SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question blank page coming...

    here is my code. it grabs id number from url then post data to mysql. everything is working fine.. the is also updating by this codes..

    but the problem is after clicking the change button it goes to a blank page.

    check out
    http://www.platformsociety.org/update3.php/?id=2

    Code:
    <?php
    $hostname = "local";
    $username = "lash";
    $password = "lash";
    
    $db = mysql_connect($hostname, $username, $password) or die ("not able to connected to mysql");
    // connect to database
    
    mysql_select_db("lash")or die("Connection Failed");
    
    $id = $_GET['id'];
    if(isset($_POST['id'])) {
    $sql="UPDATE page SET dtl='".$_POST['content']."' WHERE id = ".$_POST['id'];
    mysql_query($sql) or die(mysql_error());
    }
    
    
    $result = mysql_query("select * from page where id = $id");
    $row = mysql_fetch_assoc($result);
    mysql_close($db);
    ?>
    
    <html>
    <head></head>
    <body>
    
    <form name="change_content" method="POST" action="update3.php">
    <input type="hidden" name="id" value="<?php echo $row["id"]; ?>">
    <textarea name="content"><?php echo $row["dtl"]; ?></textarea>
    <input type="submit" value="change">
    </form>
    
    </body>
    </html>
    is it possible that after clicking the button CHANGE . it wil sho that " the data sucessfully saved"

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    71 Post(s)
    Tagged
    0 Thread(s)
    I dont get a blank page. I get this:
    PHP Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in D:\USERS\platform soc\platformsociety.org\wwwroot\update3.php on line 19

    Your query is failing.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2009
    Location
    Kolkata, India
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by abeerbd View Post
    here is my code. it grabs id number from url then post data to mysql. everything is working fine.. the is also updating by this codes..

    but the problem is after clicking the change button it goes to a blank page.

    check out
    http://www.platformsociety.org/update3.php/?id=2

    Code:
    <?php
    $hostname = "local";
    $username = "lash";
    $password = "lash";
    
    $db = mysql_connect($hostname, $username, $password) or die ("not able to connected to mysql");
    // connect to database
    
    mysql_select_db("lash")or die("Connection Failed");
    
    $id = $_GET['id'];
    if(isset($_POST['id'])) {
    $sql="UPDATE page SET dtl='".$_POST['content']."' WHERE id = ".$_POST['id'];
    mysql_query($sql) or die(mysql_error());
    }
    
    
    $result = mysql_query("select * from page where id = '".$id."'");
    $row = mysql_fetch_assoc($result);
    mysql_close($db);
    ?>
    
    <html>
    <head></head>
    <body>
    
    <form name="change_content" method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <input type="hidden" name="id" value="<?php echo $row["id"]; ?>">
    <textarea name="content"><?php echo $row["dtl"]; ?></textarea>
    <input type="submit" value="change">
    </form>
    
    </body>
    </html>
    is it possible that after clicking the button CHANGE . it wil sho that " the data sucessfully saved"
    I've corrected two lines of code above and they're bolden. Try this. Hope it solves the problem.
    AND AND please don't share such an easily penetrable page link, as well as it's code on public forums anymore. Remove the page and change the filename, try it locally or take precaution for XSS or MySQL injection. Anyone around with a bad-intention can get into ur site now. Please remove the file update3.php from the current path immediately.
    $0.50/Mo for 500MB Web hosting Kolkata
    Web design in Kolkata
    Website development company in Kolkata

    Hostgator 25% Discount Coupon wow25percent

  4. #4
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thnaks mates. iam removing the page from live server.again thanks for the help. but ihave two more question..

    1. after presing the button amessage will appear that " data saved sucessfully"

    2.how can prevent sql injection?

  5. #5
    SitePoint Enthusiast
    Join Date
    May 2011
    Posts
    51
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use javascript to display as data saved successfully or you can do coding internally in your coding page.
    Have a look on the below link friend,
    learnphponline.com/security/sql-injection-prevention-mysql-php

  6. #6
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    29
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you friends. you all are really helpfull...


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •