0

I am having issues with a PHP page I'm working on.

I have a list.php which is recalling data from a MySQL database, a config.php as a connection page to my db. Below is my edit.php page and when I view it, it's completely blank. Where is my code gone wrong?

URL string http://localhost/example/edit.php?id=382 (which should be recalling the client id of 382 to edit)`

<html>
    <body>
    <?php
    include('config.php');
    if(isset($_GET['cx_id']))
    {
        $id=$_GET['cx_id'];
        if(isset($_POST['submit']))
        {
            $name=$_POST['Name'];
            $address=$_POST['Address'];
            $query3=mysqli_query("update restrictedkeys set Name='$name', Address='$address' where cx_id='$id'");
            if($query3)
            {
                header('location:list.php');
            }
        }
        $query1=mysqli_query("select * from restrictedkeys where cx_id='$id'");
        $query2=mysqli_fetch_array($query1);
        ?>
        <form method="post" action="">
            Name:<input type="text" name="name" value="<?php echo $query2['Name']; ?>" /><br />
            Address:<input type="text" name="address" value="<?php echo $query2['Address']; ?>" /><br /><br />
            <br />
            <input type="submit" name="submit" value="update" />
        </form>
        <?php
        }
    ?>
    </body>
</html>
EhsanT
  • 2,077
  • 3
  • 27
  • 31
Corey Cormack
  • 3
  • 3
  • http://stackoverflow.com/a/21429652/2506641 –  Nov 21 '16 at 23:07
  • Watch out for SQL injection vulnerabilities - someone could wipe all your column values for every row in `restrictedkeys` with that code. – halfer Nov 21 '16 at 23:23
  • Just a piece of advice, please use SQL parameter binding to avoid SQL injections. :) – Rav Nov 22 '16 at 00:14
  • Please review the source code of the rendered page and any errors in the browser's developer console. Posting relevant errors or specific mistakes will help us provide good feedback; this is currently too broad to be a good question. For us to help out with your question, we'll need more context: check out the guidelines on [How to Ask a Good Question](http://stackoverflow.com/help/how-to-ask) – emunsing Nov 22 '16 at 00:19

1 Answers1

0

Simple enough. Your form will only be printed if this condition match:

if(isset($_GET['cx_id']))
{

Since the url is http://localhost/example/edit.php?id=382, it would really not work.

Change it to http://localhost/example/edit.php?ctx_id=382 and you might get some different result.

Phiter
  • 14,570
  • 14
  • 50
  • 84
  • Thank you. I'm very new to php and seem to miss some if the simplest stuff. – Corey Cormack Nov 21 '16 at 23:19
  • That's ok, @CoreyCormack. Just remember that your code os a little unsafe. Before adding the `$id` into the query string, use `mysqli_real_escape_string` just to make sure your website don't get attacked by sql injection. – Phiter Nov 21 '16 at 23:21
  • 1
    @PhiterFernandes: it is better to recommend parameter binding - in some edge cases, escaping still permits injection. – halfer Nov 21 '16 at 23:24
  • Yeah parameter binding is another good way of preventing sql injection. – Phiter Nov 21 '16 at 23:24