pastilhex Posted August 8, 2011 Share Posted August 8, 2011 Hi everyone, First, I apologize for my poor English. I would like to get some help on this php/mysql script. I’m trying to create 2 pages, the first one is the one with some input textboxes and a submit button that stores the data into a MySql database. So far so good. The second page that’s were i display all the records from the MySql database and that’s were my doubts start. I have First Name, Last Name and employee number being displayed in a table with 3 more icons per row what makes a total of 6 columns. For example, the last icon it will be "Edit Profile" so i want to click on the icon and query that same record back to the first page were i will be able to edit the textboxes. Can anybody help me with this? First Page <form id="form1" name="form1" method="post" action="second_page.php"> <input type="text" name="nome" id="nome" /> <p> <input type="text" name="apelido" id="apelido" /> </p> <p> <input type="text" name="num_funcionario" id="num_funcionario" /> </p> <p> <input type="submit" name="button" id="button" value="Enviar" /> </p> </form> Second Page <form id="consulta" method="get" action="first_page.php"> <table width="950" cellpadding="2" cellspacing="1" class="texto"> <tr> <td width="230" height="30" bgcolor="#CBDCED">Nome</td> <td width="230" height="30" bgcolor="#CBDCED">Apelido</td> <td width="120" height="30" bgcolor="#CBDCED">Nº de Funcionário</td> <td width="130" height="30" bgcolor="#CBDCED">Inserir Horas Extras</td> <td width="160" height="30" bgcolor="#CBDCED">Consultar Horas Extras</td> <td width="80" height="30" bgcolor="#CBDCED">Editar Perfil</td> </tr> <?php require('config.php'); $sql=mysql_query("SELECT * FROM `infopessoal` ORDER BY `nome` ASC LIMIT 0 , 30"«»); while($row = mysql_fetch_array($sql)) { echo "<tr>"; echo "<td>" . $row['nome'] . "</td>"; echo "<td>" . $row['apelido'] . "</td>"; echo "<td>" . $row['num_funcionario'] . "</td>"; echo "<td><img src='images/insert.gif'></td>"; echo "<td><img src='images/lupa.gif'></td>"; echo "<td><input type='image' src='images/perfil.gif'></td>"; echo "</tr>"; } mysql_close($link); ?> </table></form> Quote Link to comment Share on other sites More sharing options...
guyfromfl Posted August 8, 2011 Share Posted August 8, 2011 You just need to link to a file that will handle the request, and you identify it with GET data. I added how to link to that file: <?php require('config.php'); $sql=mysql_query("SELECT * FROM `infopessoal` ORDER BY `nome` ASC LIMIT 0 , 30"«»); while($row = mysql_fetch_array($sql)) { echo "<tr>"; echo "<td>" . $row['nome'] . "</td>"; echo "<td>" . $row['apelido'] . "</td>"; echo "<td>" . $row['num_funcionario'] . "</td>"; echo "<td><a href='editEmployee.php?id={$row['num_cuncionario']}'><img src='images/insert.gif'><a></td>"; echo "<td><img src='images/lupa.gif'></td>"; echo "<td><input type='image' src='images/perfil.gif'></td>"; echo "</tr>"; } Then in editEmployee.php: <?php $sql = "SELECT * FROM `infopessoal` WHERE 'num_cuncionario'={$_GET['id']} LIMIT 1" $employee = mysql_fetch_array($sql)) // Build the table to display data echo "<input type='text' value='{$employee['nome']}' />"; // etc... ?> Quote Link to comment Share on other sites More sharing options...
guyfromfl Posted August 8, 2011 Share Posted August 8, 2011 That is a dirty example, but I would recommend not allowing GET data to go into a SQL statement. You will need to "sanitize" the data. What I put there was just a quick way to illustrate what your OP was about. Quote Link to comment Share on other sites More sharing options...
pastilhex Posted August 10, 2011 Author Share Posted August 10, 2011 Hi guyfromfl, Thanks for the help. That really worked for me. To avoid connecting DB with the $_GET do have any ideia ? Saving the $_GET[value] to a variable and connect DB with the variable solves the problem ? Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 10, 2011 Share Posted August 10, 2011 Use mysql_real_escape_string() and after this function use the variable. You should probably also check if the id is really integer type if your ID field in database is integer before running the query. $someVar = mysql_real_escape_string($_GET['id']); // And use the $someVar in query. Quote Link to comment Share on other sites More sharing options...
guyfromfl Posted August 10, 2011 Share Posted August 10, 2011 No problem... What TeNDoLLA is suggesting should be fine. There are some tutorials about sanitizing the data so nobody will do anything malicious... It's a never ending battle, and everybody has their own way. That should be a good start for you. Quote Link to comment Share on other sites More sharing options...
pastilhex Posted August 10, 2011 Author Share Posted August 10, 2011 Once again thanks, both of you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.