1,105,225 Community Members

how to update specific user ? update.php

Member Avatar
erminasrcutp
Newbie Poster
15 posts since Nov 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Hi everyone , below is my update.php code , however , I am seeking for code to update specific user . For example

Search Id : _______________________ [search]

if user want to search id details for id : 11

the update.php will show open a page that can update that 11 details.

For my code , it is not specific.

Hope someone can help me please.

update.php

<center>
<h1><u>Library Database</u></h1>
</center>
<?php
$con = mysql_connect("localhost","root","");
if(!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("c_database",$con);

if(isset($_POST['update'])){
$UpdateQuery="UPDATE myaduan SET id='$_POST[id]', nama_pengadu='$_POST[nama_pengadu]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};


if(isset($_POST['delete'])){
$DeleteQuery="DELETE FROM myaduan WHERE id='$_POST[hidden]'";
mysql_query($DeleteQuery,$con);
};

$sql="SELECT * FROM myaduan";
$myEdit=mysql_query($sql,$con);

echo "<table style=border:1px solid silver cellpadding=5px cellspacing=0px align=center border=0>
<tr>
<td colspan=4 style=background:0066FF; color:#FFFFFF; fontsize: 20px>UPDATE RECORD</td></tr>
<tr>
<td>ISBN</td>
<td>Title</td>
</tr>";
while($record = mysql_fetch_array($myEdit)){
echo "<form action=update.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=id value=".$record['id'] . " </td>";
echo "<td>" . "<input type=text name=nama_pengadu value=".$record['nama_pengadu']. " </td>";
echo "<td>". "<input type=hidden name=hidden value=".$record['id']. " </td>";
echo "<td>"."<input type=submit name=update value=update"." </td>";
echo "<td>"."<input type=submit name=delete value=delete"." </td>";
echo "</tr>";
echo"</form>";
}
echo"</table>";
mysql_close($con);
?>
Member Avatar
Eagle.Avik
Junior Poster in Training
80 posts since Aug 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 3 [?]
Skill Endorsements: 0 [?]
 
0
 

I am not sure what you mean by

. "if user want to search id details for id : 11

the update.php will show open a page that can update that 11 details."

But here is some hole i found in your code.

  1. Dont use mysql, use mysqli or pdo. I prefer pdo.
  2. You are using tainted data submitted by user directly. You are fully open for a a SQL INJECTION.

in mysql you can use htmlspecialchars, but pdo has better solution like binding value.

htmlspecialchars is not consider safe anymore. So better use mysqli or pdo.

ma1012082
Newbie Poster
3 posts since Nov 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
Unverified Member
 
0
 

very nice your post, it may help my php. do you know photoshop?

Member Avatar
erminasrcutp
Newbie Poster
15 posts since Nov 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

sorrry , but i dont know on how to do pdo . do you mind to teach me ?

Member Avatar
furqan219
Junior Poster in Training
95 posts since Jun 2009
Reputation Points: -9 [?]
Q&As Helped to Solve: 5 [?]
Skill Endorsements: 0 [?]
 
0
 

Use below code

// Define Variable
$ServerName             =   $_POST[ServerName];         //ServerName
$a1                 =   $_POST[a1];                     //Hi Memeory Utilization
$a2                 =   $_POST[a2];                     //Avg Memeory Utilization
$a3                 =   $_POST[a3];                     //Hi CPU Utilization
$a4                 =   $_POST[a4];                     //Avg CPU Utilization
$a5                 =   $_POST[a5];                     //Hi I/O Utilization
$a6                 =   $_POST[a6];                     //Avg I/O Utilization
$a7                 =   $_POST[a7];                     //Hi Disk Usage
$a8                 =   $_POST[a8];                     //Avg Disk Usage

// We Will prepare SQL Query
    $STM = $dbh->prepare("INSERT INTO statstracker(ServerName, HiMemUti,AvgMemUti,HiCpuUti,AvgCpuUti,HiIOPerSec,AvgIOPerSec,HiDiskUsage,AvgDsikUsage,EntryBy,EntryDate) VALUES (:ServerName,:a1,:a2,:a3,:a4,:a5,:a6,:a7,:a8,:user,CURRENT_DATE())");
    $STM2 = $dbh->prepare("UPDATE ServerName SET EntryDate=CURRENT_DATE() WHERE ServerName=:ServerName2");
// bind paramenters, Named paramenters alaways start with colon(:)
    $STM->bindParam(':ServerName', $ServerName);
    $STM2->bindParam(':ServerName2', $ServerName);
    $STM->bindParam(':a1', $a1);
    $STM->bindParam(':a2', $a2);
    $STM->bindParam(':a3', $a3);
    $STM->bindParam(':a4', $a4);
    $STM->bindParam(':a5', $a5);
    $STM->bindParam(':a6', $a6);
    $STM->bindParam(':a7', $a7);
    $STM->bindParam(':a8', $a8);
    $STM->bindParam(':user', $_SESSION[myusername]);
// For Executing prepared statement we will use below function
    $STM->execute();
    $STM2->execute();       
Member Avatar
erminasrcutp
Newbie Poster
15 posts since Nov 2013
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

i didnt understand the code above.

Member Avatar
Lsmjudoka
Junior Poster
139 posts since Apr 2009
Reputation Points: 0 [?]
Q&As Helped to Solve: 21 [?]
Skill Endorsements: 0 [?]
 
0
 

PDO is great, but to answer the original question:

The key to fetching and updating a specific set of data (For instance user #11) is exactly that, fetching the data for user #11. Usually this is done with a user_id column in your database table. What you will have to do is:

1) Prompt for the user ID
2) Fetch the data for that user ID from the database and show the user the form to edit it
3) Update the database with the submitted data

To get a specific record from the database you need to use the WHERE clause in your SELECT query, like so:

SELECT * FROM users WHERE user_id = 11

To respond to what everyone else was saying, here is an example of PDO prepared statements.
http://us3.php.net/manual/en/pdo.prepared-statements.php

You
This article has been dead for over three months: Start a new discussion instead
Post:
Start New Discussion
View similar articles that have also been tagged: