Why is my information being deleted in this form when I do not hit submit?

Discussion in 'Programming' started by Glenn, Oct 28, 2011.

to remove all ads.
  1. Glenn

    Glenn Member

    Messages:
    202
    When I allow a user to edit their information, when nothing is changed and another link is hit, the information that was there gets deleted. Why?

    Here's what it looks like.



    <?php


    $con = mysql_connect("myconnection","myusername","mypassword");
    if (!$con)
    {
    die('Could not connect: ' . mysql_error());
    }

    mysql_select_db("studyquestion", $con);

    $subject = $_GET['subject'];
    $topic = $_GET['topic'];
    $id = $_GET['id'];
    $_SESSION['id'] = $id;

    echo "<p><i>Questions in $subject/$topic</i></p>";

    $result = mysql_query("SELECT * FROM questions WHERE user = '$user' AND subject = '$subject' AND topic = '$topic' AND id = '$id'");

    if (!$result) {
    echo "You have not added any questions in this topic yet.";
    echo $row['question'], "<br>";
    echo $row['answer'], "";
    echo " - <a href=\"addquestion.php?subject=$subject&topic=$topic\">Add question</a><br><br><br>";
    }


    else {
    echo "<form method='post' action=\"editquestions.php?subject=$subject&topic=$topic\">";
    while ($row = mysql_fetch_array($result)) {
    $question = $row['question'];
    $answer = $row['answer'];

    echo "<textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"question\" value='question' class='hintTextbox'>$question</textarea><br />
    <textarea rows=\"4\" cols=\"50\" wrap=\"physical\" name=\"answer\" value='answer' class='hintTextbox'>$answer</textarea><br />";



    }
    echo "<input type='submit' name='submit' value='Update' />
    </form>";
    }

    echo "<table><tr><td>Return to <form name=\"form1\" method=\"post\" action=\"topics.php?subject=$subject\"></td><td>
    <input type='submit' name='$subject' value='$subject' /></td></tr></table>";


    ?>
     
  2. n1c0_ds

    n1c0_ds New Member

    Messages:
    54
    Before you continue, I strongly urge you to escape your SQL parameters. I could enter anything I want as ID and use it to modify your SQL query. This means I could inject malicious code in your website or retrieve sensitive information.

    Read about SQL injection before you do anything else.


    As for your question, you didn't give us exact details. What links are you talking about? When you leave the page, info disappears unless it's saved, that's how the web works!
     
  3. computerGeek

    computerGeek Banned

    Messages:
    212
    Maybe, you've scripted something that will auto refresh the page?
     

Share This Page