CODEWITHSUNDEEP
phpforms
cosmichero2025
cosmichero2025

Reputation: 1029

Form doesn't update a Post

I'm making a comment system and I would like the ability for a user to edit them. I have already made a posting system that works and a deletion system that works. When I try to update the post though it redirects me to the ?edit_success url. It just doesn't update the post however.

The form that takes the user to the update page.

<form class='edit-form' method='POST' action='editmessage.php'>
                <input type='hidden' name='cid' value='".$row['cid']."'>
                <input type='hidden' name='uid' value='".$row['uid']."'>
                <input type='hidden' name='date' value='".$row['date']."'>
                <input type='hidden' name='content' value='".$row['content']."'>
                <button>Edit</button>
            </form>

After the form is submitted it goes to this php file

<?php include('header.php'); ?>

    <body>
        <div class="container">
        <?php

        $cid = $_POST['cid'];
        $uid = $_POST['uid'];
        $date = $_POST['date'];
        $content = $_POST['content'];

  echo "<form method='POST' action='includes/edit_post.inc.php'>
        <input type='hidden' name='uid' value='".$_SESSION['username']."'>
        <input type='hidden' name='date' value='".date(' Y-m-d  ')."'>
        <textarea class='ckeditor' name='content2'></textarea>
        <br>
        <button type='submit' class='btn btn-default' name='submit_vault_edit'>Edit</button>
    </form>";
?>
            </div>

    <?php include('footer.php'); ?>

After this form is entered it goes to the php script that updates post

<?php
include 'dbh.php';

    if (isset($_POST['submit_vault_edit'])) {
        $cid = $_POST['cid'];
        $uid = $_POST['uid'];
        $date = $_POST['date'];
        $content = $_POST['content2'];

        $sql = "UPDATE vaults SET content='$content' WHERE cid='$cid'";
        $result = mysqli_query($conn, $sql);

        header("Location: http://www.generationdiary.com/user_vault.php?editsuccess");
    }

All my database connections are correct and everything is set up in that sense I just think I have a problem in my last bit of code (Code Block 3)

Upvotes: 1

Views: 114

Answers (1)

Saty
Saty

Reputation: 22532

You have not pass cid value from second part of code.

you can add it as

<input type='hidden' name='cid' value='".$cid."'>

Your code is open for valnurable sql injection

Check How can I prevent SQL injection in PHP? to prevent it.

Upvotes: 1

Related Questions