Urgent a php to MySQL!

Question

radu.campian 0 Newbie Poster

9 Years Ago

I have to make a select to get the info from db from a particular article id it it about an php to mysql database field edit.

Thanks in advance!

 <?
      include "db.php";//database connection
       $order = "SELECT * FROM comanda
    where ['id']=''";
      $result = mysql_query($order);
      $row = mysql_fetch_array($result);
      ?>
      <form method="post" action="edit_reper.php">
      <input type="hidden" name="id" value="<? echo $_GET['id']?>
        <tr>        
          <td>Cod</td>
          <td>
            <input type="text" name="cod" 
        size="20" value="<? echo "$row[cod]"?>
          </td>
        </tr>
        <tr>        
          <td>Denumire Material</td>
          <td>
            <input type="text" name="den_material" 
        size="20" value="<? echo "$row[den_material]"?>
          </td>
        </tr>
        <tr>        
          <td>Greutate Totala</td>
          <td>
            <input type="text" name="greutate_totala" 
        size="20" value="<? echo "$row[greutate_totala]"?>
          </td>
        </tr>
        <tr>        
          <td>Name</td>
          <td>
            <input type="text" name="cant_reper" 
        size="20" value="<? echo "$row[cant_reper]"?>
          </td>
        </tr>
        <tr>
          <td>Address</td>
          <td>
            <input type="text" name="lg" size="40" 
          value="<? echo "$row[lg]"?>
          </td>
        </tr>
        <tr>
          <td align="right">
            <input type="submit" 
          name="submit value" value="Edit">

mysql php

2 Contributors
7 Replies
208 Views
6 Days Discussion Span
Latest Post 9 Years Ago Latest Post by broj1

broj1 356 Humble servant

9 Years Ago

You are almost there. Just remove quotes arround the row elements, add quotes arround row element names, add semicolon at the end and use <?php start tags:

<?php echo $row['den_material'];?>

You might also want to check for errors:

 if($result = mysql_query($order)) {
     // do the stuff...
     ...
 } else {
     // handle error..
 }

Same with the $row = mysql_fetch_array($result) code.

Edited 9 Years Ago by broj1

broj1 356 Humble servant

9 Years Ago

OK, I gave one line of code as an example and this is the whole snippet:

<?php
  include "db.php";//database connection
   $order = "SELECT * FROM comanda where ['id']=''";
  $result = mysql_query($order);
  $row = mysql_fetch_array($result);
  ?>
  <form method="post" action="edit_reper.php">
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>
    <tr>        
      <td>Cod</td>
      <td>
        <input type="text" name="cod" 
    size="20" value="<?php echo $row['cod'];?>
      </td>
    </tr>
    <tr>        
      <td>Denumire Material</td>
      <td>
        <input type="text" name="den_material" 
    size="20" value="<?php echo $row['den_material'];?>
      </td>
    </tr>
    <tr>        
      <td>Greutate Totala</td>
      <td>
        <input type="text" name="greutate_totala" 
    size="20" value="<?php echo $row['greutate_totala'];?>
      </td>
    </tr>
    <tr>        
      <td>Name</td>
      <td>
        <input type="text" name="cant_reper" 
    size="20" value="<?php echo $row['cant_reper'];?>
      </td>
    </tr>
    <tr>
      <td>Address</td>
      <td>
        <input type="text" name="lg" size="40" 
      value="<?php echo $row['lg'];?>
      </td>
    </tr>
    <tr>
      <td align="right">
        <input type="submit" 
      name="submit value" value="Edit">

There is still something not OK in the select query on line 3. Something is missing at the where condition, maybe the $_GET (I don't know only you could). Maybe this way:

$order = "SELECT * FROM comanda where {$_GET['id']}=''";

Edited 9 Years Ago by broj1

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

radu.campian 0 Newbie Poster · Answer 1 · 2015-02-01T17:53:15+00:00

Thanks broj1 but i need a more clear answer, any help would be apreciated. Waiting for more answers! :)

broj1 356 Humble servant Featured Poster · Answer 2 · 2015-02-01T18:56:38+00:00

Also a concern about security on line 8. Instead of:

<input type="hidden" name="id" value="<?php echo $_GET['id'];?>

it should be:

<input type="hidden" name="id" value="<?php echo htmlspecialchars($_GET['id']);?>

to escape possible bad script injection into html.

radu.campian 0 Newbie Poster · Answer 3 · 2015-02-07T12:49:33+00:00

could you add me on skype my skype name is like here radu.campian

radu.campian 0 Newbie Poster · Answer 4 · 2015-02-07T13:04:59+00:00

    $order = "SELECT * FROM comanda where {$_GET['id']}=''";

The ideea with this is to select the id i mean select the edited id or smthing like this.

broj1 356 Humble servant Featured Poster · Answer 5 · 2015-02-07T15:42:53+00:00

This is insecure. You have to sanitize the user input before using it in a select statement.

// suppose the ID is an integer
$id = intval($_GET['id']);
$order = "SELECT * FROM comanda where $id=<some condition here>";