Bootstrap modal passing ID

Question

Good day! I've a bootstrap modal that is to approve certain data in my MySQL database. I've managed somehow to pass the ID of the data that has been selected. Please help

Here is a part of my php code

This is where the modal is triggered:

<a type="button" class="btn btn-info btn-lg" data-toggle="modal" data-target="#approve<?php echo $id; ?>"  href='$id<?php echo '?id='.$id; ?>'><i class="fa fa-check-square-o" aria-hidden="true"></i></a>

and this is my modal

<!-- Modal -->
<div id="approve<?php echo $id; ?>" class="modal fade" role="dialog">
    <div class="modal-dialog">
    <!-- Modal content-->
    <div class="modal-content">
        <div class="modal-header">
            <button type="button" class="close" data-dismiss="modal">&times;</button>
            <h4 class="modal-title">Modal Header</h4>
        </div>
        <div class="modal-body">
            <p><?php echo $row["alum_id"]; ?></p>
        </div>
        <div class="modal-footer">
            <a href="approve.php?id=<?php echo $id;?>" class="btn btn-success">Accept</a>
            <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
        </div>
    </div>
</div>

as you can see that there is a code in the modal that is

<a href="approve.php?id=<?php echo $id;?>" class="btn btn-success">Accept</a>

This is where the data is accepted with my approve.php file

here is the code for approve.php

<?php

include("db/database_configuration.php");
$alum_id=$_GET['id'];
if(isset($_POST['approve'])){
    mysqli_query($conn, "UPDATE tblalumni SET alum_status = '2' WHERE  alum_id = '$alum_id'") or die (mysqli_error());
    header("location:confirm_alumni.php");
}elseif(isset($_POST['decline'])){
    mysqli_query($conn, "UPDATE tblalumni SET alum_status = '0' WHERE  alum_id = '$alum_id'") or die (mysqli_error());
    header("location:confirm_alumni.php");
}

?>

Please help me! Thanks in advance.

You do not have anything to trigger `$_POST['approve']` or `$_POST['decline']` — Jay Blanchard, Jan 16 '17 at 13:34
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) — Jay Blanchard, Jan 16 '17 at 13:34
What's the issue? Are you getting an error? Aside from that, please don't use this in production as it seems you are not validating user input. There are a lot of resources available on that topic. — Robert, Jan 16 '17 at 13:38

score 0 · Accepted Answer · answered Jan 16 '17 at 13:45

If your not using <form> then your <a href="approve.php?id=<?php echo $id;?>"></a> is correct so your approve.php has something wrong.

<?php
include("db/database_configuration.php");

$alum_id=$_GET['id'];
mysqli_query($conn, "UPDATE tblalumni SET alum_status = '2' WHERE  alum_id = '$alum_id'") or die (mysqli_error());
header('location:confirm_alumni.php')

?>

Try this

Bootstrap modal passing ID

1 Answers1