long as you check the user's permission.  If you ensure the user has the permission needed to delete the given record, then it doesn't matter which method you use to initiate the deletion.

[seventheyejosh]

You can use either, but i'm assuming that you have to have privilages to delete, ie logged in.

 

so do the same thing, <a href=/delete_file.php?id=$id>DELETE</a>

 

but then in delete_file.php do:

 

$check=$_SESSION['userlevel']; (or username if ur not using a pass or w/e ur using to show logged in

then,

either:

if (isset($check)){

//delete

}

or

if ($check=='99'){  //replace 99 with the admin level, or w/e level can delete

//delete

}

 

 

[nphls]

Once again p2grace and seventheyejosh, thanks a lot.

Sorry for bothering with such noob quesitons. I hope someday I too can help the newbies.

Cheers

[p2grace]

Everyone has to start at the beginning

 

If this works for you please mark the topic as solved, we'll see you around the forums!

 

Cheers,

 

p2grace