Blank page coming

abeerbd · June 13, 2011, 5:48pm

here is my code. it grabs id number from url then post data to mysql. everything is working fine… the is also updating by this codes…

but the problem is after clicking the change button it goes to a blank page.

check out

<?php
$hostname = "local";
$username = "lash";
$password = "lash";

$db = mysql_connect($hostname, $username, $password) or die ("not able to connected to mysql");
// connect to database

mysql_select_db("lash")or die("Connection Failed");

$id = $_GET['id'];
if(isset($_POST['id'])) {
$sql="UPDATE page SET dtl='".$_POST['content']."' WHERE id = ".$_POST['id'];
mysql_query($sql) or die(mysql_error());
}


$result = mysql_query("select * from page where id = $id");
$row = mysql_fetch_assoc($result);
mysql_close($db);
?>

<html>
<head></head>
<body>

<form name="change_content" method="POST" action="update3.php">
<input type="hidden" name="id" value="<?php echo $row["id"]; ?>">
<textarea name="content"><?php echo $row["dtl"]; ?></textarea>
<input type="submit" value="change">
</form>

</body>
</html>

is it possible that after clicking the button CHANGE . it wil sho that " the data sucessfully saved"

StarLion · June 13, 2011, 6:26pm

I dont get a blank page. I get this:
PHP Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\USERS\platform soc\platformsociety.org\wwwroot\update3.php on line 19

Your query is failing.

techbongo · June 13, 2011, 6:27pm

abeerbd:

here is my code. it grabs id number from url then post data to mysql. everything is working fine… the is also updating by this codes…

but the problem is after clicking the change button it goes to a blank page.

check out
http://www.platformsociety.org/update3.php/?id=2
<?php
$hostname = "local";
$username = "lash";
$password = "lash";

$db = mysql_connect($hostname, $username, $password) or die ("not able to connected to mysql");
// connect to database

mysql_select_db("lash")or die("Connection Failed");

$id = $_GET['id'];
if(isset($_POST['id'])) {
$sql="UPDATE page SET dtl='".$_POST['content']."' WHERE id = ".$_POST['id'];
mysql_query($sql) or die(mysql_error());
}


[B]$result = mysql_query("select * from page where id = '".$id."'");[/B]
$row = mysql_fetch_assoc($result);
mysql_close($db);
?>

<html>
<head></head>
<body>

[B]<form name="change_content" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">[/B]
<input type="hidden" name="id" value="<?php echo $row["id"]; ?>">
<textarea name="content"><?php echo $row["dtl"]; ?></textarea>
<input type="submit" value="change">
</form>

</body>
</html>
is it possible that after clicking the button CHANGE . it wil sho that " the data sucessfully saved"

I’ve corrected two lines of code above and they’re bolden. Try this. Hope it solves the problem.
AND AND please don’t share such an easily penetrable page link, as well as it’s code on public forums anymore. Remove the page and change the filename, try it locally or take precaution for XSS or MySQL injection. Anyone around with a bad-intention can get into ur site now. Please remove the file update3.php from the current path immediately.

abeerbd · June 14, 2011, 4:29am

thnaks mates. iam removing the page from live server.again thanks for the help. but ihave two more question…

after presing the button amessage will appear that " data saved sucessfully"

2.how can prevent sql injection?

SPMuthu · June 14, 2011, 8:00am

Use javascript to display as data saved successfully or you can do coding internally in your coding page.
Have a look on the below link friend,
learnphponline.com/security/sql-injection-prevention-mysql-php

abeerbd · June 14, 2011, 2:44pm

Thank you friends. you all are really helpfull…