V
V
Vasily Nezhalkin2014-11-10 23:16:56
PHP
Vasily Nezhalkin, 2014-11-10 23:16:56

How to update the database and display in the field?

Given: DB called bd, table called table with id and title cells.
How to make it so that in the form field, instead of value, the contents of the title cell are displayed. But only for id=1.
And when you click on the save button, the data was written to the database and when updated, the field had a new value that was previously recorded.

<?тут коннект?>
<form>
<input type="text" value="<? rowsql[title->id=1] ?>">
<input type="" value="Save">
</form>

This design doesn't work...

Answer the question

In order to leave comments, you need to log in

1 answer(s)
#
# artur #, 2014-11-11
@passshift

Describe in more detail what kind of form it is and what it should save? What data is in rowsql, array or object?
Decide what you want to save, ID or TITLE? Or both meanings?
Here is an example of a primitive form that outputs the TITLE of a specific unique ID:

<form action="/save.php" method="POST">
    <input type="hidden" name="id" value="<? $object['id'] ?>" />
    <input type="text" name="title" value="<? $object['title'] ?>" />
    <input type="submit" value="Save">
</form>

What can be judged from this example:
$object is a string from the database, an array with data of a specific ID, it has its own TITLE.
The ID field is hidden. It should be understood that any cunning student can get into the code through the browser and change this value, thereby assigning its TITLE value to any entry with the specified ID, so at the verification stage it is necessary to check who owns the object with the specified ID, but it is more correct to do this when accessing object ( see sequence )
It should also be understood that malicious code can be embedded in the fields, therefore:
When you click on the "Save" button, the data goes to the save.php script where they are checked, filtered from XSS, are then written to the database in the following way: the TITLE is changed for the specified ID.
Suppose the user went to the address: yoursite.ru/link/740 It is going to get information about the link
object with ID = 740. It is necessary to check if this ID belongs to him, if yes, then display the form, if not, then redirect somewhere. Naturally, little is written here about possible checks ... I hope I helped at least somehow. I don’t know how to explain ( I’ll add about the owner : For example, there is a USERS table structure: LINKS table structure: And a USER_LINKS table structure:
(this is where the user belongs to a specific link id
user_id (int, key) | link_id (int, key)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question