adamhull Posted April 1, 2014 Share Posted April 1, 2014 Hello I have a update form and it shows all results but when I go through to my final page it will not update the database with the new info any help? Test.php <?php include "includes/db_connect.php"; $sql="SELECT * FROM users"; $result=mysql_query($sql); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td> <table width="400" border="1" cellspacing="0" cellpadding="3"> <tr> <td colspan="4"><strong>List data from mysql </strong> </td> </tr> <tr> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> <td align="center"><strong>Update</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td><? echo $rows['username']; ?></td> <td><? echo $rows['userlevel']; ?></td> <td><? echo $rows['email']; ?></td> // link to update.php and send value of id <td align="center"><a href="test1.php?id=<? echo $rows['id']; ?>">update</a></td> </tr> <?php } ?> </table> </td> </tr> </table> <?php mysql_close(); ?> Test1.php <?php include "includes/db_connect.php"; // get value of id that sent from address bar $id=$_GET['id']; // Retrieve data from database $sql="SELECT * FROM users WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="testdata.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="3"><strong>Update data in mysql</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> </tr> <tr> <td> </td> <td align="center"> <input name="username" type="text" id="username" value="<? echo $rows['username']; ?>"> </td> <td align="center"> <input name="userlevel" type="text" id="userlevel" value="<? echo $rows['userlevel']; ?>" size="15"> </td> <td> <input name="email" type="text" id="email" value="<? echo $rows['email']; ?>" size="15"> </td> </tr> <tr> <td> </td> <td> <input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"> </td> <td align="center"> <input type="submit" name="Submit" value="Submit"> </td> <td> </td> </tr> </table> </td> </form> </tr> </table> <?php // close connection mysql_close(); ?>Test data.php <? include "includes/db_connect.php"; // update data in mysql database $sql="UPDATE users SET username='$username', userlevel='$userlevel', email='$email' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?> Quote Link to comment Share on other sites More sharing options...
maxxd Posted April 1, 2014 Share Posted April 1, 2014 You're not using the user-submitted data in testdata.php. You use $username, $userlevel, $email, and $id in the query, but they're not set from $_POST - nor are they sanitized, which leaves you wide open to all kinds of injection. Also, the mysql functions have been deprecated and are scheduled to be removed soon - use mysqli or pdo. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.