I have a php script. I am trying to get a job that I basically just pulled from a tutorial and changed to suit my needs. This is my first attempt at php, so please come over to me.
I have 3 files
- list_records.php
- update.php
- update_ac.php
List_records reads data from a table in mysql. the table in list_records has an editing function that takes you to update.php, where it displays the data in the db table.
Update.php has a submit button that is designed to update mysql with update_ac.php with the information you changed using the id field in the url using $ _GET ['id].
I know that this script is very open for slq injection, but I plan to use it only in the local environment, it will not be available on the Internet, and only I and one person will use this page so that it is not a problem.
In any case, I confirmed a couple of things: -
- the identifier is obtained using $ _Get, I put the echo and print it on the update.php page.
- I can run the update command inside php and change the values, but it will not work when using $ _GET [id]
Can someone point me in the right direction?
Here are 3 files with modified db connection data
list_records.php
<title>Ports</title> </head> <?php <body> <table width="1200" border="1" cellspacing="1" cellpadding="0"> <tr> <td> <table width="1200" border="1" cellspacing="1" cellpadding="3"> <tr> <td colspan="50"><strong>Pending Port Requests 2</strong> </td> </tr> <tr> <td align="center"><strong>Customer</strong></td> <td align="center"><strong>Number</strong></td> <td align="center"><strong>Type</strong></td> <td align="center"><strong>Completed</strong></td> <td align="center"><strong>Update</strong></td> </tr> <?php while($rows=mysql_fetch_array($result)){ ?> <tr> <td><?php echo $rows['Customer']; ?></td> <td><?php echo $rows['Number']; ?></td> <td><?php echo $rows['Type']; ?></td> <td><?php echo $rows['Completed']; ?></td> <td align="center"><a href="update.php?id=<?php echo $rows['id']; ?>">update</a></td> </tr> <?php } ?> </table> </td> </tr> </table> </body> </html>
update.php
<title>update</title> </head> <?php <body> <table width="1200" border="0" cellspacing="1" cellpadding="0"> <tr> <form name="form1" method="post" action="update_ac.php"> <td> <table width="100%" border="0" cellspacing="1" cellpadding="0"> <tr> <td> </td> <td colspan="6"><strong>Update Porting Details</strong> </td> </tr> <tr> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> <td align="center"> </td> </tr> <tr> <td align="center"> </td> <td align="center"><strong>Customer</strong></td> <td align="center"><strong>Number</strong></td> <td align="center"><strong>Type</strong></td> <td align="center"><strong>Completed</strong></td> </tr> <tr> <td> </td> <td align="center"> <input name="Customer" type="text" id="Customer" value="<?php echo $rows['Customer']; ?>"size= "15"/> </td> <td align="center"> <input name="Number" type="text" id="Number" value="<?php echo $rows['Number']; ?>" size="15"/> </td> <td align="center"> <input name="Type" type="text" id="Type" value="<?php echo $rows['Type']; ?>" size="15"/> </td> <td align="center"> <input name="Comments" type="text" id="Completed" value="<?php echo $rows['Comments']; ?>" size="15"/> </td> <tr> </table> <input name="id" type="hidden" id="id" value="<?php echo $rows['id']; ?>"/> <input type="submit" name="Submit" value="Submit" /></td> <td align="center"> </td> </td> </form> </tr> </table> </body> </html>
update_ac.php
<?php // Connect to server and select database. mysql_connect("localhost", "username", "password")or die("cannot connect"); mysql_select_db("porting")or die("cannot select DB"); // update data in mysql database $sql="UPDATE ports SET Customer='Customer', Number='Number' WHERE id='id'" or die ("this stuffed up"); $result=mysql_query($sql) or die ("this stuffedup"); // if successfully updated. if($result){ echo "Successful"; echo "<BR>"; echo "<a href='list_records.php'>View result</a>"; } else { echo "ERROR"; } ?>
source share