Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: need help in php code  (Read 60741 times)

0 Members and 1 Guest are viewing this topic.

Ranjan shrivastava

  • Guest
need help in php code
« on: July 06, 2011, 01:03:02 AM »
helllo sir

I am creating a lyrics website.This is my categories form code please check update query not working. when i press submit button data is deleting not updating. what is problem in code.
Will really appreciate your help... Many thanks n regards.

_______________________________________ ____________________________
<?php

if(isset($_POST["thisID"])==true){

$targetID=$_POST['id'];
$date=date("Y/n/d");
$id=$_POST['id'];
$category=$_POST['category'];
$subcategory=$_POST['subcategory'];
$date=$_POST['date'];
mysql_connect("localhost","root","");
mysql_select_db("lyrics");

$query= "UPDATE categories SET id='$id', category='$category', subcategory='$subcategory', date='$date' WHERE id='$targetID'"or die(mysql_error());
mysql_query($query);
header("refresh:0;url= 'categories.php'");
exit();
}
?>   

<?php
mysql_connect("localhost","root","");
mysql_select_db("lyrics");
if(isset($_GET['pid'])){
$targetID=$_GET['pid'];
$date=date("Y/n/d");
$query=mysql_query("SELECT * FROM categories WHERE id='$targetID' LIMIT 1");
$pCount=mysql_num_rows($query);
if($pCount>0){
while($row= mysql_fetch_array($query)){
$id=$row["id"];
$category=$row["category"];
$subcategory=$row["subcategory"];
$date=$row["date"];
}
}else{
echo "Sorry ";

}
}
?>   


<form action="editcategories.php" method="post">
<table>
<tr>
<td>Edit Lyrics</td>
</tr>
<tr>
<td>Category-ID</td>
<td><input type="text" name="id" size="2" value="<?php echo $id; ?>"></td>
</tr>
<tr>
<td>Category</td>
<td>
<select name="<?php echo $category; ?>"> <?php echo $category; ?> </option>
<option value="Hindi Movies">Hindi Movies</option>
<option value="Devosional Movies">Devosional Movies</option>
<option value="Pop Songs">Pop Songs</option>
<option value="Reginal Songs">Reginal Songs</option>
<option value="Album Songs">Album Songs</option></select></td></tr>
<tr>
<td>Subcategory</td>
<td>
<select name="<?php echo $subcategory; ?>"><?php echo $subcategory; ?></option>
<option value="Movies Songs">Movies Songs</option>
<option value="Devosional Songs">Devosional Songs</option>
<option value="Pop Songs">Pop Songs</option>
<option value="Reginal Songs">Reginal Songs</option>
<option value="Album Songs">Album Songs</option>
</select>
</td>
</tr>
<tr>
<td ></td>
<td >
<input name="thisID"  type="hidden" value= "<?php echo $pid; ?>"/>
 <input type="submit" name="button" id="button" value="MakeChanges" /></td>
</tr>
</table>
</form>

kpac

  • Web moderator
  • Moderator


  • Hacker

  • kpac®
  • Thanked: 184
    • Yes
    • Yes
    • Yes
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 7
Re: need help in php code
« Reply #1 on: July 07, 2011, 06:47:41 AM »
See here for info on updating values: http://www.w3schools.com/php/php_mysql_update.asp

Also, this code is very unsecure and is liable to SQL injection:
Code: [Select]
$targetID=$_POST['id'];
$date=date("Y/n/d");
$id=$_POST['id'];
$category=$_POST['category'];
$subcategory=$_POST['subcategory'];
$date=$_POST['date'];

To solve this, do a strip_tags on all these variables.

BC_Programmer


    Mastermind
  • Typing is no substitute for thinking.
  • Thanked: 1140
    • Yes
    • Yes
    • BC-Programming.com
  • Certifications: List
  • Computer: Specs
  • Experience: Beginner
  • OS: Windows 11
Re: need help in php code
« Reply #2 on: July 08, 2011, 04:10:08 AM »
strip_tags? more like mysql_real_escape_string()...

or possibly some combination of both.
I was trying to dereference Null Pointers before it was cool.

kpac

  • Web moderator
  • Moderator


  • Hacker

  • kpac®
  • Thanked: 184
    • Yes
    • Yes
    • Yes
  • Certifications: List
  • Computer: Specs
  • Experience: Expert
  • OS: Windows 7
Re: need help in php code
« Reply #3 on: July 08, 2011, 06:00:00 AM »
Yeah, I should have said strip_tags to prevent XSS and escape them to prevent SQLI.