Update data

if (empty($_POST['post_id']))

That's wrong... what you want to do is a select statement on the post_id, if num_rows_returned == 0 then do an insert, otherwise do an update.

I tried this:

//Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

        if ( mysql_num_rows($_POST['post_id']) == null)
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

            }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  

unable to select dataid is empty
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 126

line 126: if ( mysql_num_rows($_POST['post_id']) == null)

needs to be 0 not null. Also post_id is coming in as $_get not $_post.

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        if ( mysql_num_rows($_GET['post_id']) == 0)
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

            }
        $result = mysql_query($sqlstr) or die(mysql_error());

unable to select dataid is empty
Notice: Undefined index: post_id in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 137

Warning: mysql_num_rows() expects parameter 1 to be resource, null given in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 137

line 137: if ( mysql_num_rows($_GET['post_id']) == 0)

Sorry I have to ask but do you even know what you are doing?

Line 137 you're trying to use a mysql statement on a $_GET[].

Your code says you're trying to read the post_id as both get and post. It's one or the other not both, is post id a url string?

You shouldn't be using mysql, it is deprecated, if you do use mysql you should at least be escaping those values before inserting it into the database.

The form is using POST method. Every $_GET should change into $_POST

I change line 137 to: if ( mysql_num_rows($_POST['post_id']) == 0)

And I wonder why everytime I insert a new value it starts a new row instead of updating the existing post_id.

I think as of now I just remains using the mysql.

----------------------------

Why it doesn't pass the value from url:
http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php?post_id=1

post_id=1, I try to update the value in this row and it suppose to update the row instead of inserting a new value in the new row.

What's wrong with my code? ( My current of is inserting new value instead of updating the current row )

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_ID'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        //if ( mysql_num_rows($_POST['post_id']) == 0)
        if ( $_POST['post_id'] !=0)
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];
            }
        else
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>

Notice: Undefined index: post_id in C:\xampp\htdocs\free-prowebsite\site_pro\administrator\input_berita_static.php on line 138

How to fix the error?

@davy read carefully your script, you have at:

line 5:

$post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';

line 14 & 15:

if (!empty($_GET['post_id'])){
$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

line 17:

$post_id = $data['post_ID'];

line 35:

if ( $_POST['post_id'] !=0)

line 41:

$sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

So, you are trying to get the value of post_id in three flavours:

$_GET['post_id']
$_POST['post_ID']
$_POST['post_id']

Now, if you are appending the post_id variable to the url used as action in your form, so:

<form method="post" action="http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php?post_id=1">

Then use $_GET['post_id'] everywhere in your script. If instead you're using an input field in your form:

<form method="post" action="http://localhost/free-prowebsite/site_pro/administrator/input_berita_static.php">

    <input type="hidden" name="post_id" value="1" />

Then use $_POST['post_id'] everywhere in your script, pay attention here: post_id not post_ID which for the server is a completely different variable.

ok, check this code:

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_POST['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_POST['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data";
    echo "id is empty";
    }


    //Simpan berita 
    if (isset($_POST['ok'])){

    //$result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());

        //if ( mysql_num_rows($_POST['post_id']) == 0)
        if ( $_POST['post_id'] !=0)
            {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];
            }
        else
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }

        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <input type="hidden" name="post_id" value="<?php echo $post_id; ?>"/>
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

I try using $_POST['post_id'], now it doesn't even pull the Page information which suppose to be automatically fill in. It only works when I am using $_GET, yet I once heard someone told me that it's not a good idea to use $_GET often for security reason, is that true?

et I once heard someone told me that it's not a good idea to use $_GET often for security reason, is that true?

That is untrue, $_GET usually takes the input as a url string. You should validate if that user has permission to edit the post before doing anything anyway. So it doesn't matter if it is gotten from $_POST or $_GET.

You're getting confused.

ok, I try this: using $_GET instead.

input_berita_static.php

<div id="menu">
      <center>
        <h2>Static Page Manager</h2>
      </center>
      <p>&nbsp;</p>

  <p>&nbsp;</p><center>
      <p>

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_GET['post_id']) ? $_GET['post_id'] : '';  
    $confirmation = isset($_GET['confirmation']) ? $_GET['confirmation'] : '';  
    $kategori = isset($_GET['kategori']) ? $_GET['kategori'] : ''; 
    $news = isset($_GET['news']) ? $_GET['news'] : '';
    $judul = isset($_GET['judul']) ? $_GET['judul'] : ''; 
    $page = isset($_GET['page']) ? $_GET['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data".'<br>';
    echo "post_id is empty";
    }

    //Simpan berita 
    if (isset($_GET['ok'])){

        if (empty($_GET['post_id']))
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            }
        else
        {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$_POST['post_id'];

        }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">
            <!-- <input type="hidden" name="id" value="<?php// echo $id; ?>"/>-->
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

unable to select data
post_id is empty

See post_id is not suppose to be empty. There is a value for post_id. Why it keeps assuming that post_id is empty?

Because of this:

<form method="post" action="<?php echo $_SERVER['PHP_SELF']?>">

PHP_SELF returns the filename not the query string, to get all the values in the query string then you need also:

$_SERVER['QUERY_STRING']

So:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?'. $_SERVER['QUERY_STRING']; ?>">

Or:

<form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?post_id='. $id; ?>">

Docs: http://www.php.net/manual/en/reserved.variables.server.php

As cereal pointed out, post_id is missing in form action URL. Append it to your form action as cereal shown above.

However, you should better split different page for create and update process. I made some changes in your code and it should also work fine. It's not tested and use on your own way upon it.

<div id="menu">
      <center>
        <h2>Static Page Manager</h2>
      </center>
      <p>&nbsp;</p>
  <p>&nbsp;</p><center>
      <p>
<?php
    include('../includes/koneksi.php');
    /**
     * Firstly, check if there is post_id in URL, if so, you're editing, if not, you're creating
     */
    $post_id = isset($_GET['post_id']) ? $_GET['post_id'] : '';

    /**
     * Assume post_id provided in URL, then check if the post already exists
     */
    if( $post_id != '' ) {
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$post_id) or die(mysql_error());
        $post = mysql_fetch_array($result);
    } else { // not found post
        $post = NULL;
    }

    /**
     * When form submit
     */
    if( isset( $_POST['ok'] ) ) {
        /**
         * Grab data from form. Don't forget to validate them as well
         */
        $news  = isset($_POST['news']) ? $_POST['news'] : '';
        $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
        $page  = isset($_POST['page']) ? $_POST['page'] : '';

        /**
         * If post found, then update it
         */
        if( $post != NULL && !empty( $post ) ) {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE id=".$post['post_id'];

            // Run your query
            $result = mysql_query($sqlstr) or die(mysql_error());

            // Set your message
            $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";

        } else {
            /**
             * You're creating new post. Get your new post information from the form
             */
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";

            // Run your query
            $result = mysql_query($sqlstr) or die(mysql_error());

            // Set your message
            $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";

            // Redirect after creating, it would better
            header( 'Location: all-post.php?message=' . $confirmation );
            exit(); // Don't run further code
        }
    }


    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>?<?php $_SERVER['QUERY_STRING']; ?>">
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo ( $post ) ? $post['page'] : ''; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo ( $post ) ? $post['judul'] : ''; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo ( $post ) ? $post['isi_berita'] : ''; ?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

FYI: $_POST and $_GET explaination in php.net

cek this out:

input_berita_static.php

<?php

    include('../includes/koneksi.php');

    $post_id = isset($_POST['post_id']) ? $_POST['post_id'] : '';  
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  
    $kategori = isset($_POST['kategori']) ? $_POST['kategori'] : ''; 
    $news = isset($_POST['news']) ? $_POST['news'] : '';
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $page = isset($_POST['page']) ? $_POST['page'] : '';


    //Load berita
    if (!empty($_GET['post_id'])){
        $result = mysql_query("SELECT * FROM static_page WHERE post_id =".$_GET['post_id']) or die(mysql_error());
        $data = mysql_fetch_array($result);
        $post_id = $data['post_id'];
        $page = $data['page'];
        $judul = $data['judul'];
        $news = $data['isi_berita'];

    }
    else {
    echo "unable to select data".'<br>';
    echo "post_id is empty";
    }

    //Simpan berita 
    if (isset($_POST['ok'])){

        if (empty($_GET['post_id']))
            {
            $sqlstr = "INSERT INTO static_page(page, judul, isi_berita) VALUES('".$page."','".$judul."','".$news."')";
            echo "$sqlstr"; 
            }
        else
        {
            $sqlstr = "UPDATE static_page SET page='".$page."', judul='".$judul."', isi_berita='".$news."' WHERE post_id=".$_GET['post_id'];
            echo "$sqlstr"; 
        }
        $result = mysql_query($sqlstr) or die(mysql_error());

        //Jika mode edit, maka tidak akan dikirimkan konfirmasi kepada subscriber
        //if (empty($_REQUEST['id']))   kirimEmail($idKategori, $judul, $news);
        $confirmation = ($result) ? "Data telah tersimpan." : "Gagal menyimpan data.";  
    }
    ?>
    <div align="center">
        <div style="width:800px;text-align:left;">
        <?php echo $confirmation;?>
        <form method="post" action="<?php echo $_SERVER['PHP_SELF'] .'?post_id='. $post_id; ?>">
            <!-- <input type="hidden" name="id" value="<?php// echo $id; ?>"/>-->
            <table>
                <tr>
                    <td>Page <font color="red">*</font></td>                
                    <td><input type="text" size="50px" name="page" value="<?php echo $page; ?>" readonly></td>
                </tr>
                <tr>
                    <td>Judul</td>
                    <td><input type="text" size="50px" name="judul" value="<?php echo $judul; ?>"/></td>
                </tr>
                <tr>
                    <td valign="top">Isi berita</td>              
                    <td>
                        <textarea cols="60" rows="10" id="news" name="news"><?php echo $news;?></textarea>
                        <script type="text/javascript">
                            var editor = CKEDITOR.replace('news');
                        </script>                    </td>
                </tr>
                <tr>             
                    <td><input type="submit" name="ok" value="Simpan"/></td>
              </tr>
            </table>
        </form>
        </div>
    </div>
</div>    

I print out the query string:

UPDATE static_page SET page='SEANET 2014', judul='', isi_berita='' WHERE post_id=1

I wonder why judul & isi_berita remains empty? There is suppose to be something in it, I already fill in something in the form.

You're overriding everything if post_id exists in URL. Check link 8-10 and 17-20. You're putting old data every time unless your post_id is not include in URL. If 'judul' and 'isi_berita' is empty string currently, they'll always empty every time you tried to update. I don't know why you assign your old data that are issuing on line 17-20. You only need values from form, not from your database to update / insert.

$post_id = $data['post_id'];
$page = $data['page'];
$judul = $data['judul'];
$news = $data['isi_berita'];

You code looks too messy. Have you tested my code ? As I mentioned above, split your create / edit page seperately is better. And put your logic in specific file and that looks more nicer.

That's to load the old data to the form before I update them. Is this code not enough to load the new data to the form?

input_berita_static.php

 //Simpan berita
if (isset($_POST['ok'])){

if (empty($_GET['post_id']))
    {
    $sqlstr = "INSERT INTO static_page(page, judul, isi_berita)     VALUES('".$page."','".$judul."','".$news."')";
    echo "$sqlstr";
    }

    else
    {
    $sqlstr = "UPDATE static_page SET page='".$page."',     judul='".$judul."', isi_berita='".$news."' WHERE post_id=". $_GET['post_id'];
    echo "$sqlstr";
    }

It's not secured enough.
Someone could manually type id in url and update wrong page.

What should I do then?

Always try to make full-proof applications.
At least use ajax with javascript confirm pop up
or everything pass with action 'post'.

I put many knowledge about your post.
thanks davy yg.