<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<?php
include('connection.php');
?>
<body>
<?php
if(isset($_POST['btnser']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
// $sql="select * from reg where id='$id'" ;
echo $sql="select * from reg where id='$id' ";
$exc=mysql_query($sql);
while($row=mysql_fetch_array($exc))
{
echo $_id=$row['id'];
echo $_fname=$row['name'];
echo $_sname=$row['sname'];
echo $_lname=$row['lname'];
echo $_pno=$row['phone'];
echo $_sub=explode(",",$row['sub']);
}
}
?>
<form id="form1" name="form1" method="post" action="">
<table width="279" border="1">
<tr>
<td colspan="2"><div align="center">Registration</div></td>
</tr>
<tr>
<td>Id</td>
<td><label>
<input type="text" name="txtid" id="txtid" value="<?php echo $_id; ?>" />
</label></td>
</tr>
<tr>
<td width="98">Name</td>
<td width="165"><label>
<input type="text" name="txtname" id="txtname" value="<?php echo $_fname; ?>" />
</label></td>
</tr>
<tr>
<td>Middle Name</td>
<td><label>
<input type="text" name="txtmname" id="txtmname" value="<?php echo $_sname; ?>" />
</label></td>
</tr>
<tr>
<td>Last Name</td>
<td><label>
<input type="text" name="txtlname" id="txtlname" value="<?php echo $_lname; ?>" />
</label></td>
</tr>
<tr>
<td>Phone No</td>
<td><label>
<input type="text" name="txtpno" id="txtpno" value="<?php echo $_pno; ?>" />
</label></td>
</tr>
<tr>
<td>Favirate Subject</td>
<td><label>
<input type="checkbox" name="chklang[]" id="c1" value="PHP" <?php if(in_array("PHP",$_sub)) { ?> checked="checked" <?php } ?> />PHP
</label>
<label>
<input type="checkbox" name="chklang[]" id="c1" value="ASP.NET" <?php if(in_array("ASP.NET",$_sub)){ ?> checked="checked" <?php } ?> />ASP.NET </label></td>
</tr>
<tr>
<td colspan="2"><label>
<input type="submit" name="btnins" id="btnins" value="insert" /></label>
<input type="submit" name="btnser" id="btnser" value="SEARCH" />
<input type="submit" name="btnupd" id="btnupd" value="Update" />
<input type="submit" name="btndel" id="btndel" value="Delete" />
</label></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['btnins']))
{
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
$sql="insert into reg(name,sname,lname,phone,sub) values('$fname','$sname','$lname','$pno','" . implode(',',$_POST['chklang']) ."')";
$exc=mysql_query($sql);
if($exc)
{
echo "<script>alert('Data submit')</script>";
}
}
?>
<?php
if(isset($_POST['btndel']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
$sql="delete from reg where id='$id' ";
$exc=mysql_query($sql);
if($exc)
{
}
}
?>
<?php
if(isset($_POST['btnupd']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
echo $sql="update reg set name='$fname',sname='$sname',lname='$lname',phone='$pno',sub='". implode(',',$_POST['chklang'])."' where id='$id' ";
$exc=mysql_query($sql) or die('not excute');
}
?>
</body>
</html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<?php
include('connection.php');
?>
<body>
<?php
if(isset($_POST['btnser']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
// $sql="select * from reg where id='$id'" ;
echo $sql="select * from reg where id='$id' ";
$exc=mysql_query($sql);
while($row=mysql_fetch_array($exc))
{
echo $_id=$row['id'];
echo $_fname=$row['name'];
echo $_sname=$row['sname'];
echo $_lname=$row['lname'];
echo $_pno=$row['phone'];
echo $_sub=explode(",",$row['sub']);
}
}
?>
<form id="form1" name="form1" method="post" action="">
<table width="279" border="1">
<tr>
<td colspan="2"><div align="center">Registration</div></td>
</tr>
<tr>
<td>Id</td>
<td><label>
<input type="text" name="txtid" id="txtid" value="<?php echo $_id; ?>" />
</label></td>
</tr>
<tr>
<td width="98">Name</td>
<td width="165"><label>
<input type="text" name="txtname" id="txtname" value="<?php echo $_fname; ?>" />
</label></td>
</tr>
<tr>
<td>Middle Name</td>
<td><label>
<input type="text" name="txtmname" id="txtmname" value="<?php echo $_sname; ?>" />
</label></td>
</tr>
<tr>
<td>Last Name</td>
<td><label>
<input type="text" name="txtlname" id="txtlname" value="<?php echo $_lname; ?>" />
</label></td>
</tr>
<tr>
<td>Phone No</td>
<td><label>
<input type="text" name="txtpno" id="txtpno" value="<?php echo $_pno; ?>" />
</label></td>
</tr>
<tr>
<td>Favirate Subject</td>
<td><label>
<input type="checkbox" name="chklang[]" id="c1" value="PHP" <?php if(in_array("PHP",$_sub)) { ?> checked="checked" <?php } ?> />PHP
</label>
<label>
<input type="checkbox" name="chklang[]" id="c1" value="ASP.NET" <?php if(in_array("ASP.NET",$_sub)){ ?> checked="checked" <?php } ?> />ASP.NET </label></td>
</tr>
<tr>
<td colspan="2"><label>
<input type="submit" name="btnins" id="btnins" value="insert" /></label>
<input type="submit" name="btnser" id="btnser" value="SEARCH" />
<input type="submit" name="btnupd" id="btnupd" value="Update" />
<input type="submit" name="btndel" id="btndel" value="Delete" />
</label></td>
</tr>
</table>
</form>
<?php
if(isset($_POST['btnins']))
{
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
$sql="insert into reg(name,sname,lname,phone,sub) values('$fname','$sname','$lname','$pno','" . implode(',',$_POST['chklang']) ."')";
$exc=mysql_query($sql);
if($exc)
{
echo "<script>alert('Data submit')</script>";
}
}
?>
<?php
if(isset($_POST['btndel']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
$sql="delete from reg where id='$id' ";
$exc=mysql_query($sql);
if($exc)
{
}
}
?>
<?php
if(isset($_POST['btnupd']))
{
$id=$_POST['txtid'];
$fname=$_POST['txtname'];
$sname=$_POST['txtmname'];
$lname=$_POST['txtlname'];
$pno=$_POST['txtpno'];
$sub=$_POST['chklang'];
echo $sql="update reg set name='$fname',sname='$sname',lname='$lname',phone='$pno',sub='". implode(',',$_POST['chklang'])."' where id='$id' ";
$exc=mysql_query($sql) or die('not excute');
}
?>
</body>
</html>
OMG :)
ReplyDeleteYour code has no SQL injection protection. try make post request with post value like:
txtid = ';DROP Table reg;'
Do this on test environment, because it will drop your table. Read some tutorials about web security.