Home/ Questions/Q 6154857
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T20:19:55+00:00

Possible Duplicate: Editing MySQL recode using a HTML form Like to know how to

  • 0

Possible Duplicate:
Editing MySQL recode using a HTML form

Like to know how to validate the inputs of this submit form. by validate i meant keep it safe from SQL injections. Any help will be really appreciated. thank you.

<?php

session_start();
if(!session_is_registered(ausername)){
header("location:main_login.php");
}
include ("header.php");
include ("../db.php");

$catname = $_POST['catname'];
$catdisc = $_POST['catdisc'];

$id = $_GET['id'];
        if (isset($id))
        {
$query = "SELECT * FROM categories WHERE catid='$id'";
$result= mysql_query($query) or die ('Mysql Error');

}
//Get category name and discription
while($row = mysql_fetch_array($result)){
$cname = $row['catname'];
$cdisc = $row['catdisc'];
}
?>

<?php

$result= mysql_query ("UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid='$id'")
or die ('Error Updating'); 

?>

<h1>Edit Categories</h1>

<form method="post" action="../admin/edit_cat.php?id=<?php echo $id;?>">
Category Name: <input type="text" name="catname" value="<?php echo $cname;?>"><br/>
Category Discription: <TEXTAREA NAME="catdisc"ROWS="3" COLS="25"><?php echo $cdisc;?></TEXTAREA><br/><br/>
<input type="submit" value="Update Category"/>
</form>

<?php
include ("footer.php");
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    strings (have to be in single/double quotes in query!) -> mysql_real_escape_string();

    integers (could be without quotes) -> intval();

    $catname = mysql_real_escape_string($_POST['catname']);
$catdisc = mysql_real_escape_string($_POST['catdisc']);
$id = intval($_GET['id']);

$result= mysql_query ("UPDATE categories SET catname='$catname', catdisc='$catdisc' WHERE catid=$id")
    • 0