[SOLVED] Updating Field Wont work

[Money88]

I have this script a lot of it is probably useless. Well what i am trying to do is have all the rows display in an html table then in the last 2 columns have a drop down box with ACCEPTED, DECLINED, PENDING

 

then when they hit Apply i want it to update the specific field for that row. I used variable variables because i dont know arrays. So please someone help me. I have gotten very close with this crap coding i just cant get it to update the field or if someone would show me how they would accomplish something like this.

 

<html>
<head>
<title>[MWG] Applicants</title>

<head></head>
<body>
<?php

$db_host = 'localhost';
$db_user = 'god_money88';
$db_pwd =  '12001200';

$database = 'god_evo';
$table = 'applications';

if (!mysql_connect($db_host, $db_user, $db_pwd))
die();

if (!mysql_select_db($database))
die();

if (isset($_POST['submit'])) {

//$insert2 = "INSERT INTO applications (accepted)
//$insert2 = "UPDATE application SET accepted='".$_POST['$add']."' WHERE username=$add2";
//INSERT INTO applications (accepted) WHERE id = '$add' VALUES ('".$_POST['$add']."')";
//$add_member2 = mysql_query($insert2);
mysql_query("UPDATE application SET accepted='".$_POST['$add']."' WHERE username=$add2");
?>

<h1>Status Changed</h1>
<p>Members Status Sucessfully changed. <a href="http://mwgclan.com/apply/admin/index.php">Go Back To Admin Panel</a></p>

<?php 
}
else
{

// sending query
$result = mysql_query("SELECT * FROM {$table}");

if (!$result) {
die();
}

$fields_num = mysql_num_fields($result);


?>
<h1><center>Applicants</h1></br>
</center>
<br>
<table align="center" style= cellspacing="0" cellpadding="2" width="100%" background="themes/subBlack/images/bg.png" border="2">
<tbody>
<tr>
<td width="8%"><b>Username:</b></td>
<td width="8%"><b>Name:</b></td>
<td width="10%"><b>Email:</b></td>	
<td width="10"><b>Country:</b></td>
<td width="4%"><b>Age:</b></td>
<td width="8%"><b>X-Fire:</b></td>
<td width="10%"><b>Date Submitted:</b></td>
<td width="16%"><b>How You Heard of [MWG]:</b></td>
<td width="16%"><b>Reason You Joined:</b></td>
<td width="10%"><b>Status:</b></td>
<?php
$add = "";
// printing table headers
for($i=0; $i<$fields_num; $i++)
{
$row = mysql_fetch_array($result);
$id = $row['id'];
$idl = strlen($id);
$il = strlen($i);
$idl = (0 - $idl);
$constant = "";
echo "<tr>";
echo "<td>", $row['username'], "</td>";
echo "<td>", $row['name'], "</td>";
echo "<td>", $row['email'], "</td>";
echo "<td>", $row['country'], "</td>";
echo "<td>", $row['age'], "</td>";
echo "<td>", $row['xfire'], "</td>";
echo "<td>", $row['datesubmitted'], "</td>";
echo "<td>", $row['howyouheard'], "</td>";
echo "<td>", $row['reasontojoin'], "</td>";

$us = "";
$usr = $row['username'];
$usrl = strlen($user);
$$us = $user;
$rest2 = substr("$us${$us}", "$usrl");    // returns "username"
$$constant2 = $rest2;
$add2 = "$constant2${$constant2}";
$$i = $id;
$rest = substr("$i${$i}", "$idl");    // returns "$id"
$$constant = $rest;
$add = "$constant${$constant}";

echo "<td>",  $row['accepted'];
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<select name="<?php $add ?>"> 
<option value="Accepted" selected="selected">Accepted</option> 
<option value="Declined">Declined</option> 
<option value="Pending">Pending</option>
</td>
<td>
<input type="submit" name="submit" value="Apply"></form>
</td>
</tr>

<?php } }

/*
echo "</tr>\n";
// printing table rows
while($row = mysql_fetch_row($result))
{
echo "<tr>";

// $row is array  foreach( .. ) puts every element
// of $row to $cell variable
foreach($row as $cell)
echo "<td>$cell</td>";

echo "</tr>\n";
}
mysql_free_result($result);
*/
?>
</tbody></table></html>

 

Thanks in Advance!

[br0ken]

I would personally have a hidden input box holding the amount of rows you want to update. Then for each drop down have it named as 'status_n' where n is a number from 1 to the total you stored in the input box. Then when you process the form, grab the number in the hidden input field and go from 1 to that number and process each row individually. Does this make sense?

 

Also, I should point out that you put a variable directly into a MySQL query which is extremely bad!

 

mysql_query("UPDATE application SET accepted='".$_POST['$add']."' WHERE username=$add2");

 

With a small Javascript injection on your page a hacker could submit anything they wanted in your query and depending on the user account running the query and the permissions so associated with it, could do some pretty bad damage!

 

When taking input from the user ALWAYS validate it. The following example is a lot better but not perfect.

