Hi guys, I'm pretty new at writing PHP scripts, so I hope this isn't a completely idiotic problem...
Basically, I'm working on the administrative end of a webstore catalog. I have it set up so that every existing catalog item is listed with links to either edit or delete that particular entry. I've got the delete function working properly, but I can't seem to figure out what I'm doing wrong with the edit page.
I've got it so that the product's ID number is passed on to the edit page via the URL, and then the ID is used to populate the existing values for each text input area.
@mysql_select_db($database) or die( "Unable to select database");
$query = "UPDATE item SET productName='$productName', imgURL='$imgURL', productDescription='$productDescription', productCost='$productCost', productCategory='$productCategory' WHERE id='$id'";
echo "Your information has been successfully added to the database.<BR>
<a href=/update>GO BACK</a>";}
echo "Failed. <br/> <a href=/update>GO BACK</a>";}
As of now, the edit form opens just fine, the existing values show up just as they should, and when I press the submit button, I receive the Success message, but the values do not get updated in the database. Any suggestions?
In your form: <input type="hidden" id="id" value="<?echo $rows['id']; ?>">
In your processor: $id=$_GET['id'];
You are no longer passing $id via url query string, it is now in $_POST data with the rest of your form elements. change from get to post and give that a shot. Also this update page is very susseptible (sp?) to query injection.