adamhull Posted April 1, 2014 Share Posted April 1, 2014 Hello I have a update form and it shows all results but when I go through to my final page it will not update the database with the new info any help? Test.php <?php include "includes/db_connect.php"; $sql="SELECT * FROM users"; $result=mysql_query($sql); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <td> <table width="400" border="1" cellspacing="0" cellpadding="3"> <tr> <td colspan="4"><strong>List data from mysql </strong> </td> </tr> <tr> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> <td align="center"><strong>Update</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td><? echo $rows['username']; ?></td> <td><? echo $rows['userlevel']; ?></td> <td><? echo $rows['email']; ?></td> // link to update.php and send value of id <td align="center"><a href="test1.php?id=<? echo $rows['id']; ?>">update</a></td> </tr> <?php } ?> </table> </td> </tr> </table> <?php mysql_close(); ?> Test1.php <?php include "includes/db_connect.php"; // get value of id that sent from address bar $id=$_GET['id']; // Retrieve data from database $sql="SELECT * FROM users WHERE id='$id'"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="400" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="testdata.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="3"><strong>Update data in mysql</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Name</strong></td> <td align="center"><strong>Lastname</strong></td> <td align="center"><strong>Email</strong></td> </tr> <tr> <td> </td> <td align="center"> <input name="username" type="text" id="username" value="<? echo $rows['username']; ?>"> </td> <td align="center"> <input name="userlevel" type="text" id="userlevel" value="<? echo $rows['userlevel']; ?>" size="15"> </td> <td> <input name="email" type="text" id="email" value="<? echo $rows['email']; ?>" size="15"> </td> </tr> <tr> <td> </td> <td> <input name="id" type="hidden" id="id" value="<? echo $rows['id']; ?>"> </td> <td align="center"> <input type="submit" name="Submit" value="Submit"> </td> <td> </td> </tr> </table> </td> </form> </tr> </table> <?php // close connection mysql_close(); ?>Test data.php <? include "includes/db_connect.php"; // update data in mysql database $sql="UPDATE users SET username='$username', userlevel='$userlevel', email='$email' WHERE id='$id'"; $result=mysql_query($sql); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?> Link to comment https://forums.phpfreaks.com/topic/287455-help-with-update-form/ Share on other sites More sharing options...
maxxd Posted April 1, 2014 Share Posted April 1, 2014 You're not using the user-submitted data in testdata.php. You use $username, $userlevel, $email, and $id in the query, but they're not set from $_POST - nor are they sanitized, which leaves you wide open to all kinds of injection. Also, the mysql functions have been deprecated and are scheduled to be removed soon - use mysqli or pdo. Link to comment https://forums.phpfreaks.com/topic/287455-help-with-update-form/#findComment-1474672 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.