1

This is the code that im using to display the data.(registos.php)

<?php
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error());
}

mysqli_select_db($con,'databaseteste');

$result =mysqli_query($con,("SELECT * FROM `formando2`"));
if (!$result) {
printf("Error: %s\n", mysqli_error($con));
exit();
}

echo "<table class=mainmenu border='1' width=100% >
<p><caption><h1>Registos</h1></caption></p>
<tr>
<th>Primeiro Nome</th>
<th>Ultimo Nome</th>
<th>Numero C.C</th>
<th>Numero contribuinte</th>
<th>Email</th>
<th>Morada</th>
<th>Código postal</th>
</tr>";

while($row = mysqli_fetch_array($result))
{
echo "<tr><form action=update.php method=post>";
echo "<td><input type=text name=pname value='".$row['PrimeiroNome']."'></td>";
echo "<td><input type=text name=sname value='".$row['UltimoNome']."'></td>";
echo "<td><input type=text name=bi value='".$row['NumeroBI']."'></td>";
echo "<td><input type=text name=contri value='".$row['NumeroContribuinte']."'></td>";
echo "<td><input type=text name=email value='".$row['Email']."'></td>";
echo "<td><input type=text name=morada value='".$row['Morada']."'></td>";
echo "<td><input type=text name=cpostal value='".$row['CodigoPostal']."'></td>";
echo "<td><input type=hidden name=id value='".$row['idformando2']."'></td>";
echo "<td><input type=submit></td>";
echo "</tr>";
}
echo "</table>";
?>

This is the code that's giving me the problem i guess, in the update code.(update.php)

<?php
$con = mysqli_connect('localhost','root','');
if (!$con){die('Could not connect: ' . mysqli_error());}

mysqli_select_db($con,'databaseteste');

$update ="update `formando2` 
                set PrimeiroNome='$_POST[pname]',
                    UltimoNome='$_POST[sname]',
                    NumeroBI='$_POST[bi]',
                    NumeroContribuinte='$_POST[contri]',
                    Email='$_POST[email]',
                    Morada='$_POST[morada]',
                    CodigoPostal='$_POST[cpostal]' 
            where idformando2='$_POST[id]'";

if(mysqli_query($con,$update)){
    header("refresh:1; url=registos.php");}
else{
    printf("Error: %s\n", mysqli_error($con));
}   
?>

When i submit it redirect's me to the update.php page then to the registos.php again, but the data still is the same.
Registo Screen

Post update

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Eduardo Fernandes
  • 23
  • 4
  • 4
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Apr 03 '17 at 11:58
  • 1
    You dont make any effort to check all these `$_POST` values actually exist – RiggsFolly Apr 03 '17 at 12:02
  • @AbdullaNilam Yes it does, see the hidden field at the end of the form – RiggsFolly Apr 03 '17 at 12:03
  • @RiggsFolly what do you mean ? – Eduardo Fernandes Apr 03 '17 at 12:06
  • Your code just assumes all the $_POST values will be filled in `isset()` – RiggsFolly Apr 03 '17 at 12:07
  • @EduardoFernandes , I think you did not close `` tag. use `echo "";` just before end of while loop in registos.php, – Bhaskar Jain Apr 03 '17 at 12:56
  • You aren't closing your `
    ` tag in the `while` loop as far as I can see. Since this loop can obviously render multiple forms to the page, you might have an issue with nested forms, or just invalid HTML, causing confusion when you post back. And as others have mentioned, your code is vulnerable to SQL Injection attacks where someone could easily steal, delete, vandalise or otherwise mess with your data, and you are doing absolutely nothing to validate it or protect it.
     – ADyson Apr 03 '17 at 12:56
  • Well thanks @ADyson,@Bhaskar for the help, i guess i dint observed the code whit my fullest atention cause i didnt expect the solution to be so simple. – Eduardo Fernandes Apr 03 '17 at 13:09
  • Also want to thanks @JohnConde,@RiggsFolly for the Sql Injection warning and the validation on my post´s. – Eduardo Fernandes Apr 03 '17 at 13:12

2 Answers2

1

You aren't closing your form tag.

You need

echo "</form></tr>";

instead of 

echo "</tr>";

in registos.php

Since this loop can obviously render multiple forms to the page, you might have an issue with nested forms, or just invalid HTML, causing confusion when you post back.

ADyson
  • 57,178
  • 14
  • 51
  • 63
-1

I think you have not put name of the input box in single quotes or double quotes of all fields

it should be

echo "";

Gollapalli
  • 20
  • 3