Firstly, the Update doesn't work. I think it is because the 'probtn' is not actually listed within the page at all, so that's failing anyway.
But more of a worry is the format of the code. It doesn't seem particularly modern.
Is it safe or potentially hackable? (I wrote none of this!).
Code: Select all
<?php include('header.php');
$id = mysqli_real_escape_string($connection, @$_REQUEST['id']);
if(!isset($_SESSION['member_id'])) {
header('Location: login.php');
}
$select = mysqli_query($connection, "SELECT * FROM categories WHERE id='$id'");
// Edit category selected
if(mysqli_num_rows($select)==1){
$result = mysqli_fetch_array($select);
$category = $result['category'];
if(isset($_REQUEST['proBtn'])) {
if( !empty($_REQUEST['category']) ) {
$category = mysqli_real_escape_string($connection, $_REQUEST['category']);
$update ="UPDATE categories SET
category='$category'
where id='$id'";
mysqli_query($connection,$update);
$success = "<div class='alert alert-success'>Updated category successfully !</div>";
}else{
}
}
}
?>