Why is my information being deleted in this form when I do not hit submit?

Glenn · 10-28-2011, 01:26 AM

When I allow a user to edit their information, when nothing is changed and another link is hit, the information that was there gets deleted. Why?

Here's what it looks like.

<?php

$con = mysql_connect("myconnection","myusername","mypassw ord");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("studyquestion", $con);

$subject = $_GET['subject'];
$topic = $_GET['topic'];
$id = $_GET['id'];
$_SESSION['id'] = $id;

echo "<p><i>Questions in $subject/$topic</i></p>";

$result = mysql_query("SELECT * FROM questions WHERE user = '$user' AND subject = '$subject' AND topic = '$topic' AND id = '$id'");

if (!$result) {
echo "You have not added any questions in this topic yet.";
echo $row['question'], "<br>";
echo $row['answer'], "";
echo " - <a href=\"addquestion.php?subject=$subject&topic=$top ic\">Add question</a><br><br><br>";
}

else {
echo "<form method='post' action=\"editquestions.php?subject=$subject&topic= $topic\">";
while ($row = mysql_fetch_array($result)) {
$question = $row['question'];
$answer = $row['answer'];

echo "<textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"question\" value='question' class='hintTextbox'>$question</textarea><br />
<textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"answer\" value='answer' class='hintTextbox'>$answer</textarea><br />";

}
echo "<input type='submit' name='submit' value='Update' />
</form>";
}

echo "<table><tr><td>Return to <form name=\"form1\" method=\"post\" action=\"topics.php?subject=$subject\"></td><td>
<input type='submit' name='$subject' value='$subject' /></td></tr></table>";

?>

n1c0_ds · 11-08-2011, 04:54 PM

Before you continue, I strongly urge you to escape your SQL parameters. I could enter anything I want as ID and use it to modify your SQL query. This means I could inject malicious code in your website or retrieve sensitive information.

Read about SQL injection before you do anything else.

As for your question, you didn't give us exact details. What links are you talking about? When you leave the page, info disappears unless it's saved, that's how the web works!

computerGeek · 11-25-2011, 02:58 PM

Maybe, you've scripted something that will auto refresh the page?

10-28-2011, 01:26 AM	#1
Glenn Silver Member Join Date: Aug 2011 Location: Tennessee Posts: 112	Why is my information being deleted in this form when I do not hit submit? When I allow a user to edit their information, when nothing is changed and another link is hit, the information that was there gets deleted. Why? Here's what it looks like. <?php $con = mysql_connect("myconnection","myusername","mypassw ord"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("studyquestion", $con); $subject = $_GET['subject']; $topic = $_GET['topic']; $id = $_GET['id']; $_SESSION['id'] = $id; echo "<p><i>Questions in $subject/$topic</i></p>"; $result = mysql_query("SELECT * FROM questions WHERE user = '$user' AND subject = '$subject' AND topic = '$topic' AND id = '$id'"); if (!$result) { echo "You have not added any questions in this topic yet."; echo $row['question'], "<br>"; echo $row['answer'], ""; echo " - <a href=\"addquestion.php?subject=$subject&topic=$top ic\">Add question</a><br><br><br>"; } else { echo "<form method='post' action=\"editquestions.php?subject=$subject&topic= $topic\">"; while ($row = mysql_fetch_array($result)) { $question = $row['question']; $answer = $row['answer']; echo "<textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"question\" value='question' class='hintTextbox'>$question</textarea><br /> <textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"answer\" value='answer' class='hintTextbox'>$answer</textarea><br />"; } echo "<input type='submit' name='submit' value='Update' /> </form>"; } echo "<table><tr><td>Return to <form name=\"form1\" method=\"post\" action=\"topics.php?subject=$subject\"></td><td> <input type='submit' name='$subject' value='$subject' /></td></tr></table>"; ?>

11-08-2011, 04:54 PM	#2
n1c0_ds Bronze Member Join Date: Nov 2009 Location: Granby, Québec Posts: 55	Before you continue, I strongly urge you to escape your SQL parameters. I could enter anything I want as ID and use it to modify your SQL query. This means I could inject malicious code in your website or retrieve sensitive information. Read about SQL injection before you do anything else. As for your question, you didn't give us exact details. What links are you talking about? When you leave the page, info disappears unless it's saved, that's how the web works! __________________ Nicolas Bouliane Web designer/developer in Granby, Québec

11-25-2011, 02:58 PM	#3
computerGeek Silver Member Join Date: Mar 2011 Posts: 231	Maybe, you've scripted something that will auto refresh the page? __________________ Custom Web Design for Businesses

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode