0

I got a table with dynamic data with 5 td-s. First one is for the ID, second one for date, third for the name of the author, fourth for some properties and in the last one i got two buttons. I want them to change the value of the $status in applications table. For that I made 2 php files in which I added the mysql update function for each of the buttons. But I don't know why when I press the buttons it does everything in the php except it doesn't change the value of $status. Please let me know where I am wrong and how can I make it work. Thanks in advance.

The html code of the buttons (the last td):

<form action="status1.php">
<input type="submit" name="approve" value=" + ">
</form>
<form action="status2.php">
<input type="submit" name="refuse" value=" - ">
</form>

The PHP code for the buttons - status1.php (status2.php is the same but it changes the $status value to 2 instead of 1)

<?php
    require_once('config.php');
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    mysql_query('set names windows-1251', $link);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }
    $id=$_GET['id'];
    $qry="UPDATE applications SET status=1 WHERE id='$id'";
    $result = mysql_query($qry);
        if($result) {
            header("location: applications.php");
            exit();
        }
        else {
            die("Query failed");
        }
?>
Improve this question
1
  • 2
    You're defining $id as $id=$_GET['id']; - is id being passed in as a variable on your form? It doesn't seem to be. Also, your form is open to SQL injections - you should look at using PDO or mysqli_* instead. Commented Sep 14, 2012 at 15:49

3 Answers 3

Reset to default
2

You are using $_GET['id'] as identifier, but as far as I can see in the code, you are not actually sending any GET information apart from the submit button itself. So your query is currently actually updating the row WHERE id=''. That's why you don't get errors, but you don't get your desired result either.

Change the action parameter of your form to status1.php?id=$id, or add something like <input type="hidden" name="id" value="$id"/> inside the form.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I don't know where the ID is stored in the script where you generate your overview table. I just named it $id in my suggestion. As long as you replace $id with the actual id of that row, the form will send it. So for example: echo '<form action="status1.php?id='+ rows[i]['id'] +'"><input type="submit"></form>'; This WILL send the id to your $_GET['id']. But in that case you can just as well make it a regular link of course: <a href="status1.php?id='+ rows[i]['id'] +'">approve</a> and make it look as a button with css, if so desired.
1

Well, are you getting any errors? Comment out the header("location: applications.php"); line so you will see if it throws any. Also try adding something like echo $qry so you can visually verify that the query is correct.

Also, you should read up on SQL injection and how to protect against it. Directly sticking user input into the query like that can open the door to nastiness. Also, you aren't checking user input for apostrophes which can break your query. I personally use PDO, which makes it a lot easier and a bit safer.

Another suggestion, rather than having to maintain two separate submission PHP files, just put your two submit buttons like this:

<input type="submit" name="status" value=" + ">
<input type="submit" name="status" value=" - ">

Then change the form action to the name of the consolidated php file and in that file, just evaluate the value of the status like:

$status = 0;
if ($_GET["status" == " + ") $status = 1;

If you install PDO, you'd do the meat of the DB update like this:

$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_DATABASE, DB_USER, DB_PASSWORD);
$sql = $pdo->prepare("UPDATE applications SET status=? WHERE id=?");
$sql->execute(array($status, $_GET["id"]));

..which would be a little safer than what you're doing now.

Disclaimer: I'm just a hobbyist PHP programmer, so there may be better ways than I've mentioned :)

Improve this answer

3 Comments

PS, to everyone who is mentioning his lack of ID, he does say in his post that he has several TDs with those data, he just for some reason did not show that in the example.
In his example, he's wrapping each submit button in its own form; the only things that will be passed will be the inputs defined in that form, and since there's no id defined there, it won't be passed.
Ah, I didn't catch that. I guess I need more acumen before I try answering questions ;)
0

use this instead of ur form tag for form 1

<from method="get" action="status1.php">

<input type="hidden" name="id" value="1"/>

<input type="submit" name="approve" value=" + "/>

</form>

for form2

<from method="get" action="status2.php">

<input type="hidden" name="id" value="2"/>

<input type="submit" name="refuse" value=" - "/>

</form>
Improve this answer

1 Comment

Except, you know, <form rather than <from. :-).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.