0

Hello,

Can anyone help me find the logic behind this program?

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }

    //Simpan berita 
    if (isset($_POST['ok'])){

        if (empty($_POST['post_id']))
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

            }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <input type="hidden" name="post_ID" value="<?php echo $post_id; ?>"/>
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

I basically trying to update the news for post_id = 1 . It suppose to update the existing data instead of adding a new data (in post_id = 30), yet that's what happen.

How to make this program updating the existing data?

Thanks in advance.

6
Contributors
21
Replies
127
Views
3 Years
Discussion Span
Last Post by Topnews
0

if (empty($_POST['post_id']))

That's wrong... what you want to do is a select statement on the post_id, if num_rows_returned == 0 then do an insert, otherwise do an update.

0

I tried this:

//Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

        if ( mysql_num_rows($_POST['post_id']) == null)
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

            }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  

unable to select dataid is empty
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 126

line 126: if ( mysql_num_rows($_POST['post_id']) == null)

0

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        if ( mysql_num_rows($_GET['post_id']) == 0)
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

            }
        $result = mysql_query($sqlstr) or die(mysql_error());

unable to select dataid is empty
Notice: Undefined index: post_id in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 137

Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 137

line 137: if ( mysql_num_rows($_GET['post_id']) == 0)

0

Sorry I have to ask but do you even know what you are doing?

Line 137 you're trying to use a mysql statement on a $_GET[].

Your code says you're trying to read the post_id as both get and post. It's one or the other not both, is post id a url string?

You shouldn't be using mysql, it is deprecated, if you do use mysql you should at least be escaping those values before inserting it into the database.

0

I change line 137 to: if ( mysql_num_rows($_POST['post_id']) == 0)

And I wonder why everytime I insert a new value it starts a new row instead of updating the existing post_id.

I think as of now I just remains using the mysql.

----------------------------

Why it doesn't pass the value from url:
http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php?post_id=1

post_id=1, I try to update the value in this row and it suppose to update the row instead of inserting a new value in the new row.

What's wrong with my code? ( My current of is inserting new value instead of updating the current row )

Edited by davy_yg

0

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        //if ( mysql_num_rows($_POST['post_id']) == 0)
        if ( $_POST['post_id'] !=0)
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];
            }
        else
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>

Notice: Undefined index: post_id in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 138

How to fix the error?

0

@davy read carefully your script, you have at:

line 5:

$post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';

line 14 & 15:

if (!empty($_GET['post_id'])){
$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

line 17:

$post_id = $data['post_ID'];

line 35:

if ( $_POST['post_id'] !=0)

line 41:

$sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

So, you are trying to get the value of post_id in three flavours:

$_GET['post_id']
$_POST['post_ID']
$_POST['post_id']

Now, if you are appending the post_id variable to the url used as action in your form, so:

<form method="post" action="http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php?post_id=1">

Then use $_GET['post_id'] everywhere in your script. If instead you're using an input field in your form:

<form method="post" action="http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php">

    <input type="hidden" name="post_id" value="1" />

Then use $_POST['post_id'] everywhere in your script, pay attention here: post_id not post_ID which for the server is a completely different variable.

0

ok, check this code:

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_POST['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_POST['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        //if ( mysql_num_rows($_POST['post_id']) == 0)
        if ( $_POST['post_id'] !=0)
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];
            }
        else
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <input type="hidden" name="post_id" value="<?php echo $post_id; ?>"/>
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

I try using $_POST['post_id'], now it doesn't even pull the Page information which suppose to be automatically fill in. It only works when I am using $_GET, yet I once heard someone told me that it's not a good idea to use $_GET often for security reason, is that true?

0

et I once heard someone told me that it's not a good idea to use $_GET often for security reason, is that true?

That is untrue, $_GET usually takes the input as a url string. You should validate if that user has permission to edit the post before doing anything anyway. So it doesn't matter if it is gotten from $_POST or $_GET.

You're getting confused.

Edited by iamthwee

0

ok, I try this: using $_GET instead.

input_berita_static.php

<div id="menu">
      <center>
        <h2>Static Page Manager</h2>
      </center>
      <p>&nbsp;</p>

  <p>&nbsp;</p><center>
      <p>

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_GET['post_id']) ? $_GET['post_id'] : '';  
    $confirmation = isset($_GET['confirmation']) ? $_GET['confirmation'] : '';  
    $kategori = isset($_GET['kategori']) ? $_GET['kategori'] : ''; 
    $news = isset($_GET['news']) ? $_GET['news'] : '';
    $judul = isset($_GET['judul']) ? $_GET['judul'] : ''; 
    $page = isset($_GET['page']) ? $_GET['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data".'<br>';
    echo "post_id is empty";
    }

    //Simpan berita 
    if (isset($_GET['ok'])){

        if (empty($_GET['post_id']))
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
        {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

        }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <!-- <input type="hidden" name="id" value="<?php// echo $id; ?>"/>-->
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

unable to select data
post_id is empty

See post_id is not suppose to be empty. There is a value for post_id. Why it keeps assuming that post_id is empty?

