0

i want to ask is my coding correct or not.. ive been trying for many times and cant find the errors.
thanks in advance if you guys help me with this problem.

<!-- ubah.php -->
<!-- Interface of update data. -->

   <?php
    include("db.php");

    $idURL = $_GET['id'];

    $query = "SELECT * FROM book WHERE id = '$idURL'";
    $result = mysql_query($query, $conn) or die("Could not execute query in ubah.php");
    $row = mysql_fetch_array($result, MYSQL_BOTH); // using numeric index or array index

    $nama = $row['nama'];
    $email = $row['email'];
    $komen = $row['komen'];

    @mysql_free_result($result);
    ?>
    <html>
    <head>
    <title>Buku Pelawat Saya</title>
    <meta http-eqiiv="Content-Type" content="text/html; charset=utf-8">
    </head>
    <body bgcolor="#FFFFFF" text="#000000">
    <form method="post" action="kemaskini.php">
    Nama : 
    <input type="text" name="nama" size="40" value="<?php echo $nama; ?>">
    <br>
    Email :
    <input type="text" name="email" size="25" value="<?php echo $email; ?>">
    <br>
    Catatan :<br>
    <textarea name="komen" cols="30" rows="8"><?php echo $komen; ?></textarea>
    <br>
    <input type="hidden" name="id" value="<?php echo $komen; ?>">
    <input type="submit" value="Ubah">
    <input type="reset" value="Semula">
    <br>
    </form>
    <hr>
    <div align="center">[ <a href="paper.php">Balik ke Paparan</a> |
    <a href="index.php">Balik ke Halaman Utama</a> |
    <a href="masuk.php">Tambah Buku Pelawat</a> ] </div>
    </body<
    </html>

<!-- kemaskini.php -->
<!-- To update data of ubah.php into database. -->

<?php
include("db.php");

extract( $_POST );

// Dapatkan Tarikh Dan Masa Masuk
$tarikh = date("d-m-Y",time());
$masa = date("H:i:s", time());


$query = "UPDATE book SET  masa ='$masa', tarikh='$tarikh', masa = '$masa', komen ='$komen', 
WHERE id = '$id'";

$result = mysql_query($query, $conn) or die("could not execute query in kemaskini.php");
if($result) {
 echo "<script type='text/javascript'>window.location='papar.php'</script>";
}

?>

3
Contributors
2
Replies
20
Views
3 Years
Discussion Span
Last Post by Lsmjudoka
0

At first glance nothing looks immediately wrong, what errors are you getting?

One big thing for security and some functionality purposes, however, is that you're using unsanitized form data in your SQL queries. Meaning you're putting the data from $_POST straight into the query. This is a major no-no, you need to run each variable through mysql_real_escape_string() before putting it into your query, as well as running an is_numeric() check on any number data.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.