Page 1 of 1

Editing existing fields

Posted: Tue Aug 16, 2005 12:09 pm
by ra
I can't seem to get this thing to work. When i click on the 'edit' button from the index page, the modify page does not load the listing to be edited. Anyone have any ideas?

Edit button:

<a href="modify.php?edit=<?PHP echo $row["id"]; ?>">Edit</a>

Modify page:

Code: Select all

<?PHP

		$id = 0;
		$area = "";
		$address = "";

if ($_GET["edit"] <> "") {
	$edit = intval($_GET["edit"]);
	$strsql = "SELECT * FROM openhouse WHERE id = $edit LIMIT 1";
	$sql = mysql_query($strsql);
	while ($bride = mysql_fetch_assoc($sql)) {
		$id = $row["id"];
		$area = $row["area"];
		$address = $row["address"];
	}
	mysql_free_result($sql);
}
if ($_POST["btnSubmit"] <> "") {
	$id = $_POST["id"];
	$title = $_POST["area"];
	$description = $_POST["address"];

	if ($id == 0) {
		$submit_date = date("Y-m-d");
		$strsql = "INSERT INTO openhouse (area, address) ".
			"VALUES ('".$area."','".$address."')";
		mysql_query($strsql);
		$id = mysql_insert_id();
	}else{
		$strsql = "UPDATE openhouse SET ".
			"area='".$area."',".
			"address='".$address."',".
			"WHERE id = " . $id;
		mysql_query($strsql);
	}
	header("Location: adminhouse7.php");
}
?>
<title>Open House Edit Page</title>
<style type="text/css">
<!--
body,td,th {
	font-family: Arial, Helvetica, sans-serif;
	font-size: 12px;
}
-->
</style>
<table width="714" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="291"><H1>Modify an Entry</H1></td>
<td width="423"><a href="adminhouse7.php">Add New Listing</a> </td>
</tr>
</table>
<br>
<form action="modify.php" method="post" enctype="multipart/form-data">
<table>
  <tr>
    <td>ID</td>
    <td><?PHP echo $id; ?><input type="hidden" value="<?PHP echo $id; ?>" name="id"></td>
  </tr>
  <tr>
    <td>Area:</td>
    <td><input type="text" maxlength="250" name="area" value="<?PHP echo $area; ?>"></td>
  </tr>
  <tr>
    <td>Address</td>
    <td><input type="text" maxlength="250" name="address" value="<?PHP echo $address; ?>"></td>
  </tr>
  <tr>
    <td colspan="2"><input type="submit" name="btnSubmit" value="Submit"></td>
  </tr>
</table>
</form>

feyd | would you look at that, we have

Code: Select all

tags! [/color]

Posted: Tue Aug 16, 2005 12:30 pm
by feyd
$bride versus $row in your fetch loop.

Posted: Tue Aug 16, 2005 12:35 pm
by ra
Ahh yes, tha k you

Posted: Tue Aug 16, 2005 12:38 pm
by ra
SO now that that works, the changes do not kick in after hitting submit; It goes back to the index page (as it should) but the original data for the listing stays... Any thoughts?

Posted: Tue Aug 16, 2005 12:51 pm
by feyd
you likely inserted, do some checking to see if that is the case. You have some SQL injection possible with your post variables, by the way.

Posted: Tue Aug 16, 2005 12:58 pm
by ra
How so?

Posted: Tue Aug 16, 2005 1:07 pm
by feyd
you're not filtering the variables in any fashion.

Posted: Tue Aug 16, 2005 1:08 pm
by ra
do i need to? how would i do that?

Posted: Tue Aug 16, 2005 1:19 pm
by feyd
yes, you must if you want to remain as secure as possible.

read through the Security forum. The Resources one may help you get started.