i want to ask is my coding correct or not.. ive been trying for many times and cant find the errors.
thanks in advance if you guys help me with this problem.

<!-- ubah.php -->
<!-- Interface of update data. -->


    $idURL = $_GET['id'];

    $query = "SELECT * FROM book WHERE id = '$idURL'";
    $result = mysql_query($query, $conn) or die("Could not execute query in ubah.php");
    $row = mysql_fetch_array($result, MYSQL_BOTH); // using numeric index or array index

    $nama = $row['nama'];
    $email = $row['email'];
    $komen = $row['komen'];

    <title>Buku Pelawat Saya</title>
    <meta http-eqiiv="Content-Type" content="text/html; charset=utf-8">
    <body bgcolor="#FFFFFF" text="#000000">
    <form method="post" action="kemaskini.php">
    Nama : 
    <input type="text" name="nama" size="40" value="<?php echo $nama; ?>">
    Email :
    <input type="text" name="email" size="25" value="<?php echo $email; ?>">
    Catatan :<br>
    <textarea name="komen" cols="30" rows="8"><?php echo $komen; ?></textarea>
    <input type="hidden" name="id" value="<?php echo $komen; ?>">
    <input type="submit" value="Ubah">
    <input type="reset" value="Semula">
    <div align="center">[ <a href="paper.php">Balik ke Paparan</a> |
    <a href="index.php">Balik ke Halaman Utama</a> |
    <a href="masuk.php">Tambah Buku Pelawat</a> ] </div>

<!-- kemaskini.php -->
<!-- To update data of ubah.php into database. -->


extract( $_POST );

// Dapatkan Tarikh Dan Masa Masuk
$tarikh = date("d-m-Y",time());
$masa = date("H:i:s", time());

$query = "UPDATE book SET  masa ='$masa', tarikh='$tarikh', masa = '$masa', komen ='$komen', 
WHERE id = '$id'";

$result = mysql_query($query, $conn) or die("could not execute query in kemaskini.php");
if($result) {
 echo "<script type='text/javascript'>window.location='papar.php'</script>";


Recommended Answers

All 2 Replies

'$masa' might be not work as variable.

At first glance nothing looks immediately wrong, what errors are you getting?

One big thing for security and some functionality purposes, however, is that you're using unsanitized form data in your SQL queries. Meaning you're putting the data from $_POST straight into the query. This is a major no-no, you need to run each variable through mysql_real_escape_string() before putting it into your query, as well as running an is_numeric() check on any number data.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.