-2

I am trying to create an edit button in table rows, and on click of it the data in the form gets populated.

This is the edit button:

$tableHTML .= "<td><a class='btn btn-primary btn-lg'  onclick=history.back() href='index.php?id=" . $row['ip_address'] . "&edit=y&app_server=" . $row['app_server'] . "'>Edit</a></td>";

Main page where changes are being implied:

<?php

    include "conn.php";
    $cucId = '';
    $ipaddress = '';
    $os_val = '';
    $cpu_val = '';
    $ram_val = '';
    $storage_val = '';

    //$ip = $_REQUEST['id'];
    $ip = isset($_POST['id']) ? $_POST['id'] : '';

    if (isset($_GET['edit']) && $_GET['edit'] == 'y') {
        // Code to execute if 'edit' is present and has the value 'y'
    } else {
        // Code to execute if 'edit' is not present or doesn't have the value 'y'
    }

    if (isset($_GET['edit']) && $_GET['edit'] == 'y' && $ip != '') {
        $sql = "SELECT * FROM info_table WHERE ip_address='$ip'";
        $result = $link->query($sql);

        while ($row = $result->fetch_assoc()) {
            $cucId = $row['cuc_id'];
            $ipaddress = $row['ip_address'];
            $os_val = $row['os_val'];
            $cpu_val = $row['cpu_val'];
            $ram_val = $row['ram_val'];
            $storage_val = $row['storage_val'];
        }
        echo $cucId;
        echo $ipaddress;
    }
    echo $os_val;
    ?>


    <div id="cuc-choose">
        <center>
            <label for="cuc-name">Choose cuc server:</label>
            <select name="cuc-name" id="cuc">
                <option selected>SELECT </option>
                <?php include "conn.php";
                $sql = "SELECT id, cuc_name FROM cuc_namem";
                $result = $link->query($sql);
                while ($row = $result->fetch_assoc()) {

                    if ($_GET['edit'] == 'y') {
                        $selected = ($row['id'] == $cucId) ? 'selected' : '';
                        echo "<option value='" . $row['id'] . "' $selected>" . $row['cuc_name'] . "</option>";
                    }
                    if ($_GET['edit'] != 'y') {
                        echo "<option value='" . $row['id'] . "'>" . $row['cuc_name'] . "</option>";
                    }
                }
                ?>

The form is similar to this cuc choose. when I click edit, the form data should populate (it contains text fields and dropdowns).

ADyson
  • 57,178
  • 14
  • 51
  • 63
kritika manchanda
  • 1
  • 1
    ...and what happens instead of your expectation? Is there an error? Or some other unexpected result? You didn't really explain the specific problem. Always try to give details. Have you done any debugging? From a glance at the code, I'd expect `$ip` won't be populated as a result of clicking on the Edit link, because you're trying to populate it from $_POST instead of $_GET. Values sent in URL parameters are always placed into $_GET by PHP – ADyson Aug 20 '23 at 18:41
  • 2
    Also your code is widely vulnerable to sql injection attacks and sql syntax errors because you're adding variables directly into the sql text. Never do that - it's insecure and unreliable. Always use prepared statements and parameters instead. See https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement for details of what you need to do. This is an urgent change you need to make throughout your application code. I'm not sure where you learned to build your queries in the way you're doing currently but unfortunately it seems you were very badly taught. – ADyson Aug 20 '23 at 18:44
  • 1
    I tried using _GET, and the code worked properly. I'll check up on the SQL injection. thanks – kritika manchanda Aug 20 '23 at 18:52
  • Not sure how this is supposed to work in the first place, if you got `onclick=history.back()` on that link, or what exactly this is supposed to achieve in this scenario. – CBroe Aug 22 '23 at 08:20

0 Answers0