vendredi 10 juin 2016

How to edit and delete data of mysql databse? [closed]


I inserted data on database but could not edit or delete it. Here are deleting and editing codes. I know that my code is vulnerable to SQL injection but I badly need to solve this.

DELETE TABLE

<?php
if(isset($_POST['btn_delete']) != NULL)
    include_once("db_con.php");
{
    $txt_form_id = $_POST['txt_form_id'];
    @mysql_query("DELETE FROM tbl_contact WHERE fld_form_id = "$txt_form_id" LIMIT 1") or die(mysql_error());
    echo"<h2>TABLE HAS BEEN DELETED</h2>";
}
else
{
    $fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact ORDER BY fld_form_name";
    $fetch_result= mysql_query($fetch_sql); 
    echo"<div id='leftSide'><label for='sn' style='width:50px'><strong>SN.</strong> </label>  <label for='name'  style='width:200px'><strong>NAME</strong> </label>  <label for='level'  style='width:150px'><strong>ACTION</strong></label>' <div style='clear:both;> &nbsp; </div>";
    $sn=1;
    while($fetch_row=mysql_fetch_array($fetch_result))
    {
        $fld_form_id = $fetch_row['fld_form_id'];
        $fld_form_name = $fetch_row['fld_form_name'];
        echo"
        <form action='delete_table.php' method='post'>
        <label for='sn' style='width:50px'><strong>$sn.</strong> </label>  <label for='name'  style='width:200px'>$fld_form_name</label> 
        <input name='txt_form_id' type='hidden' value='<?php echo'$fld_form_id'; ?>
        <input name='btn_delete' type='submit' value='delete' class='buttons'> 
        </form> ";
        $sn=$sn+1;
    }
}
?>

EDIT TABLE

<?php
if(isset($_POST['btn_edit']) != NULL)
    include_once("db_con.php");
{
    $txt_form_id = $_POST['txt_form_id'];
    $fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact WHERE fld_form_id = "$txt_form_id"";
    $fetch_result= mysql_query($fetch_sql) or die(mysql_error()); 
    while($fetch_row=mysql_fetch_array($fetch_result))
    {
        $fld_form_id = $fetch_row['fld_form_id'];
        $fld_form_name = $fetch_row['fld_form_name'];
    ?>
    <form name = "my_form" method="post" action="edit_table.php">
    <fieldset>
    <legend><strong>CONTACT FORM</strong></legend>
    <input name="txt_form_id" type="hidden" value="<?php echo"$fld_form_id"; ?>">
    <div><label for="name"> Name: </label> <input name="txt_form_name" type="text" value="<?php echo"$fld_form_name"; ?>" size="50"  /> </div> 
    <div><input type="submit" name="btn_add"   value=" SAVE " /></div>
    </fieldset>  
    </form>
    <?php
    }
}
else if(isset($_POST['txt_form_name']) != NULL)
{
    $txt_form_id = $_POST['txt_form_id'];
    $txt_form_name = $_POST['txt_form_name'];
    @mysql_query("UPDATE tbl_contact SET fld_form_name = "$txt_form_name" WHERE fld_form_id = "$txt_form_id"") or die(mysql_error());
    echo"<h2 align='center'>TABLE HAS BEEN EDITED</h2>";
}
else
{
    $fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact ORDER BY fld_form_name";
    $fetch_result= mysql_query($fetch_sql); 
    echo"<div id='leftSide'><label for='sn' style='width:50px'><strong>SN.</strong> </label>  <label for='name'  style='width:200px'><strong>NAME</strong> </label>  <label for='level'  style='width:150px'><strong>ACTION</strong></label>  <br>";
    $sn=1;
    while($fetch_row = mysql_fetch_array($fetch_result))
    {
        $fld_form_id = $fetch_row['fld_form_id'];
        $fld_form_name = $fetch_row['fld_form_name'];
        echo"<form action='edit_table.php' method='post'>
        <label for='sn' style='width:50px'><strong>$sn.</strong> </label>  <label for='name'  style='width:200px'>$fld_form_name</label> <input name='btn_edit' type='submit' value='Edit' class='buttons'>
        </form>";
        $sn=$sn+1;
    }
}
?>  

Aucun commentaire:

Enregistrer un commentaire