0

Hi
edit_order.php

<?php
session_start();
if(!isset($_SESSION['admin'])){
    echo "Only the admin can see this page";
    header("Refresh: 3;url=login.php");
}else{
    require("inc/config.php");
    require("inc/header.php");
    $id = $_GET['id'];
    $sql = "SELECT * FROM serv WHERE id=$id";
    $query = mysql_query($sql);
    while($serv = mysql_fetch_object($query)){
        $title = $serv->title;
        $describtion = $serv->describtion;
        $url = $serv->url;
        $status = $serv->status;
    }
?>
<center>

    <form action="check_edit.php?id=$id" mehod="GET">
        title : <input type="text" name="title" value="<?php echo $title; ?>"><br />
        order : <textarea name="describtion" cols="50" rows="15"><?php echo $describtion; ?>
2
Contributors
2
Replies
15
Views
3 Years
Discussion Span
Last Post by keloa
1

When your form is method='get' any get variabhles within the action url will be overriden. What you have to do is make a hidden input field to pass it through, like so:

<input type='hidden' name='id' value='$id' />

Also in your script you really need to sanitize the form data before submitting it to a database. Like this:

  $id = (int)mysql_real_escape_string($_GET['id']);
  $sql = "SELECT * FROM serv WHERE id=$id";

Normally just mysql_real_escape_string is fine but with numeric input you have to make sure that it's numeric unless you're using quotes around it.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.