This time, I am trying to retrieve data:




    $id = isset($_POST['id']) ? $_POST['id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';

    //Load berita
    if (!empty($_POST['id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE id =".$_POST['id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $id = $data['id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

        echo "variable";
        echo $id;
        echo $page;
        echo $judul;
        echo $news;
    else {
    echo "unable to select data";
    echo "id is empty";

    //Simpan berita 
    if (isset($_POST['ok'])){

        if (empty($_POST['id']))
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['id'];

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    <div align="center">
        <div style="width:800px;text-align:left;">
        <script type="text/javascript" src="../../Masterlink/cgoods/ckeditor/ckeditor.js"></script>
        <link href="../../Masterlink/cgoods/ckeditor/content.css" rel="stylesheet" type="text/css"/>
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <input type="hidden" name="id" value="<?php echo $id; ?>"/>
                    <td><select name="page">
                    <option value="Pengenalan Perusahaan">Pengenalan Perusahaan</option>
                    <option value="Sejarah Perusahaan">Sejarah Perusahaan</option>
                    <option value="Cabang">Cabang</option>

                    <?php // <input size="50px" type="text" name="page" value="<?php echo $page; ?"/> ?>
                    <td><input size="50px" type="text" name="judul" value="<?php echo $judul; ?>"/></td>
                    <td valign="top">Isi berita</td>              
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                    <td><input type="submit" name="ok" value="Simpan"/></td>

url: http://localhost/RustoleumCustomCMS/administrator/input_berita_static.php?id=5 (the id is stated there and not empty)

That id is being passed from admin.php


<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>">

                        <a class="topLink" href="input_berita_static.php">Berita Static Baru >></a><br><br>

                //LOAD NEWS

                $result = mysql_query("SELECT * FROM static_page") or die(mysql_error());
                <table id="admintable" border="1" cellpadding="2" cellspacing="0">
                        <th>Static Page</th><th>Judul</th><th>Action</th>
                    while ($data = mysql_fetch_array($result)){

                            echo "<tr bgcolor='$result2'>";                  
                            echo '<td>'.$data['page'].'</td>';
                            echo '<td>'.$data['judul'].'</td>';
                            echo '<td><a href="admin.php?mode=delete&id='.$data['id'].'">Hapus</a> |<a href="input_berita_static.php?id='.$data['id'].'">Edit</a></td>';
                        echo '</tr>';



The result in input_berita_static.php:

unable to select dataid is empty

I expect the saved data being retrieve in the form.

Recommended Answers

All 5 Replies

On line 15 more appropriate check would be:

if (isset($_POST['id']) && is_int($_POST['id'])){

so you are checking whether $_POST['id'] exists at al and is integer.

@broj:-the request seems like GET as it is appended in URL.

the request seems like GET as it is appended in URL

@iim: Ups, you are right. I don't know what I was looking at.

As IIM said change $_POST to $_GET at least for reading the ID (depending on the source of the data).

There is other thing I would like to point out. You are assigning your ID to the $id variable but:
1. you are not using that variable later on and
2. you are not cleaning and escaping the input. You open your database to attackers.

$id = isset($_POST['id']) ? $_POST['id'] : '';  

It is really recommended to validate, clean (or reject) and escape input, no matter wheter GET or POST.

$id = isset($_POST['id']) ? mysql_real_escape_string($_POST['id']) : '';
$confirmation = isset($_POST['confirmation']) ? mysql_real_escape_string($_POST['confirmation']) : '';
$kategori = isset($_POST['kategori']) ? mysql_real_escape_string($_POST['kategori']) : '';

// Use only cleaned and escaped variables from now on
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.