https://www.serasfinancial.com/testing/ ... &xcode=123
As you see above, the id should be 1 and the xcode for that id is 123.
Username: test
Pass: test123
Current coding...
Code: Select all
<?
include_once ( 'config.php' );
$id = $_GETї'id'];
$xcode = $_GETї'xcode'];
$query = "select codesql
from clients
where id = $id";
$result = mysql_query($query);
$xcodemysql=mysql_fetch_assoc($result);
if ( ( $xcode ) != ( $xcodemysql ) ); {
die ( 'Your xcode is invalid' );
} else {
if ( isset ( $_REQUESTї'id'] ) && ! empty ( $_REQUESTї'id'] ) )
{
if ( strtolower ( $_SERVERї'REQUEST_METHOD'] ) == 'post' )
{
$query = array ();
if ( isset ( $_POSTї'firstname'] ) && ! empty ( $_POSTї'firstname'] ) )
{
$queryї] = "firstname = '" . mysql_real_escape_string ( $_POSTї'firstname'] ) . "'";
}
if ( isset ( $_POSTї'lastname'] ) && ! empty ( $_POSTї'lastname'] ) )
{
$queryї] = "lastname = '" . mysql_real_escape_string ( $_POSTї'lastname'] ) . "'";
}
if ( isset ( $_POSTї'email'] ) && ! empty ( $_POSTї'email'] ) )
{
$queryї] = "email = '" . mysql_real_escape_string ( $_POSTї'email'] ) . "'";
}
if ( ! empty ( $query ) )
{
$result = "UPDATE clients SET " . implode ( ', ', $query ) . " WHERE id = '" . mysql_real_escape_string ( $_REQUESTї'id'] ) . "'";
mysql_query ( $result ) or die ( 'UPDATE ERROR: ' . mysql_error () );
echo '<b>Thank you! client UPDATED Successfully!<br>';
echo '<meta http-equiv=Refresh content=2;url=index.php>';
}
else
{
echo 'the request did not contain any valid data, try again';
echo '<meta http-equiv=Refresh content=2;url=' . $SERVERї'PHP_SELF'] . '?id=' . $_REQUESTї'id'] .'>';
}
}
else
{
$result = "SELECT firstname, lastname, email FROM clients WHERE id = " . (int)$_REQUESTї'id'];
$r = mysql_query ( $result ) or die ( 'SELECT ERROR: ' . mysql_error () );
if ( mysql_num_rows ( $r ) > 0 )
{
$form = mysql_fetch_assoc ( $r );
?>
<h3>Edit Clients</h3>
<form method="post" action="<?=$_SERVERї'PHP_SELF'];?>">
<?
$id = (int)$_REQUESTї'id'];
?>
<input type="hidden" name="id" value="<?=$id?>">
firstname: <input name="firstname" size="50" maxlength="50" value="<?=htmlentities($formї'firstname']);?>">
<br>
lastname: <input name="lastname" size="50" maxlength="50" value="<?=htmlentities($formї'lastname']);?>">
<br>
email: <input name="email" size="50" maxlength="50" value="<?=htmlentities($formї'email']);?>">
<br>
<input type="submit" name="submit" value="Update Client">
</form>
<?
}
else
{
die ( 'QUERY ERROR: the id is not valid' );
}
}
}
else
{
echo 'the request is missing data';
}
}
?>