0

I'm trying to learn up PHP and HTML and I've gotten stuck.

I have a PHP PDO SQL query 

$stmt = $conn->prepare("SELECT COUNT FROM tbl WHERE Staff ID='$staff_id';");
$stmt->execute();`

I would like to add this to a table cell containing a form submit, below:

<td>
    <form action='staff_view_by_id.php?name="<?php echo $row['staff_id']; ?>"' method="post">
        <input type="hidden" name="staff_id" value="<?php echo $row['staff_id'] ?>">
        <input type="submit" id="staff_list_submit" name="submit" value="View"> 
    </form>

I'd like to have something that would cause that View button to be disabled if the result of the SQL Count is zero.

Is there a way to do this? I'm guessing it would be an if statement of some kind, but so far I can't get it to work.

Thanks

Qirel
  • 25,449
  • 7
  • 45
  • 62
Tom
  • 1,055
  • 1
  • 14
  • 29
  • First of all, you need to change your "COUNT" to "COUNT(*)". Also, you don't select staff_id from table. – patwoj98 May 31 '17 at 14:42
  • In addition to the comment about `COUNT` should be `COUNT(id)` and that you're not selecting the `staff_id` column, you also need to fetch the results. Then you should parameterize your query to protect against SQL injection. – Qirel May 31 '17 at 14:44
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 31 '17 at 14:47
  • And you are missing a semicolon after the echo of your staff id – O. Paquay May 31 '17 at 14:48
  • I was missing the semicolon. I'll read up some more on the SQL injection attacks. – Tom May 31 '17 at 15:39

1 Answers1

0

You could do something like

<input type="submit" id="staff_list_submit" name="submit" value="View" disabled="<?php if($result === 0){echo true;} else {echo false;} ?>">
O. Paquay
  • 276
  • 1
  • 10