here is my code. it grabs id number from url then post data to mysql. everything is working fine.. the is also updating by this codes..
but the problem is after clicking the change button it goes to a blank page.
$hostname = "local";
$username = "lash";
$password = "lash";
$db = mysql_connect($hostname, $username, $password) or die ("not able to connected to mysql");
// connect to database
mysql_select_db("lash")or die("Connection Failed");
$id = $_GET['id'];
$sql="UPDATE page SET dtl='".$_POST['content']."' WHERE id = ".$_POST['id'];
mysql_query($sql) or die(mysql_error());
$result = mysql_query("select * from page where id = $id");
$row = mysql_fetch_assoc($result);
<form name="change_content" method="POST" action="update3.php">
<input type="hidden" name="id" value="<?php echo $row["id"]; ?>">
<textarea name="content"><?php echo $row["dtl"]; ?></textarea>
<input type="submit" value="change">
is it possible that after clicking the button CHANGE . it wil sho that " the data sucessfully saved"
I dont get a blank page. I get this:
PHP Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\USERS\platform soc\platformsociety.org\wwwroot\update3.php on line 19
Your query is failing.
I've corrected two lines of code above and they're bolden. Try this. Hope it solves the problem.
AND AND please don't share such an easily penetrable page link, as well as it's code on public forums anymore. Remove the page and change the filename, try it locally or take precaution for XSS or MySQL injection. Anyone around with a bad-intention can get into ur site now. Please remove the file update3.php from the current path immediately.
thnaks mates. iam removing the page from live server.again thanks for the help. but ihave two more question..
- after presing the button amessage will appear that " data saved sucessfully"
2.how can prevent sql injection?
Have a look on the below link friend,
Thank you friends. you all are really helpfull...