0

I have to make a select to get the info from db from a particular article id it it about an php to mysql database field edit.

Thanks in advance!

 <?
      include "db.php";//database connection
       $order = "SELECT * FROM comanda
    where ['id']=''";
      $result = mysql_query($order);
      $row = mysql_fetch_array($result);
      ?>
      <form method="post" action="edit_reper.php">
      <input type="hidden" name="id" value="<? echo $_GET['id']?>
        <tr>        
          <td>Cod</td>
          <td>
            <input type="text" name="cod" 
        size="20" value="<? echo "$row[cod]"?>
          </td>
        </tr>
        <tr>        
          <td>Denumire Material</td>
          <td>
            <input type="text" name="den_material" 
        size="20" value="<? echo "$row[den_material]"?>
          </td>
        </tr>
        <tr>        
          <td>Greutate Totala</td>
          <td>
            <input type="text" name="greutate_totala" 
        size="20" value="<? echo "$row[greutate_totala]"?>
          </td>
        </tr>
        <tr>        
          <td>Name</td>
          <td>
            <input type="text" name="cant_reper" 
        size="20" value="<? echo "$row[cant_reper]"?>
          </td>
        </tr>
        <tr>
          <td>Address</td>
          <td>
            <input type="text" name="lg" size="40" 
          value="<? echo "$row[lg]"?>
          </td>
        </tr>
        <tr>
          <td align="right">
            <input type="submit" 
          name="submit value" value="Edit">
2
Contributors
7
Replies
48
Views
2 Years
Discussion Span
Last Post by broj1
1

You are almost there. Just remove quotes arround the row elements, add quotes arround row element names, add semicolon at the end and use <?php start tags:

<?php echo $row['den_material'];?>

You might also want to check for errors:

 if($result = mysql_query($order)) {
     // do the stuff...
     ...
 } else {
     // handle error..
 }

Same with the $row = mysql_fetch_array($result) code.

Edited by broj1

0

Thanks broj1 but i need a more clear answer, any help would be apreciated. Waiting for more answers! :)

1

OK, I gave one line of code as an example and this is the whole snippet:

<?php
  include "db.php";//database connection
   $order = "SELECT * FROM comanda where ['id']=''";
  $result = mysql_query($order);
  $row = mysql_fetch_array($result);
  ?>
  <form method="post" action="edit_reper.php">
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>
    <tr>        
      <td>Cod</td>
      <td>
        <input type="text" name="cod" 
    size="20" value="<?php echo $row['cod'];?>
      </td>
    </tr>
    <tr>        
      <td>Denumire Material</td>
      <td>
        <input type="text" name="den_material" 
    size="20" value="<?php echo $row['den_material'];?>
      </td>
    </tr>
    <tr>        
      <td>Greutate Totala</td>
      <td>
        <input type="text" name="greutate_totala" 
    size="20" value="<?php echo $row['greutate_totala'];?>
      </td>
    </tr>
    <tr>        
      <td>Name</td>
      <td>
        <input type="text" name="cant_reper" 
    size="20" value="<?php echo $row['cant_reper'];?>
      </td>
    </tr>
    <tr>
      <td>Address</td>
      <td>
        <input type="text" name="lg" size="40" 
      value="<?php echo $row['lg'];?>
      </td>
    </tr>
    <tr>
      <td align="right">
        <input type="submit" 
      name="submit value" value="Edit">

There is still something not OK in the select query on line 3. Something is missing at the where condition, maybe the $_GET (I don't know only you could). Maybe this way:

$order = "SELECT * FROM comanda where {$_GET['id']}=''";

Edited by broj1

0

Also a concern about security on line 8. Instead of:

<input type="hidden" name="id" value="<?php echo $_GET['id'];?>

it should be:

<input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']);?>

to escape possible bad script injection into html.

Edited by broj1

0
    $order = "SELECT * FROM comanda where {$_GET['id']}=''";

The ideea with this is to select the id i mean select the edited id or smthing like this.

0

This is insecure. You have to sanitize the user input before using it in a select statement.

// suppose the ID is an integer
$id = intval($_GET['id']);
$order = "SELECT * FROM comanda where $id=<some condition here>";
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.