Jump to content

Recommended Posts

Hello all, first I have been searching for a resolution for this problem for days, stackoverflow and various other google searches don't seem to address the issue I'm having without something else being added into the scenario that's different from my experience.

 

What I am doing is passing a primary key to another php page to edit my database using an UPDATE sql statement. First, the variable is transferred using $_GET and is visible in the isset($_GET['id']) if statement to select all corresponding IDs that match and place the database content into HTML text boxes for editing. This phase of the program works fine, but the ID variable is not accessible outside the isset($_GET[]) if statement so I can then use is in the isset($_POST) if statement which of course has the UPDATE sql statement.

 

The code is attached.

 

phpfreaks.php

The POST parameter is called course, but you're trying to fetch course_id. Whenever you have trouble with form parameters, it's a good idea to actually inspect them:

var_dump($_POST);

This quickly reveals all misunderstandings, typos etc.

 

But more importantly, your code is full of security vulnerabilities. You sometimes apply SQL-escaping (based on your current mood rather than technical criteria, I guess), but most of the time, you just dump the user input straight into your queries and HTML markup. This leaves you wide open to SQL injection attacks, cross-site scripting, cross-site request forgery and whatnot.

 

Learning how to use mysqli properly is unrealistic in my experience, so I suggest you switch to PDO. Then you'll need to learn the basics of safe programming (as opposed to: let's write some code and hope nobody will bother to break it).

Edited by Jacques1

Thanks for the feedback. It's most graciously accepted. Sometimes when you stare at something so long it all begins to run together, so a fresh set of eyes is good sometimes.

 

I'm far from being a competent PHP programmer, I'm still learning the nuances, let alone the complexities.

 

Thanks again, Guru!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.