View Full Version : for each sql show a button

06-28-2011, 12:02 PM
Hi there, i've just made a guestbook that users can post to with comments and it enters the value 0 in the authorised field in the mysql database. It's set to show posts that have a value of 1 in authorised so i can manually see if they are spam or not. What I now need is help creating a page that shows all of the unauthorised comments(value of 0) on a page each with an authorise button and a remove button next to them. I am rather new to php and am unsure how to go about doing this. Would it be something like for each row in the table show button? any help is greatly appreciated, thanks

This is what i have so far, it doesn't seem to be updating the values :(

guestbookedit.php (shows the messages and buttons)


$result = mysql_query("SELECT * FROM guestbook WHERE authorised='0' ORDER BY post_id ASC");
if (!$result) {
die("Oops, Something went wrong... Please let the site webmaster know so we can fix the problem:)");

$fields_num = mysql_num_fields($result);

while($row = mysql_fetch_assoc($result))
$message = $row['message'];
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$date = $row['date_posted'];
$time = $row['time_posted'];
$post_id = $row['post_id'];
echo "<tr>";
echo "<form action=\"submit.php\">";
echo "<input type=\"hidden\" name=\"post_id\" value=\"$post_id\">";
echo "<td>" . $row['message'] . "</td>";
echo "<td> <input type=\"submit\" value=\"Authorise\"> </td>";
echo "</tr>";



submit.php (submits form to set authorised to 1)

// form values
$post_id = $_POST['post_id'];

$sql = "UPDATE `guestbook` SET `authorised` = '1' WHERE post_id = '$post_id'";
mysql_query($sql) or die(mysql_error());

echo "done?";


06-28-2011, 01:28 PM
You need to set the method attribute of the form to POST if you want to see the callback values in $_POST. Otherwise, the default method is GET. You can see both POST and GET variables in $_REQUEST.

i.e.: <form action="submit.php" method="POST">...</form>

Also, I strongly recommend some error-checking on the bare values in $_POST. The way your code is written at the moment, it is wide open for SQL injection hacks.

06-28-2011, 02:30 PM
ahh thank you, i shall try it now, and i've never really thought about SQL injection as i'm fairly new to php, i'll take a look at some tutorials now. thanks again

06-28-2011, 03:03 PM
YW :)

In your case, you could put a simple check in to make sure that the input is a number (i'm assuming that post_id should be an integer).

so you'd need something like:

if (!is_numeric($_POST["post_id"]))
throw new Exception("Incorrect input");
$post_id = intval($_POST["post_id"]);