Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Apr 2011
    Posts
    48
    Thanks
    14
    Thanked 0 Times in 0 Posts

    for each sql show a button

    Hi there, i've just made a guestbook that users can post to with comments and it enters the value 0 in the authorised field in the mysql database. It's set to show posts that have a value of 1 in authorised so i can manually see if they are spam or not. What I now need is help creating a page that shows all of the unauthorised comments(value of 0) on a page each with an authorise button and a remove button next to them. I am rather new to php and am unsure how to go about doing this. Would it be something like for each row in the table show button? any help is greatly appreciated, thanks

    This is what i have so far, it doesn't seem to be updating the values

    guestbookedit.php (shows the messages and buttons)
    PHP Code:
    <?
    session_start
    ();
    include(
    'dbinfo.php');

    $result mysql_query("SELECT * FROM guestbook WHERE authorised='0' ORDER BY post_id ASC");
    if (!
    $result) {
        die(
    "Oops, Something went wrong... Please let the site webmaster know so we can fix the problem:)");
    }

    $fields_num mysql_num_fields($result);


    while(
    $row mysql_fetch_assoc($result))
    {
        
    $message    $row['message'];
        
    $first_name $row['first_name'];
        
    $last_name  $row['last_name'];
        
    $date       $row['date_posted'];
        
    $time       $row['time_posted'];
        
    $post_id    $row['post_id'];
        echo 
    "<tr>";
          echo 
    "<form action=\"submit.php\">";
         echo 
    "<input type=\"hidden\" name=\"post_id\" value=\"$post_id\">";
        echo 
    "<td>" $row['message'] . "</td>";
         echo 
    "<td> <input type=\"submit\" value=\"Authorise\"> </td>";
         echo 
    "</tr>";
    }

    mysql_free_result($result);

    ?>
    submit.php (submits form to set authorised to 1)
    PHP Code:
    <?
    session_start
    ();
    include(
    'dbinfo.php');
    // form values
    $post_id $_POST['post_id']; 


    $sql "UPDATE `guestbook` SET `authorised` = '1' WHERE post_id = '$post_id'";
    mysql_query($sql) or die(mysql_error());
    mysql_close();

    echo 
    "done?";

    ?>
    Last edited by tim967; 06-28-2011 at 11:35 AM. Reason: added current code.

  • #2
    Regular Coder
    Join Date
    Jun 2010
    Posts
    293
    Thanks
    63
    Thanked 8 Times in 8 Posts
    You need to set the method attribute of the form to POST if you want to see the callback values in $_POST. Otherwise, the default method is GET. You can see both POST and GET variables in $_REQUEST.

    i.e.: <form action="submit.php" method="POST">...</form>

    Also, I strongly recommend some error-checking on the bare values in $_POST. The way your code is written at the moment, it is wide open for SQL injection hacks.

  • Users who have thanked XmisterIS for this post:

    tim967 (06-28-2011)

  • #3
    New Coder
    Join Date
    Apr 2011
    Posts
    48
    Thanks
    14
    Thanked 0 Times in 0 Posts
    ahh thank you, i shall try it now, and i've never really thought about SQL injection as i'm fairly new to php, i'll take a look at some tutorials now. thanks again

  • #4
    Regular Coder
    Join Date
    Jun 2010
    Posts
    293
    Thanks
    63
    Thanked 8 Times in 8 Posts
    YW

    In your case, you could put a simple check in to make sure that the input is a number (i'm assuming that post_id should be an integer).

    so you'd need something like:

    PHP Code:
    if (!is_numeric($_POST["post_id"]))
      throw new 
    Exception("Incorrect input");
    else
      
    $post_id intval($_POST["post_id"]); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •