Her kommer et eksempel som må ligge meget meget tæt op af det du vil du kan så rette
til.
kartotek.sql:
create table kartotek (
id integer primary key,
navn varchar(50),
adresse varchar(100),
kode varchar(25)
);
insert into kartotek values(1, 'Arne', 'Arne vej 1', 'hemmeligt');
insert into kartotek values(2, 'Brian', 'Brian vej 2', 'Brian');
show.php:
<form method="post" action="update.php">
<?php
$id = $_GET["id"];
$con = mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("Test") or die(mysql_error());
$rs = mysql_query("select * from kartotek where id=" . $id) or die(mysql_error());
$row = mysql_fetch_array($rs, MYSQL_ASSOC);
print "<input type=\"hidden\" name=\"id\" value=\"" . $row["id"] . "\"/><br/>\n";
print "Navn: <input type=\"text\" name=\"navn\" value=\"" . $row["navn"] . "\"/><br/>\n";
print "Adresse: <input type=\"text\" name=\"adresse\" value=\"" . $row["adresse"] . "\"/><br/>\n";
print "Kode ord: <input type=\"password\" name=\"kode\"/><br/>\n";
mysql_free_result($rs);
mysql_close($con);
?>
<br/>
<input type="submit" value="Submit"/>
</form>
update.php:
<?php
$con = mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("Test") or die(mysql_error());
$id = $_POST["id"];
$navn = $_POST["navn"];
$adresse = $_POST["adresse"];
$kode = $_POST["kode"];
$rs = mysql_query("select kode from kartotek where id=" . $id) or die(mysql_error());
$row = mysql_fetch_array($rs, MYSQL_ASSOC);
if($row["kode"]==$kode) {
mysql_query("update kartotek set navn='" . $navn . "',adresse='" . $adresse . "' where id=" . $id) or die(mysql_error());
print "<a href=\"show.php?id=" . $id . "\">back</a>\n";
} else {
print "Hacker !\n";
}
mysql_close($con);
?>
URL:
http://server/show.php?id=1
