rahulvicky00 Posted December 6, 2011 Share Posted December 6, 2011 I am trying to make an edit page to edit any of my post...so i designed a manage post page manage-posts.php with the given code: <?php echo '<form name="frmMain" action="del1.php" method="post" OnSubmit="return onDelete();">'; $objConnect = mysql_connect("hostname","username","password") or die(mysql_error()); $objDB = mysql_select_db("dbname"); $strSQL = "SELECT * FROM text"; $objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]"); echo '<table width="600" border="1">'; echo '<tr>'; echo '<th width="91"> <div align="center">ID</div></th>'; echo '<th width="91"> <div align="center">Date</div></th>'; echo '<th width="91"> <div align="center">Title</div></th>'; echo '<th width="91"> <div align="center">Author</div></th>'; echo '<th width="30"> <div align="center">Edit</div></th>'; echo '<th width="30"> <div align="center">Select</div></th>'; echo '</tr>'; while($objResult = mysql_fetch_array($objQuery)) { ?> <tr> <td><?=$objResult["id"];?></td> <td><?=$objResult["date"];?></td> <td><?=$objResult["title"];?></td> <td><div align="center"><?=$objResult["author"];?></div></td> <td align="center"><a href="edit.php?NewsID=<?php echo $objResult["id"];?>" name="edit">Edit</a></td> <td align="center"><input type="checkbox" name="chkDel[]" value="<?=$objResult["id"];?>"></td> <input type="hidden" name="id" value="<?=$objResult["id"];?>" /> </tr> <? } echo '</table>'; echo '<input type="submit" name="btnDelete" value="Delete">'; echo '</form>'; and i designed another page edit.php to perform deletion of that particular post with the following code " <?php $objConnect = mysql_connect("hostname","username","pass") or die(mysql_error()); $objDB = mysql_select_db("dbname"); $strSQL = "SELECT * FROM text"; $objQuery = mysql_query($strSQL) or die ("Error Query [".$strSQL."]"); $objResult = mysql_fetch_array($objQuery); ?> <input type="hidden" name="id" value="<?=$objResult["id"];?>" /> Title : <br /><input type="text" name="title" size="100" maxlength="100" value="<?=$objResult["title"];?>"/> <br /> Date : <br /><input type="text" name="date" size="20" maxlength="12" id="TextBox" value="<?=$objResult["date"];?>"/> <br /> Author : <br /><input type="text" name="author" size="20" maxlength="100" value="<?=$objResult["author"];?>"/> <br /> <br /> <input type="submit" value="Submit" name="submit" /> </p> </form></fieldset></div> But the problem is that i am not able to get that particular post every time whenever i clicked on the respective post's edit link.. i suppose there is any issue in calling the id from the mysql... kindly suggest solutions... thanks in advance... Quote Link to comment Share on other sites More sharing options...
ialsoagree Posted December 6, 2011 Share Posted December 6, 2011 In the edit file, you're not telling the SQL to search for the post you selected to edit: $strSQL = "SELECT * FROM text"; Should be: $strSQL = "SELECT * FROM text WHERE id=$_GET[newsID]"; But that's also incorrect, because you should validate $_GET['newsID'] before you run it in an SQL, otherwise you leave yourself vulnerable to SQL injection or other abuse. One method would be to static cast the ID as an integer, validate that it's a valid ID (possibly greater than 0?), and then use it in the SQL. Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 6, 2011 Share Posted December 6, 2011 Actually should be: $strSQL = "SELECT * FROM text WHERE id=" . intval($_GET['newsID']); Or, if your IDs are strings, you'll need to wrap it in mysql_real_escape_string. -Dan Quote Link to comment Share on other sites More sharing options...
rahulvicky00 Posted December 6, 2011 Author Share Posted December 6, 2011 Actually should be: $strSQL = "SELECT * FROM text WHERE id=" . intval($_GET['newsID']); Or, if your IDs are strings, you'll need to wrap it in mysql_real_escape_string. -Dan its not working... Quote Link to comment Share on other sites More sharing options...
ManiacDan Posted December 6, 2011 Share Posted December 6, 2011 You're going to have to be a lot more specific. You dropped 150 lines of code on us with one barely legible sentence, and when you were given a new line to try you just said "not working." Did it crash your computer? Start a fire? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.