0

I'm trying to update my databse with a button to set the visibility from 0 to 1. There isn't any syntax error but for some reason it doesn't change the database value. My database example: (visibility is tinyint with default 0 value)

 id-   name-   visibility
---------------------------
1   -   John    -    1
---------------------------
2   -   Ben     -    1
---------------------------
3   -   Terry   -    0
---------------------------

and my php code:

<?php
$sql = "SELECT id, name, image, description, address, phone, phone2, email, job, visibility FROM cards";
$resultset = mysqli_query($conn, $sql) or die("database error:". mysqli_error($conn));          
while( $record = mysqli_fetch_assoc($resultset) ) {
?>
<div class="col-md-4" <?php if ($record['visibility'] == 1) echo " style='display: none';"; ?>>I want this to be hidden here</div>

<button type="button" class="btn btn-success" name="update">Accept</button>
<?php

if(isset($_POST['update'])){
$allowed = mysqli_query($conn," UPDATE cards SET visibility = '1' WHERE id = '$id' ");
}
?>
//html stuff here
 <?php }
      ?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
Mower
  • 177
  • 2
  • 10

1 Answers1

-1

You have to wrap your button into a <form> and set its type to submit. Furthermore you need to pass the records id with it. Try this example:

<?php

$sql = "SELECT id, name, image, description, address, phone, phone2, email, job, visibility FROM cards";
$resultset = mysqli_query($conn, $sql) or die("database error:". mysqli_error($conn));          
while( $record = mysqli_fetch_assoc($resultset) ) { ?>

  <div class="col-md-4" <?php if ($record['visibility'] == 1) echo " style='display: none';"; ?>>

    Record name: <?php echo $record['name']; ?>
    <form action="" method="POST">
      <input value="<?php echo $record['id']; ?>" name="id">
      <button type="submit" class="btn btn-success" name="update">Set visibile</button>
    </form>

  </div>

<?php } ?> 

<?php
if(isset($_POST['update'])){
  $id = $_POST['id'];
  $allowed = mysqli_query($conn," UPDATE cards SET visibility = '1' WHERE id = '$id' ");
}
?>

If you get this to work, you should search about prepared statements.

Robin Gillitzer
  • 1,603
  • 1
  • 6
  • 17
  • Thanks for your answer. It's working on his own way but the input field is not a good solution for me. How can I get the id of it automatically? – Mower Feb 19 '20 at 13:24
  • You can set it to `display: none`. Perhaps you can work with `AJAX` then you dont need a form and can work with `data-attributes`. – Robin Gillitzer Feb 19 '20 at 13:26
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 29 '20 at 15:49