0

working on a simple approve disapprove system in PHP but can't able to update the account status of the user to 0 to 1. i am getting the value in the address bar but unable to execute the SQL query code:

$id = $_GET['id'];
            $query = 'UPDATE project set acc_status ="1" WHERE id = "$id"';
                mysqli_query($conn, $query);
Dharman
  • 30,962
  • 25
  • 85
  • 135
GM.
  • 9
  • 5

1 Answers1

1

Stop using query without preparing and parameter binding, because it is open to SQL injection.

$id = $_GET['id'];
$query =$conn->prepare('UPDATE project set acc_status =1 WHERE id = ?');
$query->bind_param('i',$id);
$query->execute();

As suggest from Dharman for report error:

How to actually use it?

Just remove any code that checks for the error manually, all those or die(), if ($result) and such. Simply write your database interaction code right away:

$stmt = $this->con->prepare("INSERT INTO table(name, quantity) VALUES (?,?)");
$stmt->bind_param("si", $name, $quantity);
$stmt->execute();

again, without any conditions around. If an error occurs, it will be treated as any other error in your code. For example, on a development PC it will just appear on-screen, while on a live site it will be logged for a programmer, whereas for the user's convenience you could use an error handler (but that's a different story which is off topic for mysqli, but you may read about it in the article linked above).

Reference SO:LINK

Dharman
  • 30,962
  • 25
  • 85
  • 135
Simone Rossaini
  • 8,115
  • 1
  • 13
  • 34