0

please if you could help me with this, i have a problem with the php_self coding, this is my code: This is the php code

<?php
if (isset($_POST['submit']))
{
$id=$_REQUEST['id'];
$notes_en=$_REQUEST['notes_en'];

$notes_ru=$_REQUEST['notes_ru'];


$sql="UPDATE hostess SET notes_en='$notes_en',notes_ru='$notes_ru' WHERE id='$id'";
$result=mysql_query($sql);
if($result){
echo "<div id='edittxt'>successfully updated";
echo "<BR>";
echo '<td ><a href="index.php">View Results</a></div>';
}

else {
die('error'.mysql_error());
}}


?>

This here is the form code from which i ake the information 
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label>Notes</label></br><div id="note"><h1><textarea value="<?php echo $star['notes_en'];?>"><?php echo $star['notes_en'];?></textarea></h1></div></br>

<input name="id" type="hidden" id="id" value="<?php echo $star['id'];?>">

<input type="submit" value="submit" name="submit"></form>"

If possible please check it because i've been trying to modify it and i get no results, it doesn't give me errors but neither does it update the database

TMA
  • 33
  • 4
  • 4
    Before you go any further with this code, read up about [SQL injection attacks](http://bobby-tables.com) - your code is wide open and just begging to get your server pwn3d. Then add some error handling to your query call: `... mysql_query($sql) or die(msyql_error())`. Never assume a query has succeeded. – Marc B Jul 09 '12 at 15:14
  • Hey marc, Thanks for the suggestions, but i need to resolve it... – TMA Jul 09 '12 at 15:15
  • 1
    No point in resolving the 'real' problem if the even more real problem will just get your server destroyed when you put the code onto a public-facing site. Win the battle, lose the war... – Marc B Jul 09 '12 at 15:17
  • Yeah, i understand you but i need to win the battle for today and tomorrow worry about the war! – TMA Jul 09 '12 at 15:18
  • 2
    Then add the error checking I suggested and see why the query's not working. – Marc B Jul 09 '12 at 15:19

1 Answers1

0

You don't have a name attribute on your field. Also, doesn't takes a value attribute.

Try this:

<textarea name="notes_en"><?php echo $star['notes_en'];?></textarea>

Furthermore, I definitely recommend following Marc B's advice and protecting yourself against SQL injection attacks. Have a look at this thread:

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Edd Slipszenko
  • 396
  • 3
  • 17
  • Edd thanks, i tried it on and the problem is it shows the result after i hit submit two times.. – TMA Jul 09 '12 at 15:29