0

i create a curd apllication with the help of php and mysql there is work all operation insert, read and delete but in update option it not work. when i click on update button it is jump directly on display.php page.

this is my display.php code

<?php
include 'conc.php';

    // $username = $_POST["username"];
    // $password = $_POST["password"];

  $q = "select * from cued_data";

  $query = mysqli_query($con , $q);

?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>display data</title>
    <link rel="stylesheet" href="curd.css">
</head>
<body>
    <div class="container">
        <h1>display Table Data</h1>

        <table class="table">
            <tr>
                <th>Id</th>
                <th>Username</th>
                <th>Password</th>
                <th>Delete</th>
                <th>Update</th>
            </tr>

 <?php
          include 'conc.php';

            $q = "select * from cued_data";
            $query = mysqli_query($con , $q);
           
            while($res = mysqli_fetch_array($query)){

 ?>
            <tr>
                <td> <?php echo $res['id']; ?> </td>
                <td> <?php echo $res['name']; ?> </td>
                <td> <?php echo $res['password']; ?> </td>

                <td><button class="dlt"> <a href="delete.php?id= <?php echo $res['id']; ?>" > Delete: </a> </button> </td>

                <td><button class="dlt"> <a href="update.html?id= <?php echo $res['id']; ?>" > Update: </a> </button> </td> 
                
               
            </tr>

            <?php
            }
            ?>
        </table>
    </div>
</body>
</html>

this is my update.php file

<?php
include "conc.php";
include "display.php";

$id = $_GET["id"];                 # i think error in this section

$username = $_POST["name"];
$password = $_POST["password"];
// $q = "delete from  `cued_data` where id = $id" ;
$msql= " update  cued_data set id ='$id', name = '$username', password = '$password' where id = '$id' ";

$query = mysqli_query($con, $msql);

header("location:display.php");
?>

this is my delete.php file

<?php
include  "conc.php";

$id = $_GET["id"];

$q = "delete from  `cued_data` where id = $id" ;

$query =  mysqli_query($con, $q);

header("location:display.php");
?>
Shadow
  • 33,525
  • 10
  • 51
  • 64
Gaurav Singh karki
  • 1
  • You're including your `display.php` in your `update.php`, so it's going to immediately show the form before it runs an update, then won't be able to redirect back. Remove `include "display.php";` from your update – aynber Nov 28 '22 at 17:00
  • You are open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized prepared statements instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) and [MySQLi](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even by trusted users, [you are still at risk of corrupting your data](https://bobby-tables.com/). [Escaping is not enough](https://stackoverflow.com/q/5741187). – Jason K Nov 28 '22 at 17:00
  • Never store passwords in clear text or using MD5/SHA1! Only store password hashes created using PHP's [password_hash()](https://php.net/manual/en/function.password-hash.php), which you can then verify [password_verify()](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439). – Jason K Nov 28 '22 at 17:02

0 Answers0