Member Avatar for erminasrcutp

Hi everyone , below is my update.php code , however , I am seeking for code to update specific user . For example

Search Id : _______________________ [search]

if user want to search id details for id : 11

the update.php will show open a page that can update that 11 details.

For my code , it is not specific.

Hope someone can help me please.

update.php

<center>
<h1><u>Library Database</u></h1>
</center>
<?php
$con = mysql_connect("localhost","root","");
if(!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("c_database",$con);

if(isset($_POST['update'])){
$UpdateQuery="UPDATE myaduan SET id='$_POST[id]', nama_pengadu='$_POST[nama_pengadu]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};


if(isset($_POST['delete'])){
$DeleteQuery="DELETE FROM myaduan WHERE id='$_POST[hidden]'";
mysql_query($DeleteQuery,$con);
};

$sql="SELECT * FROM myaduan";
$myEdit=mysql_query($sql,$con);

echo "<table style=border:1px solid silver cellpadding=5px cellspacing=0px align=center border=0>
<tr>
<td colspan=4 style=background:0066FF; color:#FFFFFF; fontsize: 20px>UPDATE RECORD</td></tr>
<tr>
<td>ISBN</td>
<td>Title</td>
</tr>";
while($record = mysql_fetch_array($myEdit)){
echo "<form action=update.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=id value=".$record['id'] . " </td>";
echo "<td>" . "<input type=text name=nama_pengadu value=".$record['nama_pengadu']. " </td>";
echo "<td>". "<input type=hidden name=hidden value=".$record['id']. " </td>";
echo "<td>"."<input type=submit name=update value=update"." </td>";
echo "<td>"."<input type=submit name=delete value=delete"." </td>";
echo "</tr>";
echo"</form>";
}
echo"</table>";
mysql_close($con);
?>
  • 5 Contributors
  • 6 Replies
  • 316 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by Lsmjudoka

Recommended Answers

All 6 Replies

Member Avatar for Eagle.Avik

I am not sure what you mean by

. "if user want to search id details for id : 11

the update.php will show open a page that can update that 11 details."

But here is some hole i found in your code.

  1. Dont use mysql, use mysqli or pdo. I prefer pdo.
  2. You are using tainted data submitted by user directly. You are fully open for a a SQL INJECTION.

in mysql you can use htmlspecialchars, but pdo has better solution like binding value.

htmlspecialchars is not consider safe anymore. So better use mysqli or pdo.

Member Avatar for ma1012082

very nice your post, it may help my php. do you know photoshop?

Member Avatar for erminasrcutp

sorrry , but i dont know on how to do pdo . do you mind to teach me ?

Member Avatar for furqan219

Use below code

// Define Variable
$ServerName             =   $_POST[ServerName];         //ServerName
$a1                 =   $_POST[a1];                     //Hi Memeory Utilization
$a2                 =   $_POST[a2];                     //Avg Memeory Utilization
$a3                 =   $_POST[a3];                     //Hi CPU Utilization
$a4                 =   $_POST[a4];                     //Avg CPU Utilization
$a5                 =   $_POST[a5];                     //Hi I/O Utilization
$a6                 =   $_POST[a6];                     //Avg I/O Utilization
$a7                 =   $_POST[a7];                     //Hi Disk Usage
$a8                 =   $_POST[a8];                     //Avg Disk Usage

// We Will prepare SQL Query
    $STM = $dbh->prepare("INSERT INTO statstracker(ServerName, HiMemUti,AvgMemUti,HiCpuUti,AvgCpuUti,HiIOPerSec,AvgIOPerSec,HiDiskUsage,AvgDsikUsage,EntryBy,EntryDate) VALUES (:ServerName,:a1,:a2,:a3,:a4,:a5,:a6,:a7,:a8,:user,CURRENT_DATE())");
    $STM2 = $dbh->prepare("UPDATE ServerName SET EntryDate=CURRENT_DATE() WHERE ServerName=:ServerName2");
// bind paramenters, Named paramenters alaways start with colon(:)
    $STM->bindParam(':ServerName', $ServerName);
    $STM2->bindParam(':ServerName2', $ServerName);
    $STM->bindParam(':a1', $a1);
    $STM->bindParam(':a2', $a2);
    $STM->bindParam(':a3', $a3);
    $STM->bindParam(':a4', $a4);
    $STM->bindParam(':a5', $a5);
    $STM->bindParam(':a6', $a6);
    $STM->bindParam(':a7', $a7);
    $STM->bindParam(':a8', $a8);
    $STM->bindParam(':user', $_SESSION[myusername]);
// For Executing prepared statement we will use below function
    $STM->execute();
    $STM2->execute();
Member Avatar for erminasrcutp

i didnt understand the code above.

Member Avatar for Lsmjudoka

PDO is great, but to answer the original question:

The key to fetching and updating a specific set of data (For instance user #11) is exactly that, fetching the data for user #11. Usually this is done with a user_id column in your database table. What you will have to do is:

1) Prompt for the user ID
2) Fetch the data for that user ID from the database and show the user the form to edit it
3) Update the database with the submitted data

To get a specific record from the database you need to use the WHERE clause in your SELECT query, like so:

SELECT * FROM users WHERE user_id = 11

To respond to what everyone else was saying, here is an example of PDO prepared statements.
http://us3.php.net/manual/en/pdo.prepared-statements.php

Edited by Lsmjudoka
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.