Submit button affecting more than the one row it is supposed to

Question

So I've gotten this all working but for some reason the buttons in each column keep affecting all the rows in that column. So for instance if I have 3 records in the database and I click the button in CallAttemptOne (Row 3) it'll affect rows 1,2,3. What am I doing wrong here? Thanks

(Also yes, I realize the code is deprecated. That's step two!)

//superfluous code removed

$table = 'Project_Submissions';

if (!mysql_connect($db_host, $db_user, $db_pwd))
    die("Can't connect to database");
if (!mysql_select_db($database))
    die("Can't select database");

//Display all fields
$result = mysql_query("SELECT * FROM {$table} ORDER BY ID DESC");

//superfluous code removed


while ($row = mysql_fetch_array($result)) 
{
    echo "<tr>
    <td style='font-size:12px;'><center>{$row['ID']}</center></td>
    <td style='font-size:12px;'>{$row['First_Name']} {$row['Last_Name']}</td>
    <td style='font-size:12px;'><center>";

    //-------------------------------------------------
    if(empty($row['CallAttemptOne']))
    {
    echo" 
        <form action='".$_SERVER['PHP_SELF']."' method='post'>
        <input type='hidden' id='ID' name='ID' value='{$row['ID']}' />
        <input type='submit' name='formCalledOne' id='formCalledOne' value='Called' />
        </form>
        {$row['CallAttemptOne']}";
    }
    else
    {
    echo "{$row['CallAttemptOne']}";
    }


    echo "</center></td><td style='font-size:12px;'><center>";

    //-------------------------------------------------
    if(empty($row['CallAttemptTwo']))
    {
    echo" 
        <form action='".$_SERVER['PHP_SELF']."' method='post'>
        <input type='hidden' id='ID' name='ID' value='{$row['ID']}' />
        <input type='submit' name='formCalledTwo' id='formCalledTwo' value='Called' />
        </form>
        {$row['CallAttemptTwo']}";
    }
    else
    {
    echo "{$row['CallAttemptTwo']}";
    }


    echo "</center></td><td style='font-size:12px;'><center>";

    //-------------------------------------------------
    if(empty($row['CallAttemptThree']))
    {
    echo" 
        <form action='".$_SERVER['PHP_SELF']."' method='post'>
        <input type='hidden' id='ID' name='ID' value='{$row['ID']}' />
        <input type='submit' name='formCalledThree' id='formCalledThree' value='Called' />
        </form>
        {$row['CallAttemptThree']}";
    }
    else
    {
    echo "{$row['CallAttemptThree']}";
    }


    echo "</center></td><td style='font-size:12px;'><center>";

    //-------------------------------------------------
    if(empty($row['EmailAttempt']))
    {
    echo" 
        <form action='".$_SERVER['PHP_SELF']."' method='post'>
        <input type='hidden' id='ID' name='ID' value='{$row['ID']}' />
        <input type='submit' name='formEmailAttempt' id='formEmailAttempt' value='Emailed' />
        </form>
        {$row['EmailAttempt']}";
    }
    else
    {
    echo "{$row['EmailAttempt']}";
    }


    echo "</center></td>

    //-------------------------------------------------
    <td style='font-size:12px;'><center>Text Area</center></td>
    <td style='font-size:12px;'><center>{$row['Received_Date']}</center></td>
    <td style='font-size:12px;'><center>

        <form action='".$_SERVER['PHP_SELF']."' method='post'>
        <input type='hidden' id='ID' name='ID' value='{$row['ID']}' />
        <input type='submit' name='formDelete' id='formDelete' value='Delete' />
        </form>


    </center></td>
    </tr>";

}
    //-------------------------------------------------
    //Check to see if delete button is pressed
    if(isset($_POST['formDelete']))
    {
        if(isset($_POST['ID']) && !empty($_POST['ID']))
        {
            $deleteID = $_POST['ID'];
            $result = mysql_query("DELETE FROM Project_Submissions WHERE ID ='".$deleteID."'");
        }
    }   
    //-------------------------------------------------
    if(isset($_POST['formCalledOne']))//Check to see if Call Attempt One button is pressed
    {
        if(isset($_POST['ID']) && !empty($_POST['ID']))
        {
            $callattemptoneID = $_POST['ID'];
            $callattemptonequery = mysql_query("UPDATE Project_Submissions SET CallAttemptOne=CURDATE() WHERE ID ='".$callattemptoneID."' AND CallAttemptOne IS NULL OR LENGTH(CallAttemptOne)=0");
        }
    }   
    //-------------------------------------------------
    if(isset($_POST['formCalledTwo']))//Check to see if Call Attempt Two button is pressed
    {
        if(isset($_POST['ID']) && !empty($_POST['ID']))
        {
            $callattempttwoID = $_POST['ID'];
            $callattempttwoquery = mysql_query("UPDATE Project_Submissions SET CallAttemptTwo=CURDATE() WHERE ID ='".$callattempttwoID."' AND CallAttemptTwo IS NULL OR LENGTH(CallAttemptTwo)=0");
        }
    }   
    //-------------------------------------------------
    if(isset($_POST['formCalledThree']))//Check to see if Call Attempt Three button is pressed
    {
        if(isset($_POST['ID']) && !empty($_POST['ID']))
        {
            $callattemptthreeID = $_POST['ID'];
            $callattemptthreequery = mysql_query("UPDATE Project_Submissions SET CallAttemptThree=CURDATE() WHERE ID ='".$callattemptthreeID."' AND CallAttemptThree IS NULL OR LENGTH(CallAttemptThree)=0");
        }
    }   
    //-------------------------------------------------
    if(isset($_POST['formEmailAttempt']))//Check to see if Email Attempt button is pressed
    {
        if(isset($_POST['ID']) && !empty($_POST['ID']))
        {
            $emailattemptID = $_POST['ID'];
            $emailattemptquery = mysql_query("UPDATE Project_Submissions SET EmailAttempt=CURDATE() WHERE ID ='".$emailattemptID."' AND EmailAttempt IS NULL OR LENGTH(EmailAttempt)=0");
        }
    }   
?>
</body>
</html>

Please do not use the `mysql_` function as [they are deprecated](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). And your SQL is wide open to [SQL Injection](http://bobby-tables.com/) — Machavity, May 13 '15 at 12:59

Schlaus · Accepted Answer · 2015-05-13T18:22:03.520

Try using parentheses in your queries:

UPDATE Project_Submissions SET EmailAttempt=CURDATE() WHERE ID ='".$emailattemptID."' AND (EmailAttempt IS NULL OR LENGTH(EmailAttempt)=0);

The reason for your query not working before is the order of precedence of the logical operators in the WHERE part. Logic is executed from left to right, so basically your query was the same as

SELECT WHERE (ID ='".$emailattemptID."' AND EmailAttempt IS NULL) OR LENGTH(EmailAttempt)=0;

thus every row where LENGTH(EmailAttempt)=0 was true was included in the result. Besides enclosing the OR part in parentheses, you could also have reversed the order:

SELECT WHERE EmailAttempt IS NULL OR LENGTH(EmailAttempt)=0 AND ID ='".$emailattemptID."';

But besides that, as was mentioned in the comments before, you should never use variables directly in queries, since that leaves your code wide open to SQL injection attacks.

@new2programming I added a bit more verbose explanation to my answer. Hope it helps! — Schlaus, May 13 '15 at 18:22

Submit button affecting more than the one row it is supposed to

1 Answers1