-1

I am creating a multiuser shared to do list application using PHP and MySQL. Currently, my application is displaying the to do list items by iterating over the database table with a while loop.

All of that works correctly, so I know I am connecting to the database. Part of the while loop also generates buttons that allow a user to "claim" an item that does not have anyone working on it or to indicate that at item has been completed. However, the buttons are not updating the database table.

<?php

    include 'includes/dbh.inc.php';

    $sql = 'SELECT * FROM items WHERE item_is_done = 0';
    $result = mysqli_query($conn, $sql);

    while($row = mysqli_fetch_assoc($result)) {

    $creator = $row['item_creator'];
    $owner = $row['item_owner'];
    $id = $row['item_id'];

    if (isset($_POST['do_item'])) {

       $update = "UPDATE items SET item_owner = $currentID WHERE item_id = $id;";
       mysqli_query($conn, $update);

       header("Location: ../todo.php?code=doing");
       exit();

    } else if(isset($_POST['complete_item'])) {

        $update = "UPDATE items SET item_is_done = 1 WHERE item_id = $id;";
        mysqli_query($conn, $update);

        header("Location: ../todo.php?code=done");
        exit();
    }

    echo '<h4>Item ID:</h4>' . $id . '<br><br>';
    echo '<h4>Item created by:</h4>' . $creator . '<br><br>';
    echo '<h4>Date Added: </h4>' . $row['item_add_date'] . '<br><br>';
    echo '<h4>Item Title: </h4>' . $row['item_title'] . '<br><br>';
    echo '<h4>Description: </h4>' . $row['item_description'] . '<br>';

    if($row['item_owner'] == 'None') {

        echo '<br>';
        echo '<button type="submit" name="do_item" formaction="todo.php" formmethod="POST">Do Item</button>';
        echo '<br>';

    } else if($row['item_owner'] != 'None') {

        echo '<br>';
        echo '<h4>Item is being worked on by: </h4>' . $owner . '<br><br>';
        echo '<button type="submit" name="complete_item" formaction="todo.php" formmethod="POST">Complete Item</button>';
        echo '<br>';
    }

    echo '<hr>';
}
?>

Joshua Ferrell
  • 15
  • 5
  • 1
    You're not setting `$currentID` to any value. – Alex Howansky Dec 01 '17 at 17:38
  • Your code is vulnerable to [SQL Injection attacks](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). Use [prepared statements](https://stackoverflow.com/questions/24988867/when-should-i-use-prepared-statements) when writing SQL queries. – tyteen4a03 Dec 01 '17 at 17:38
  • @AlexHowansky Sorry, I should have described how my database is setup. item_creator is who made the list item, item_owner is who is working on the list item. $currentID is working because it is populating part of the to do list items in the while loop (as seen in the screenshot). – Joshua Ferrell Dec 01 '17 at 17:55
  • @tyteen4a03 Thank you, I will look into this. – Joshua Ferrell Dec 01 '17 at 17:55
  • You know that as soon as you hit one of your `header()` commands, you're no longer within this process, right? So nothing after that (in the loop or out of it) is going to execute. – Patrick Q Dec 01 '17 at 17:55
  • what @AlexHowansky says and I made your query a little shorter. `mysqli_query($con, "UPDATE items SET item_is_done = 1 WHERE item_id = $id;");` – Niels Dec 01 '17 at 17:56
  • also `header( )` and `exit` will prevent anything below it from executing. – Niels Dec 01 '17 at 17:58
  • I removed header() and exit(). I also figure out why they were not initially updating. $currentID simply needed to be surrounded by quotes in the SQL query since it is a string that is updating the item_owner field in the database. – Joshua Ferrell Dec 01 '17 at 18:03

1 Answers1

-1

I was also got stuck on same kind of problem what I did was I tried to put the updating variables in ' ' single quotes.

If it can help you you can try this queries

$update = "UPDATE items SET item_owner='$currentID' WHERE item_id='$id'";

$update = "UPDATE items SET item_is_done='1' WHERE item_id ='$id'";
Ankush Patil
  • 14
  • 3
  • Thanks for your response. I tried this on my own earlier and it did work, but this was indeed the solution I was looking for. Now I have a new problem... when I click the buttons it updates all of the entries on the page, not just the entry I click the button for. But I'll ask a separate question for that. – Joshua Ferrell Dec 01 '17 at 19:50