ok here is my problem! i have a php file that it is for editing a record of table called employees! when i try to save a record that i have edited i push on click and i redirect to a php file called viewemployee.php but in the end of the url i dont get back the id and so i dont get the records details!i check in phpmyadmin and there is no change there too!the url shows http://localhost/viewemployee.php?id= no id at all! here is the code for editemployee <?php session_start(); include ('inc/validation.php'); include ('inc/header.php'); if ($_POST['verifySubmit'] == "yes"){ include ('inc/db_open.php'); $id = $_POST['empid']; $emplastname = $_POST['emplastname']; $empfirstname = $_POST['empfirstname']; $empdepid = $_POST['empdepid']; $empsalary = $_POST['empsalary']; $empphonenumber = $_POST['empphonenumber']; $year = $_POST['year']; $month = $_POST['month']; $day = $_POST['day']; $emphiredate = $_POST['year'] . '-' . $_POST['month'] . '-' . $_POST['day']; // Insert the user to the Database. $request = "UPDATE employees SET emplastname='$emplastname', empfirstname='$empfirstname', empsalary='$empsalary',emphiredate='$emphiredate',empdepid='$empdepid' WHERE empid='$id' "; $result = mysql_query($request) or die ('Query failed'.mysql_error()); if($result == 1){ ?> <script type="text/javascript"> window.location="viewemployee.php?id=<?php echo $id; ?> "; </script> <?php } } else { echo "<font color=red>$error_msg</font>"; } include ('inc/db_open.php'); $id = $_GET['id']; $sql = "SELECT * FROM employees WHERE employees.empid='$id' "; $result = mysql_query($sql)or die('Query failed'.mysql_error()); $row=mysql_fetch_array($result); ?> <script type="text/javascript" language="javascript"> function validate(){ var error_msg = 0; if(error_msg == 0){ document.editemployee.submit(); } } </script> <table border="3" width="1047" align="center" bgcolor="#FFFFFF"> <tr> <td width="1%" align="center" valign="top" > <?php if(isset($_SESSION['login'])){ include "sidemenu.php"; } else{ include "login.php"; } ?> </td> <td align="center" valign="top"> <center> <FIELDSET> <LEGEND>Welcome To Our Site</LEGEND> <table width="100%" border="0" align="center" > <tr class="tableHeader"> <td align="center"><strong>General Info</strong></td> </tr> <tr class="temp_content"> <td align="center"> <!-- The following image will have to be replaced so that the content desired can be placed in the following row of the table. Please mention at this page the instructions for the user in order to be able to navigate the page. Mention the fact that the user has to register in order to view all the features provided by the page. --> Here you can Delete/Edit Members! </td> </tr> </table> </FIELDSET><center></br> <FIELDSET> <LEGEND>Edit Member: <strong><?php echo $row['emplastname']; ?></strong></LEGEND> <form name="editemployee" id="editemployee" method="post" action="<? echo $_SERVER['PHP_SELF'];?>"> <table width="70%" align="center" cellspacing="2" cellpadding="4"> <tr> <td width="18%" class="eventLeftSide">Lastname:</td> <td width="38%" class="eventRightSide"><input type="text" id="emplastname" name="emplastname" value="<?php echo $row['emplastname']; ?>" /></td> <td width="13%" id='h1' style="visibility:hidden"><font color="#FF0000">Required</font></td> </tr> <tr> <td class="eventLeftSide">Firstname:</td> <td class="eventRightSide"><input type="text" id="empfirstname" name="empfirstname" value="<?php echo $row['empfirstname']; ?>" /></td> <td id='h2' style="visibility:hidden"><font color="#FF0000">Required</font></td> </tr> <?php $day = substr($row['emphiredate'], -2); $month = substr($row['emphiredate'], 5, 2); $year = substr($row['emphiredate'], 0, 4); ?> <tr> <td class="eventLeftSide"> Date of Hire: </td> <td class="eventRightSide"> <select name='day' id="day"> <option selected='selected' value=''>-Day-</option> <?php for($counter = 1; $counter <= 31; $counter++){ if($counter >=1 && $counter <=9){ ?> <option value="<?php echo '0' . $counter ?>" <?php if( $day == $counter ){ echo 'selected="selected"'; } ?> > <?php echo '0' . $counter ?></option> <?php } else{ ?> <option value="<?php echo $counter ?>" <?php if( $day == $counter ){ echo 'selected="selected"'; } ?> > <?php echo $counter ?></option> <?php } } ?> </select> <select name='month' id="month"> <option selected="selected" value="">--Month--</option> <option value=01 <?php if( $month == "01" ){ echo 'selected="selected"'; }?> >January</option> <option value=02 <?php if( $month == "02" ){ echo 'selected="selected"'; }?> >February</option> <option value=03 <?php if( $month == "03" ){ echo 'selected="selected"'; }?> >March</option> <option value=04 <?php if( $month == "04" ){ echo 'selected="selected"'; }?> >April</option> <option value=05 <?php if( $month == "05" ){ echo 'selected="selected"'; }?> >May</option> <option value=06 <?php if( $month == "06" ){ echo 'selected="selected"'; }?> >June</option> <option value=07 <?php if( $month == "07" ){ echo 'selected="selected"'; }?> >July</option> <option value=08 <?php if( $month == "08" ){ echo 'selected="selected"'; }?> >August</option> <option value=09 <?php if( $month == "09" ){ echo 'selected="selected"'; }?> >September</option> <option value=10 <?php if( $month == "10" ){ echo 'selected="selected"'; }?> >October</option> <option value=11 <?php if( $month == "11" ){ echo 'selected="selected"'; }?> >November</option> <option value=12 <?php if( $month == "12" ){ echo 'selected="selected"'; }?> >December</option> </select> <select name='year' id="year"> <option selected='selected' value=''>--Year--</option> <?php for($counter = 1920; $counter <= 2007; $counter++){ ?> <option value="<?php echo $counter ?>" <?php if( $year == $counter ) echo 'selected="selected"'; ?> > <?php echo $counter ?></option> <?php } ?> </select> </td> <td align="center" colspan="3" id='h3' style="visibility:hidden"><font color="#FF0000">Incorrect Date</font></td> </tr> <tr> <td class="eventLeftSide">Salary:</td> <td class="eventRightSide"><input type="text" id="empsalary" name="empsalary" value="<?php echo $row['empsalary']; ?>" /></td> <td id='h4' style="visibility:hidden"><font color="#FF0000">Required</font></td> </tr> <tr> <td class="eventLeftSide">Phonenumber:</td> <td class="eventRightSide"><input type="text" id="empphonenumber" name="empphonenumber" value="<?php echo $row['empphonenumber']; ?>" /></td> <td id='h5' style="visibility:hidden"><font color="#FF0000">Required</font></td> </tr> <tr> <td class="eventLeftSide">Department:</td> <td colspan="1" class="eventRightSide"> <input type="radio" id="radio1" name="empdepid" value = "1" <?php if($row['empdepid']==1){?>checked='checked'<?php }?>/>Reception <input type="radio" id="radio2" name="empdepid" value = "2" <?php if($row['empdepid']==2){?>checked='checked'<?php }?>/>Cusine <br /> <input type="radio" id="radio3" name="empdepid" value = "3" <?php if($row['empdepid']==3){?>checked='checked'<?php }?>/>Cleaning <input type="radio" id="radio4" name="empdepid" value = "4" <?php if($row['empdepid']==4){?>checked='checked'<?php }?>/>Logistics <br /> <input type="radio" id="radio5" name="empdepid" value = "5" <?php if($row['empdepid']==5){?>checked='checked'<?php }?>/>Security <input type="radio" id="radio6" name="empdepid" value = "6" <?php if($row['empdepid']==6){?>checked='checked'<?php }?>/>Room Service <br /> <input type="radio" id="radio7" name="empdepid" value = "7" <?php if($row['empdepid']==7){?>checked='checked'<?php }?>/>Other Undefined </td> <td width="12%" id='h6' style="visibility:hidden"><font color="#FF0000">Required</font></td> </tr> <tr> <td colspan="2" class="eventHeadingText"> <input type="hidden" name="id" value="<?php echo $row['empid']; ?>"> <input type="hidden" name="verifySubmit" value="yes"> <input type="button" name="submitButton" value='Save' onClick="validate()"/> <input type="button" value="Back" class="submit" onClick="window.location='viewemployee.php?id=<?php echo $id; ?