0

Because of this:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">

PHP_SELF returns the filename not the query string, to get all the values in the query string then you need also:

$_SERVER['QUERY_STRING']

So:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?'. $_SERVER['QUERY_STRING']; ?>">

Or:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?post_id='. $id; ?>">

Docs: http://www.php.net/manual/en/reserved.variables.server.php

1

As cereal pointed out, post_id is missing in form action URL. Append it to your form action as cereal shown above.

However, you should better split different page for create and update process. I made some changes in your code and it should also work fine. It's not tested and use on your own way upon it.

<div id="menu">
      <center>
        <h2>Static Page Manager</h2>
      </center>
      <p>&nbsp;</p>
  <p>&nbsp;</p><center>
      <p>
<?php
    include('../includes/koneksi.php');
    /**
     * Firstly, check if there is post_id in URL, if so, you're editing, if not, you're creating
     */
    $post_id = isset($_GET['post_id']) ? $_GET['post_id'] : '';

    /**
     * Assume post_id provided in URL, then check if the post already exists
     */
    if( $post_id != '' ) {
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$post_id) or die(mysql_error());
        $post = mysql_fetch_array($result);
    } else { // not found post
        $post = NULL;
    }

    /**
     * When form submit
     */
    if( isset( $_POST['ok'] ) ) {
        /**
         * Grab data from form. Don't forget to validate them as well
         */
        $news  = isset($_POST['news']) ? $_POST['news'] : '';
        $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
        $page  = isset($_POST['page']) ? $_POST['page'] : '';

        /**
         * If post found, then update it
         */
        if( $post != NULL && !empty( $post ) ) {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$post['post_id'];

            // Run your query
            $result = mysql_query($sqlstr) or die(mysql_error());

            // Set your message
            $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";

        } else {
            /**
             * You're creating new post. Get your new post information from the form
             */
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";

            // Run your query
            $result = mysql_query($sqlstr) or die(mysql_error());

            // Set your message
            $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";

            // Redirect after creating, it would better
            header( 'Location: all-post.php?message=' . $confirmation );
            exit(); // Don't run further code
        }
    }


    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?<?php $_SERVER['QUERY_STRING']; ?>">
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo ( $post ) ? $post['page'] : ''; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo ( $post ) ? $post['judul'] : ''; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo ( $post ) ? $post['isi_berita'] : ''; ?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

FYI: $_POST and $_GET explaination in php.net

0

cek this out:

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data".'<br>';
    echo "post_id is empty";
    }

    //Simpan berita 
    if (isset($_POST['ok'])){

        if (empty($_GET['post_id']))
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            echo "$sqlstr"; 
            }
        else
        {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE post_id=".$_GET['post_id'];
            echo "$sqlstr"; 
        }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?post_id='. $post_id; ?>">
            <!-- <input type="hidden" name="id" value="<?php// echo $id; ?>"/>-->
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

I print out the query string:

UPDATE static_page SET page='SEANET 2014', judul='', isi_berita='' WHERE post_id=1

I wonder why judul & isi_berita remains empty? There is suppose to be something in it, I already fill in something in the form.

1

You're overriding everything if post_id exists in URL. Check link 8-10 and 17-20. You're putting old data every time unless your post_id is not include in URL. If 'judul' and 'isi_berita' is empty string currently, they'll always empty every time you tried to update. I don't know why you assign your old data that are issuing on line 17-20. You only need values from form, not from your database to update / insert.

$post_id = $data['post_id'];
$page = $data['page'];
$judul = $data['judul'];
$news = $data['isi_berita'];

You code looks too messy. Have you tested my code ? As I mentioned above, split your create / edit page seperately is better. And put your logic in specific file and that looks more nicer.

0

That's to load the old data to the form before I update them. Is this code not enough to load the new data to the form?

input_berita_static.php

 //Simpan berita
if (isset($_POST['ok'])){

if (empty($_GET['post_id']))
    {
    $sqlstr = "INSERT INTO static_page(page, judul, isi_berita)     VALUES('".$page."','".$judul."','".$news."')";
    echo "$sqlstr";
    }

    else
    {
    $sqlstr = "UPDATE static_page SET page='".$page."',     judul='".$judul."', isi_berita='".$news."' WHERE post_id=". $_GET['post_id'];
    echo "$sqlstr";
    }
1

It's not secured enough.
Someone could manually type id in url and update wrong page.

Edited by Tpojka

0

Always try to make full-proof applications.
At least use ajax with javascript confirm pop up
or everything pass with action 'post'.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.