I think it doesn’t work because the variables in the string are array subscripts. The PHP engine fails to interpret variables such as ‘$_GET[row]’ and ‘$_POST[prodname]’. Try moving those variables to string variables as follows:
$prodname = $_POST[‘prodname’];
$row = $_GET[‘row’];
Using $_GET, $_POST, etc instead of $_REQUEST makes the code slighly more self-documenting as you can see straight away, where your getting the value from, be it a session ($_SESSION), a cookie ($_COOKIE), a query string ($_GET) or a form ($_POST) but when you use $_REQUEST it’s not immediately obvious where your getting the value from.
$_SESSION is not a part of $_REQUEST
But what you’re saying is very true. The security vulnerability is that $_COOKIE is also in there. See http://devlog.info/2010/02/04/why-php-request-array-is-dangerous/
Check the form tag. Are you using action=“get” or post.
You are using both of them. It is not correct.
I think your code is not iterating below statement
<?php //Controls Edit section submit button!
if(isset($_POST[‘subit’])){
regards,
USman Munir
<snip/>