>'"> </td> </tr> </table> </form> </FIELDSET> </body> </html> PHP: and here is the code of the viewemployee.php <?php session_start(); include ('inc/validation.php'); include ('inc/header.php'); $id = $_GET['id']; include ('inc/db_open.php'); $sql = "SELECT * FROM employees WHERE empid='$id' "; $result = @mysql_query($sql) or die('Query failed'.mysql_error()); $row=mysql_fetch_array($result); ?> <table border="3" width="1047" align="center" bgcolor="#FFFFFF"> <tr> <td width="1%" align="center" valign="top" > <?php if(isset($_SESSION['login'])){ include "sidemenu.php"; } else{ include "login.php"; } ?> </td> <td align="center" valign="top"> <center> <FIELDSET> <LEGEND>Welcome To Our Site</LEGEND> <table width="100%" border="0" align="center" > <tr class="tableHeader"> <td align="center"><strong>General Info</strong></td> </tr> <tr class="temp_content"> <td align="center"> <!-- The following image will have to be replaced so that the content desired can be placed in the following row of the table. Please mention at this page the instructions for the user in order to be able to navigate the page. Mention the fact that the user has to register in order to view all the features provided by the page. --> Here you can Delete/Edit Employees! </td> </tr> </table> </FIELDSET> <center></br><FIELDSET> <form action="" method="" name="viewemployee"> <LEGEND>View Employee: <strong></strong></LEGEND> <table width="70%" align="center" cellspacing="2" cellpadding="4"> <tr><td height="20"></td></tr> <tr> <td class="eventLeftSide">Employee ID:</td> <td class="eventRightSide"><?php echo $row['empid']; ?></td> </tr> <tr> <td class="eventLeftSide">Lastname:</td> <td class="eventRightSide"><?php echo $row['emplastname']; ?></td> </tr> <tr> <td class="eventLeftSide">Firstname:</td> <td class="eventRightSide"><?php echo $row['empfirstname']; ?></td> </tr> <tr> <td class="eventLeftSide">Salary:</td> <td class="eventRightSide"><?php echo $row['empsalary']; ?></td> </tr> <tr> <td class="eventLeftSide">Phonenumber:</td> <td class="eventRightSide"><?php echo $row['empphonenumber']; ?></td> </tr> <tr> <td class="eventLeftSide">Hiredate:</td> <td class="eventRightSide"><?php echo $row['emphiredate']; ?></td> </tr> <tr> <td class="eventLeftSide">Department:</td> <td class="eventRightSide"> <?php if($row['empdepid']==1){?> Reception <?php }elseif($row['empdepid']==2){?> Cusine <?php }elseif($row['empdepid']==3){?> Cleaning <?php }elseif($row['empdepid']==4){?> Logistics <?php }elseif($row['empdepid']==5){?> Security <?php }elseif($row['empdepid']==6){?> Room Service <?php }elseif($row['empdepid']==7){?> Other undefined <?php }?> </tr> <tr><td colspan="2" class="eventHeadingText"> <input type="button" value="Delete Employee" name="deleteemployee" onClick="window.location='deleteemployee.php?id=<?php echo $row['empid']; ?>'"> <input type="button" value="Edit Employee" name="editemployees" onClick="window.location='editemployees.php?id=<?php echo $row['empid']; ?>'"> <input type="button" value="Back" class="submit" onClick="window.location='Viewemployees1.php'"> </td></tr> </table> </form> </FIELDSET> </center> </center> </td> </tr> </table> </td> </tr> </table> </body> </html> PHP: w8ing for reply
Don't have PHP write your redirect in Javascript. Use PHP relocation. Send a location header. Just make sure that you do this before sending any other headers to the browser. You may have to move around your code to make this work. Even more important, never, never, never pass variables from the URL (_GET) or posted values (_POST) to your database without vetting them to make sure they don't include malicious code, otherwise known as SQL injection attacks (Google this phrase to learn more). As written, your code is wide open to having any hacker over the age of 10 take over your database. <rant>It's this kind of thing that gives PHP a bad name as being insecure. PHP is not insecure when it's used properly. But it's very easy to use it improperly. Please, folks, learn how to do it right.</rant>
well i really didnt get it :/ this is just a homework i have to do for my university and i need an answer to help me more! my javascript redirects me as it has to.i see no problem there! if u do so inform me plz...