 

mysql_query("UPDATE application SET accepted='".mysql_real_escape_string(strip_tags($_POST['$add']))."' WHERE username=$add2");

[Money88]

I would personally have a hidden input box holding the amount of rows you want to update. Then for each drop down have it named as 'status_n' where n is a number from 1 to the total you stored in the input box. Then when you process the form, grab the number in the hidden input field and go from 1 to that number and process each row individually. Does this make sense?

 

So how would you go about doing this?

 

wouldnt you still need a variable variable?

 

 

[br0ken]

Here is a thread where I helped someone accomplish something similar. See if it can help you.

 

http://www.phpfreaks.com/forums/index.php?topic=204309

[Money88]

I tried all that for some reason my fields just wont update. I can output $add to show the row number but how can i determine which drop down box it is calling that from? Please help I cannot get this working for my life. The Testing Page you can see here Http://www.Mwgclan.com/apply/admin/

[br0ken]

I'm not sure what to say. The information is there for you to extract and use. The link I gave you should have everything you need.

 

Show me your code based on the link I gave you and I'll see if I can help you.

[Money88]

i have resolved it ill post the code here in an hour or so for others that may have the same problem

[br0ken]

Yeah good idea!

 

Also, after you've posted could you hit the 'Topic Solved' link in the bottom left hand corner please? 

[Money88]

SOLUTION:

 

<html> 
<head> 
</head> 
<body> 

<?php 

// set server access variables 
$host = "localhost"; 
$user = "DATABASE USER"; 
$pass = "DATABASE PASS"; 
$db = "DATABASE NAME"; 

// create mysqli object 
// open connection 
$mysqli = new mysqli($host, $user, $pass, $db); 

// check for connection errors 
if (mysqli_connect_errno()) { 
    die("Unable to connect!"); 
} 

// if id provided, then Update that record 
if (isset($_GET['ac'])) {
// create query to delete record 
    $query = "UPDATE applications SET accepted='Accepted' WHERE id = ".$_GET['ac']; 
     
// execute query 
    if ($mysqli->query($query)) { 
    // print number of affected rows 
    echo $mysqli->affected_rows." row(s) affected";
    } 
    else { 
    // print error message 
    echo "Error in query: $query. ".$mysqli->error; 
    } 
} 
elseif (isset($_GET['pe'])) {
// create query to delete record 
    $query = "UPDATE applications SET accepted='Pending' WHERE id = ".$_GET['pe']; 
     
// execute query 
    if ($mysqli->query($query)) { 
    // print number of affected rows 
    echo $mysqli->affected_rows." row(s) affected"; 
    } 
    else { 
    // print error message 
    echo "Error in query: $query. ".$mysqli->error; 
    } 
} 
elseif (isset($_GET['de'])) {
// create query to delete record 
    $query = "UPDATE applications SET accepted='Declined' WHERE id = ".$_GET['de']; 
     
// execute query 
    if ($mysqli->query($query)) { 
    // print number of affected rows 
    echo $mysqli->affected_rows." row(s) affected"; 
    } 
    else { 
    // print error message 
    echo "Error in query: $query. ".$mysqli->error; 
    } 
} 
// query to get records 
$query = "SELECT * FROM applications"; 

// execute query 
if ($result = $mysqli->query($query)) { 
    // see if any rows were returned 
    if ($result->num_rows > 0) { 
        // yes 
        // print them one after another 
        echo "<center><h1>Page Name</h1></center>";
        echo "<table width=100% cellpadding=10 border=1>"; 
        echo "<tr><td><b>ID:</b></td><td><b>Username:</b></td><td><b>Name:</b></td>";
        echo "<td><b>Email:</b></td><td><b>Date Submitted:</b></td><td><b>Country</b></td>";
    	echo "<td><b>Age:</b></td><td><b>XFire:</b></td><td><b>How you heard:</b></td>";
        echo "<td><b>Reason to join:</b></td><td><b>Status:</b></td><td><b>Click to change:</b></td></tr>"; 

        while($row = $result->fetch_array()) { 
            echo "<tr>"; 
            echo "<td>".$row[0]."</td>"; 
            echo "<td>".$row[1]."</td>"; 
            echo "<td>".$row[2]."</td>"; 
            echo "<td>".$row[3]."</td>"; 
            echo "<td>".$row[4]."</td>"; 
            echo "<td>".$row[5]."</td>"; 
            echo "<td>".$row[6]."</td>"; 
            echo "<td>".$row[7]."</td>"; 
            echo "<td>".$row[8]."</td>"; 
            echo "<td>".$row[9]."</td>"; 
            echo "<td>".$row[10]."</td>";
            echo "<td><a href=".$_SERVER['PHP_SELF']."?ac=".$row[0].">Accepted</a><br />"; 
    echo "<a href=".$_SERVER['PHP_SELF']."?de=".$row[0].">Declined</a><br />"; 
    echo "<a href=".$_SERVER['PHP_SELF']."?pe=".$row[0].">Pending</a></td>"; 



/*<td>
<input type="submit" name="submit" value="Apply"></form>
</td>*/
    echo "</tr>";
            
        } 
    } 
    // free result set memory 
    $result->close(); 
} 
else { 
    // print error message 
    echo "Error in query: $query. ".$mysqli->error; 
} 
// close connection 
$mysqli->close(); 

?> 

</body> 
</html>