Hi
edit_order.php

<?php
session_start();
if(!isset($_SESSION['admin'])){
    echo "Only the admin can see this page";
    header("Refresh: 3;url=login.php");
}else{
    require("inc/config.php");
    require("inc/header.php");
    $id = $_GET['id'];
    $sql = "SELECT * FROM serv WHERE id=$id";
    $query = mysql_query($sql);
    while($serv = mysql_fetch_object($query)){
        $title = $serv->title;
        $describtion = $serv->describtion;
        $url = $serv->url;
        $status = $serv->status;
    }
?>
<center>

    <form action="check_edit.php?id=$id" mehod="GET">
        title : <input type="text" name="title" value="<?php echo $title; ?>"><br />
        order : <textarea name="describtion" cols="50" rows="15"><?php echo $describtion; ?>

When your form is method='get' any get variabhles within the action url will be overriden. What you have to do is make a hidden input field to pass it through, like so:

<input type='hidden' name='id' value='$id' />

Also in your script you really need to sanitize the form data before submitting it to a database. Like this:

  $id = (int)mysql_real_escape_string($_GET['id']);
  $sql = "SELECT * FROM serv WHERE id=$id";

Normally just mysql_real_escape_string is fine but with numeric input you have to make sure that it's numeric unless you're using quotes around it.

Thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.