Member Avatar for nelliott10

I currently have the following code on my view information page which allows the user to go to a different page to update and delete the information, which can be seen below: -

Update: -

<a href=\"update_line.php?barcode=".$user["barcode"]."\">Edit Line</a>

Delete: -

<a href=\"delete_line.php?barcode=".$user["barcode"]."\">Delete Line</a>

I also attached the other related pages which can be found in the attached zip file. However, even though the PHP code is saying that the records are being updated or deleted this is not the case, please can anyone see if I have any problems in my code.

Cheers.

zipped_files.zip (4.58 KB)
  • 2 Contributors
  • 1 Reply
  • 90 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by cwarn23
Member Avatar for cwarn23

Yes there are several things wrong with that code. One is that the Update sql query seems to be updating with empty variables unless there was something I did not read inside the include(). Also your mysql query's are venerable to sql injections. In other words people can easily hack into your database using your own script and this is a common problem for all noobs in php. That is why I would recommend reading up on the mysql_real_escape_string() function as it will solve that problem when used properly. Also in your delete line file I noticed on line 3 there is a possible syntax error since quotes aren't used but could be wrong there. And next time don't post your mysql password in public domain. Hope that helps...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.