Click here to Skip to main content
15,868,164 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
When I click the submit button it shows the error above

What I have tried:

PHP
  1  <?php
  2  include_once 'domaindb.php';
  3  session_start();
  4  
  5  if(isset($_POST['Submit2']))
  6  {  
  7  
  8  
  9     $titlecontent = $_POST['titlecontent'];
 10     $sstatus = $_POST['sstatus'];
 11     $comment = $_POST['comment'];
 12    
 13     $query=mysqli_query($con,"insert into domaincomment(titlecontent,sstatus,comment) values('$titlecontent','$sstatus','$comment')");
 14     $sql=mysqli_query($con,"update createcontent set sstatus='$sstatus' where titlecontent='$titlecontent'");
 15  
 16     if (mysqli_query($conn, $sql)) {
 17      header("location:/gajaholen/domainexpert/viewcontentdomain.php");
 18      //echo "New record created successfully !";
 19     } else {
 20      echo "Error: " . $sql . "
 21  " . mysqli_error($conn);
 22     }
 23     mysqli_close($conn);
 24  }
 25  ?>
 26  
 27  
 28  <!DOCTYPE html>
 29  <html lang="en">
 30  <head>
 31    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 32    <meta name="viewport" content="width=device-width, initial-scale=1.0">
 33    <title>Domain Expert | Home</title>
 34    <link type="text/css" href="bootstrap/css/bootstrap.min.css" rel="stylesheet">
 35    <link type="text/css" href="bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet">
 36    <link type="text/css" href="css/theme.css" rel="stylesheet">
 37    <link type="text/css" href="images/icons/css/font-awesome.css" rel="stylesheet">
 38    <link type="text/css" href='http://fonts.googleapis.com/css?family=Open+Sans:400italic,600italic,400,600' rel='stylesheet'>
 39    <script language="javascript" type="text/javascript">
 40  
 41  var popUpWin=0;
 42  function popUpWindow(URLStr, left, top, width, height)
 43  {
 44   if(popUpWin)
 45  {
 46  if(!popUpWin.closed) popUpWin.close();
 47  }
 48  popUpWin = open(URLStr,'popUpWin', 'toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=no,copyhistory=yes,width='+600+',height='+600+',left='+left+', top='+top+',screenX='+left+',screenY='+top+'');
 49  }
 50  
 51  </script>
 52  
 53  <body>
 54  
 55  <?php 
 56    $id=$_GET['contentid'];
 57    $sql = "select titlecontent from createcontent where contentid='".$id."' ";
 58    $rs = mysqli_query($conn, $sql);
 59    //get row
 60    $fetchRow = mysqli_fetch_assoc($rs);
 61  ?>  
 62   
 63  <form method="post">
 64        <div class="module">
 65        <div class="module-head">
 66        <h3>Create Comment</h3>
 67        </div>
 68  
 69  <div class="module-body">
 70  
 71  <div style="margin-left:50px;">
 72  
 73  <form method="POST"  id="createcomment">
 74  
 75  <table width="100%" border="0" cellspacing="0" cellpadding="0">
 76      <tr>
 77        <td  > </td>
 78        <td > </td>
 79      </tr>
 80  
 81  
 82      <tr height="50">
 83        <td>Title:</td>
 84          <td><input type="text" name="titlecontent" size="50" value="<?php echo $fetchRow['titlecontent'];?>" readonly></td>
 85      </tr>
 86  
 87      <tr height="50">
 88        <td>Status</td>
 89        <td><select name="status" required="required">
 90        <option value="">Select Status</option>
 91        <option value="in process">In Process</option>
 92      <option value="closed">Closed</option>
 93          
 94        </select></td>
 95      </tr>
 96  
 97        <tr height="50">
 98        <td>Comment</td>
 99        <td><textarea name="comment" cols="50" rows="10" required="required"></textarea></td>
100      </tr>
101  
102          <tr height="50">
103        <td> </td>
104        <td><input type="submit" name="update" value="Submit"></td>
105      </tr>
106  
107         <tr><td colspan="2"> </td></tr>
108      
109      <tr>
110    <td></td>
111        <td >   
112        <input name="Submit2" type="submit" class="txtbox4" value="Close this window " onClick="return f2();" style="cursor: pointer;"  /></td>
113      </tr>
114     
115     
116  </table>
117   </form>
118  </div>
119  </div>
120    </div>
121    </div>      
122    </div><!--/.content-->
123    </div><!--/.span9-->
124    </div>
125    </div><!--/.container-->
126    </div><!--/.wrapper-->
127  
128  <center><?php include('include/footer.php');?></center>
129  
130    <script src="scripts/jquery-1.9.1.min.js" type="text/javascript"></script>
131    <script src="scripts/jquery-ui-1.10.1.custom.min.js" type="text/javascript"></script>
132    <script src="bootstrap/js/bootstrap.min.js" type="text/javascript"></script>
133    <script src="scripts/flot/jquery.flot.js" type="text/javascript"></script>
134  </body>
135  </html>
Posted
Updated 30-Mar-20 5:18am
v2
Comments
Richard MacCutchan 30-Mar-20 11:18am    
You have not declared contentid anywhere.
Richard MacCutchan 30-Mar-20 11:22am    
How? I have no idea what "contentid" is or where you are supposed to set it.
Richard Deeming 1-Apr-20 14:55pm    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

1 solution

This looks to be a problem with $id=$_GET['contentid'], and I would guess that there is no contentid located in the query string.

The fix would be to check for that in the GET array prior to trying to retrieve it
PHP
if (isset($_GET['contentid'])) {
  $id=$_GET['contentid']
}
 
Share this answer
 
Comments
Member 14787256 30-Mar-20 10:48am    
can u give full code for that part?
MadMyche 30-Mar-20 11:26am    
That would be your responsibility; I do not know what your page is supposed to do in what situation.
As it looks to me it is going to need more than this; it appears that it may also be vulnerable to SQL Injection.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900