StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Why not just redirect to <code>submessage.php</code> rather than inlining it? Redirecting also prevents duplicate db operations when user refreshed the page. Just replace <code>include</code> statement with:</p> <pre><code>header('Location: submessage.php?id=' . $pid); die(); </code></pre> <p>Also, before you deploy your application: <strong>DO NOT EVER PUT USER INPUT DIRECTLY IN SQL QUERY</strong>. You should used bound parameters instead. Otherwise, you could just as well publicly advertise your database admin password. Read more on PDO and prepared statements at <a href="http://ie.php.net/pdo" rel="nofollow noreferrer">http://ie.php.net/pdo</a></p> <p>Here's how I would do it:</p> <pre><code>$pdo = new PDO(....); // some configuration parameters needed $sql = " UPDATE listing SET catid=:catid, title=:title, summary=:summary, content=:content, author=:author, keyword=:keyword WHERE pid=:pid "; $stmt = $pdo->prepare($sql); $stmt->bindValue('catid', $_POST['catid']); $stmt->bindValue('title', $_POST['title']); $stmt->bindValue('summary', $_POST['summary']); $stmt->bindValue('content', $_POST['content']); $stmt->bindValue('author', $_POST['author']); $stmt->bindValue('keyword', $_POST['keyword']); $stmt->bindValue('pid', $pid = $_GET['id']); $stmt->execute(); header('Location: submessage.php?id=' . $pid); die(); </code></pre> <p>Or in fact, I would use some ORM solution to make it look more like that:</p> <pre><code>$listing = Listing::getById($pid = $_GET['id']); $listing->populate($_POST); $listing->save(); header('Location: submessage.php?id=' . $pid); die(); </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload