Can anyone help? Thanks.
Code: Select all
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="/styles/style.css">
<link rel="stylesheet" href="/styles/responsive.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
</script>
<title>Title</title>
</head>
<body>
<div class="container">
<div class="admin_header">
<?php include('includes/header.php'); ?>
</div>
<div class="main_nav">
<?php include('includes/admin_nav.php'); ?>
</div>
<div class="content">
<p> </p>
<div class="news">
<div class="heading">
<?php
if($_SESSION['username'])
{
echo "
Hello again, ".$_SESSION['username']
;
}
else
header ("location: login.php");
?>
</div>
</div>
<div class="article_wrap">
<div class="articles"><div class="articles_heading_wrap"><div class="articles_heading">
<h4>Edit Snippet</h4></div></div><div class="update"> (random)</div></div>
<?php
//error_reporting(0);
include ('../db/db_connection.php');
include ('../db/security.php');
// if the form was submitted/posted, update the record
if($_POST){
//write query
$sql = "UPDATE
snippets
SET
Title = ?,
Link = ?,
Text = ?
WHERE
id= ?";
$stmt = $db->prepare($sql);
// you can bind params this way,
// if you want to see the other way, see our add.php
$stmt->bind_param(
'sssi',
$_POST['Title'],
$_POST['Link'],
$_POST['Text'],
$_POST['id']
);
mysqli_stmt_bind_param($stmt, 'sssi', $Title, $Link, $Text, $id);
// execute the update statement
if($stmt->execute()){
echo "Entry Updated.";
// close the prepared statement
$stmt->close();
}else{
die("Unable to update.");
}
}
/*
* select the record to be edited,
* you can also use prepared statement here,
* but my hosting provider seems it does not support the mysqli get_result() function
* you can use it like this one http://php.net/manual/fr/mysqli.prepare.php#107568
* so it I'm going to use $mysqli->real_escape_string() this time.
*/
$sql = "SELECT
id, Title, Link, Text
FROM
snippets
WHERE
id = \"" . $db->real_escape_string($_GET['id']) . "\"
LIMIT
0,1";
// execute the sql query
$result = $db->query( $sql );
//get the result
$row = $result->fetch_assoc();
// php's extract() makes $row['Title'] to $Title automatically
extract($row);
//disconnect from database
$result->free();
$db->close();
?>
<!--we have our html form here where new user information will be entered-->
<form action='edit.php?id=<?php echo $id; ?>' method='post' border='0'>
<table>
<tr>
<td>Title</td>
<td><input name='Title' type='text' value='<?php echo $Title; ?>' size="80" /></td>
</tr>
<tr>
<td>Link</td>
<td><input name='Link' type='text' value='<?php echo $Link; ?>' size="80" /></td>
</tr>
<tr>
<td>Text</td>
<td><textarea name="Text" cols="80" rows="6"><?php echo $Text; ?></textarea></td>
</tr>
<td></td>
<td>
<!-- so that we could identify what record is to be updated -->
<input type='hidden' name='id' value='<?php echo $id ?>' />
<input type='submit' value='Update!' />
<a href='index.php'>Back to index</a>
</td>
</tr>
</table>
</form>
</div>
<p> </p>
</div>
<div class="footer">
<?php include('/includes/footer.php'); ?>
</div>
</div>
<script>
$('.handle').on('click', function(){
$('main_nav ul').toggleClass('showing');
});
</script>
</body>
</html>