0

I have a problem with my script. So I have a table and I am fetching the values from the db into the html table with the help of php. Then I have the javascript code to display html form underneath each row of the table fetched from the db. I Have a Hidden input element in my form to get the unique id of the form submitted Then I use an ajax script which submits the request into an Php file.

The problem, IF I SUBMIT THE FORM FROM MY FIRST ROW the values get change for that particular row (Which works for me). But if I submit the form from the others row the value remains same for that particular row. I am trying to figure this out from the past 3 hours.Need Help! Thank you

I Have a php script:

<?php
foreach($results as $data){
    echo '<tbody>
            <tr class="dropDown">
                <td>1</td>
                <td>'.$data['Title'].'</td>
                <td>'.$data['criticality'].'</td>
                <td>'.$data['Priority'].'</td>
                <td>'.$data['Description'].'</td>
                <td>'.$data['Date_Submitted'].'</td>
                <td>'.$data['NO'].'</td>
                <td></td>
            </tr>
        </tbody>';
}
?>

And my Html form is in the same for loop

<form action="/action_page.php">
    <input type="text" name="rowID" value='.$data['NO'].'>
    <fieldset>
        <label>XYZ Questions </label><br>
        <label class="radio-inline">
            <input type="radio" name="optradio">
            <label>YES</label>
        </label>
        <label class="radio-inline left">
            <input type="radio" name="optradio">
            <label>NO</label>
        </label>
    </fieldset>
    <fieldset>
        <label>XYZ Questions </label><br>
        <label class="radio-inline">
            <input type="radio" name="optradio1">
            <label>YES</label>
        </label>
        <label class="radio-inline left">
            <input type="radio" name="optradio1">
            <label>NO</label>
        </label>
    </fieldset>
    <div class="checkbox">
        <label><input type="checkbox"> Remember me</label>
    </div>
    <button type="submit" class="btn btn-default">Submit</button>
</form>

My ajax script:

var launchAjax = function () { // event handler for button click
    $.get("php/inbetween.php/", {
        id: $("[name=rowID]").val(),      // getting the unique if of each form
        question: $("[name=optradio]:checked").val(),
        question1: $("[name=optradio1]:checked").val(),
    });
}
$("#no").click(launchAjax);

And my php and sql :

<?php
    include 'common.php';

    $id = filter_input(INPUT_GET, "id", FILTER_SANITIZE_NUMBER_INT);
    $question = filter_input(INPUT_GET, "question", FILTER_SANITIZE_STRING);
    $question1 = filter_input(INPUT_GET, "question1", FILTER_SANITIZE_STRING);

    function getMark($answer, $mark = 1) {
        $result = 0;
        if($answer == 'YES'){
            $result = $mark;
        }
        return $result;
    }
    $p = 0;
    $p += getMark($question, 1); // provide the answer and the mark
    $p += getMark($question1, .5);
    $c = 0;
    $c += getMark($question, 0.5); // provide the answer and the mark
    $c += getMark($question1, 1);

    $command1 = "UPDATE rating SET criticality = '$c' , Priority = '$p'
    WHERE no = '$id'";

    // prepare and executing
    $stmt1 = $dbh->prepare($command1);
    $result1 = $stmt1->execute();
?>
JeanPaul98
  • 492
  • 6
  • 18
Sach jot
  • 160
  • 1
  • 15
  • 2
    `// getting the unique if of each form` That's not what that jquery does if you have multiple elements where `name="rowID"`. – Patrick Q Feb 05 '18 at 17:51
  • 1
    There is an issue with your code: `'.$data['NO'].'` is definitely not valid HTML – rollstuhlfahrer Feb 05 '18 at 17:52
  • 1
    Another issue: [Little Bobby](http://bobby-tables.com/) says [**your script is at risk for SQL Injection Attacks**](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). You already have a prepared statement, but you are using it wrong. You are still putting the data into the SQL string. For more see [MySQLi Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – rollstuhlfahrer Feb 05 '18 at 17:54
  • Thank you so much for replying me back. Please, can anyone suggest me how to fix this issue. – Sach jot Feb 05 '18 at 17:58
  • You have `` but where is your SQL statement for getting this `$data['NO']` value? and I would recommend doing something like `` and shouldn't the `NO` be lowercased to `no`? since you have in your `UPDATE` sql `WHERE no = '$id'` – JeanPaul98 Feb 05 '18 at 18:40

1 Answers1

0

You can include this input into your form

<input type="hidden" name="rowId" value='.$data['NO']'>