0

I've been doing some work on my website control panel for a game I'm working on. But I can't seem to get the "Ban!" button to be "Unban!" if the result $row['banned'] is FALSE. I get it to output TRUE : FALSE depending on what it says in the table.

Any help getting this fixed would be greatly appreciated. I have struggled with this for a few days now and I felt like giving up once or twice but this has to be completed to help the admins on my game have it easier to check banned accounts and control the options.

p.s "connect.php" only has a few variables that are used and the mysql connect string.

<?php 
require('connect.php');

if(isset($_POST['ban'])){
   $id = $_POST['ban_rec_id'];  
   $query = "UPDATE accounts SET banned=1 WHERE id=$id"; 
   $result = mysql_query($query);
}else if(isset($_POST['unban'])){
   $id = $_POST['unban_rec_id'];
   $query = "UPDATE accounts SET banned=0 WHERE id=$id";
   $result = mysql_query($query);
}

$query = "SELECT id, uuid, name, REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE') AS banned FROM accounts ORDER BY id ASC";
$result = mysql_query($query);
echo "<center>
    <table>
    <tr>
        <th>Acccount Id</th>
        <th>Username</th>
        <th>In-Game Name</th>
        <th>Banned</th>";
        if($ban === true){
            echo "<th>Ban</th>";
        }
echo "</tr>";
while ($row = mysql_fetch_array($result)) {
        $id = $row['id'];
    $username = $row['uuid'];
    $gamename = $row['name'];
    $banned = $row['banned'];

    echo "<tr>";
    echo "<td>" . $id . "</td>";
    echo "<td>" . $username . "</td>";
echo "<td>" . $gamename . "</td>";
    echo "<td>" . $banned . "</td>";
    if($ban === true){
        if($row['banned'] == FALSE){
            echo "<td>"?>
            <form id="ban" method="post" action="">
                <input type="hidden" name="ban_rec_id" value="<?php print $id; ?>"/>
                <input class="button-small" type="submit" name="ban" value="Ban!"/>
            </form>
            <?php "</td>";
        } else {
            echo "<td>"?>
            <form id="unban" method="post" action="">
                <input type="hidden" name="unban_rec_id" value="<?php print $id; ?>"/>
                <input class="button-small" type="submit" name="unban" value="Unban!"/>
            </form>
            <?php "</td>";
        }
    }
    echo "</tr>";
}
echo "</table></center>";
mysql_close($link);
?>
Charles
  • 50,943
  • 13
  • 104
  • 142
Luciferus
  • 33
  • 1
  • 1
  • 6
  • **WARNING!** Your code contains an [SQL injection vulnerability](http://en.wikipedia.org/wiki/SQL_injection) -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is [very easy to fix](http://stackoverflow.com/q/60174/168868). Consider [switching to PDO](http://php.net/book.pdo) or [mysqli](http://php.net/book.mysqli) so you can use [prepared statements with parameterized queries](http://en.wikipedia.org/wiki/Prepared_statement). – Charles Nov 25 '13 at 05:39
  • Also: [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Switching to mysqli or PDO as suggested above is the way forward. – Charles Nov 25 '13 at 05:41

2 Answers2

1

Try use string for FALSE instead since looks like you might have assigned it with String rather than Boolean value in your error-prone REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE'):

if($row['banned'] == 'FALSE')
Paul Lo
  • 6,032
  • 6
  • 31
  • 36
  • Thanks, I've been really tired lately. I think I've been up for about 2 days now just working on this. It's awkward to miss something so simple in it. I think it'd be better for me to go to bed and get some sleep now. It fixed the system btw. Thanks :) – Luciferus Nov 24 '13 at 14:38
0

So what actually is the problem with that? The code seems to be fine, in case the value in 'banned' column is false or true. But you should check the right value type in your columns. If it is string (varchar, text etc) that is saying 'FALSE' or 'TRUE' you should use 'FALSE' instead of FALSE

Tim White
  • 118
  • 9