0

I want to show a list of all entries where the column "approved" is "no" and then place a button next to it that when clicked will change the "approved" to a "yes". I ran this through code checker and fixed a few issues with brackets and such. It now tells me there are no errors so something else is just not working with this. It is probably something small that I am missing (I hope). Can anyone help me find/understand what part of this is incorrect... and/or if there is a better way to achieve what I'm wanting?

<?php
  //select the database to write to
  $unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
    //While loop to cycle through the rows
    while($row = mysql_fetch_assoc($unapprovedsires)){
        $sirename = $row['sirename'];
        echo $sirename;}
?>
<ul class="admin-fields">
<?php
    foreach($row as $field){
        if(empty($field)){
            echo "....";
        }
        print '<li>' .$field.' </li>';
    }//End For Each Loop
    //print $sirename;
?>
        </ul>
<p>
 <?php
    if(isset($_POST['approve'])){
    mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '.$sirename.'") or die ("Something went wrong");
}
  ?>
    <ul>
        <li>

<form method="post">
    <input type="hidden" name="sirename" value="$sirename" />
    <button name="approve" id="approve" type="submit">Approve Sire</button>
</form>
           </li>
   </ul>
ld04
  • 33
  • 6

1 Answers1

1

As I mentioned as a comment, you need to wrap $sirename in PHP tags with an echo statement. You are also not passing $_POST['sirename'] into your script. It otherwise defaults to the original $sirename from your mysql_fetch_assoc().

Warning: the way you have your script set up, you're vulnerable to injection attacks. This is just an example to show you how to pass in variables. See: How can I prevent SQL injection in PHP?

<?php
  //select the database to write to
  $unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
    //While loop to cycle through the rows
    while($row = mysql_fetch_assoc($unapprovedsires)){
        $sirename = $row['sirename'];
        echo $sirename;}
?>
<ul class="admin-fields">
<?php
    while($row = mysql_fetch_assoc($unapprovedsires)){
        if(empty($row['sirename']))
            echo "....";
        else
            print '<li>' .$row['sirename'].' </li>';
    }
    //print $sirename;
?>
        </ul>
<p>
<?php
    if(isset($_POST['approve'])){
        $sirename = mysql_real_escape_string($_POST['sirename']);
        mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '$sirename'") or die ("Something went wrong");
    }
?>
    <ul>
        <li>
            <form method="post" method="<?php echo $_SERVER[PHP_SELF]; ?>">
                <input type="hidden" name="sirename" value="<?php echo $sirename; ?>" />
                <input type="submit" name="approve" id="approve" value="Approve Sire" />
            </form>
       </li>
</ul>
Community
  • 1
  • 1
  • I found the code on StackOverflow while searching how the heck I do what I'm attempting to do. All the dots and such were already there so I didn't change them. Thank you for all the help! – ld04 Jan 22 '14 at 21:38
  • Okay I put what you shared above Josh but when I click approve nothing happens... and it doesn't list each option, it just lists all the names and gives one approve button. I'm going to keep playing around with it though. – ld04 Jan 22 '14 at 21:46
  • 1
    I'm not sure what you're trying to do with the `foreach()` loop. `$row` is holding an associative array from this query: `SELECT * FROM nominatedsires WHERE approved = 'no'`, and so you should use a `while()` loop for that. I fixed your HTML form so it should submit, see edit. –  Jan 22 '14 at 23:05