I inserted data on database but could not edit or delete it. Here are deleting and editing codes. I know that my code is vulnerable to SQL injection but I badly need to solve this.
DELETE TABLE
<?php
if(isset($_POST['btn_delete']) != NULL)
include_once("db_con.php");
{
$txt_form_id = $_POST['txt_form_id'];
@mysql_query("DELETE FROM tbl_contact WHERE fld_form_id = "$txt_form_id" LIMIT 1") or die(mysql_error());
echo"<h2>TABLE HAS BEEN DELETED</h2>";
}
else
{
$fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact ORDER BY fld_form_name";
$fetch_result= mysql_query($fetch_sql);
echo"<div id='leftSide'><label for='sn' style='width:50px'><strong>SN.</strong> </label> <label for='name' style='width:200px'><strong>NAME</strong> </label> <label for='level' style='width:150px'><strong>ACTION</strong></label>' <div style='clear:both;> </div>";
$sn=1;
while($fetch_row=mysql_fetch_array($fetch_result))
{
$fld_form_id = $fetch_row['fld_form_id'];
$fld_form_name = $fetch_row['fld_form_name'];
echo"
<form action='delete_table.php' method='post'>
<label for='sn' style='width:50px'><strong>$sn.</strong> </label> <label for='name' style='width:200px'>$fld_form_name</label>
<input name='txt_form_id' type='hidden' value='<?php echo'$fld_form_id'; ?>
<input name='btn_delete' type='submit' value='delete' class='buttons'>
</form> ";
$sn=$sn+1;
}
}
?>
EDIT TABLE
<?php
if(isset($_POST['btn_edit']) != NULL)
include_once("db_con.php");
{
$txt_form_id = $_POST['txt_form_id'];
$fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact WHERE fld_form_id = "$txt_form_id"";
$fetch_result= mysql_query($fetch_sql) or die(mysql_error());
while($fetch_row=mysql_fetch_array($fetch_result))
{
$fld_form_id = $fetch_row['fld_form_id'];
$fld_form_name = $fetch_row['fld_form_name'];
?>
<form name = "my_form" method="post" action="edit_table.php">
<fieldset>
<legend><strong>CONTACT FORM</strong></legend>
<input name="txt_form_id" type="hidden" value="<?php echo"$fld_form_id"; ?>">
<div><label for="name"> Name: </label> <input name="txt_form_name" type="text" value="<?php echo"$fld_form_name"; ?>" size="50" /> </div>
<div><input type="submit" name="btn_add" value=" SAVE " /></div>
</fieldset>
</form>
<?php
}
}
else if(isset($_POST['txt_form_name']) != NULL)
{
$txt_form_id = $_POST['txt_form_id'];
$txt_form_name = $_POST['txt_form_name'];
@mysql_query("UPDATE tbl_contact SET fld_form_name = "$txt_form_name" WHERE fld_form_id = "$txt_form_id"") or die(mysql_error());
echo"<h2 align='center'>TABLE HAS BEEN EDITED</h2>";
}
else
{
$fetch_sql = "SELECT fld_form_id, fld_form_name FROM tbl_contact ORDER BY fld_form_name";
$fetch_result= mysql_query($fetch_sql);
echo"<div id='leftSide'><label for='sn' style='width:50px'><strong>SN.</strong> </label> <label for='name' style='width:200px'><strong>NAME</strong> </label> <label for='level' style='width:150px'><strong>ACTION</strong></label> <br>";
$sn=1;
while($fetch_row = mysql_fetch_array($fetch_result))
{
$fld_form_id = $fetch_row['fld_form_id'];
$fld_form_name = $fetch_row['fld_form_name'];
echo"<form action='edit_table.php' method='post'>
<label for='sn' style='width:50px'><strong>$sn.</strong> </label> <label for='name' style='width:200px'>$fld_form_name</label> <input name='btn_edit' type='submit' value='Edit' class='buttons'>
</form>";
$sn=$sn+1;
}
}
?>
Aucun commentaire:
Enregistrer un commentaire