php - Updating a single record Via ID = ID -

php - Updating a single record Via ID = ID -

i've ran wall @ moment, code brings table button on end of each record. 1 time pressed function update health record -5.

this works great job effects rows, i've tried touched 1 record via id no luck! if can help great!

the php

$sql="select `id` , `firstname` , `health` ajax_demo `id` = `id` limit 0 , 30"; $result = mysql_query($sql); if(isset($_request['submit'])) { counterminus(); } function counterminus() { $cmeter = $cmeter - 1; $id = $_post["id"]; $firstname = $_post["firstname"]; mysql_query("update ajax_demo set `health` = `health` - `damage` id = {$id}"); header("location:oo_test.php"); }

this php / form

<?php echo "<table border='1'> <tr> <th>id</th> <th>firstname</th> <th>health</th> </tr>"; while($row = mysql_fetch_row($result)) { echo '<tr>'; foreach($row $cell) { echo "\n<td>$cell</td>"; } echo '<td><form id="theform" action="" method="post" > <input type="submit" name="submit" id="submit" value="attack" /> <input type="hidden" name="'.$row[1].'" /></form></td></tr>'; echo "\n\n"; }?>

this vunerable attack through $_post['id'] variable. utilize mysql_real_escape_string, or better, prepared queries through pdo or mysqli, anyway orthogonal issue having, it's thought aware of it.

you're never submitting html form field name id. in addition, in html, $row null outside of while loop, undefined in first place. mean name of hidden field blank, , sql saying update id=, invalid , cause error.

to fix, need submit form field name "id" such $_post['id'] contains value.

php html mysql