PHP how to generate a unique name for a button create on while loop for each row

Question

I have created a while loop that will call data from the database and each row will come with a button however when I click one button for update it updates for all rows. I did some research however the increment solution seems not to make any difference on my quote.

<form action="registered.php" method="GET">
  <?php
      $sql = "SELECT id, First_name, Last_name, email, Country, paid FROM users";
      $result = $conn->query($sql);
      if ($result->num_rows > 0) {
          while($row = $result->fetch_assoc()) {
              $i = 0;
              $id = $row['id'];
              ?>
              <tr>
                    <td>
                      <a href="basic_table.html#"><?= $row['First_name'];?></a>
                    </td>
                    <td class="hidden-phone"><?= $row['Last_name'];?></td>
                    <td><?= $row['email'];?></td>
                    <td><?= $row['Country'];?></td>
                    <td><span class="label label-info label-mini"><?= $row['paid'];?></span></td>
                    <td>
                      <button class="btn btn-success btn-xs auth" name="$i"><i class="fa fa-check" title="Authorize Access"></i></button>
                      <button class="btn btn-primary btn-xs" name="$id"><i class="fa fa-times" title="Remove Access"></i></button>
                      <button class="btn btn-danger btn-xs" name="$id"><i class="fa fa-trash-o " title="Delete user"></i></button>
                    </td>
                  </tr>
                  <?php 
                  if (isset($_POST['$i'])) {
                    $sql = "UPDATE users SET paid = 'ads' WHERE id = '$id'";
                    $update = $conn->query($sql);
                  }
                  $i++;
          }
      } else {
          echo "0 results";
      }
      $conn->close();
  ?>
  </form>

**Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Mar 21 '20 at 13:25
You've also got a potential issue with the buttons, you've got 3 buttons per user if I understand your code correctly, but they're all named the same in the output HTML. — greenbutterfly, Mar 21 '20 at 13:27
I know font-awesome tell you to use the i tag for their stuff, but don't. It's semantically incorrect HTML and may fool some screen readers. span is a less worse option. — greenbutterfly, Mar 21 '20 at 13:30
That's why I used $i to create different name for each button when while loop is executed but it doesn't — Asiive Zamxaka, Mar 21 '20 at 15:38

score 0 · Answer 1 · answered Mar 21 '20 at 13:44

You can give each button a value. I would also suggest give them different names and better names than $i (was this meant to be PHP variable?).

As a side note:

Your code was vulnerable to SQL injection. My example uses prepared statements with parameter binding.
Don't mix HTML and PHP. I kept the first query separate on purpose. You should perform PHP code before you start outputting HTML.
I moved <form> iside <td>. You can put <form> as a child of <table>. However, getting rid of the form completely and using links could be better in your situation, unless you plan to use POST method.

<?php
$users = $conn->query('SELECT id, First_name, Last_name, email, Country, paid FROM users')->fetch_all(MYSQLI_ASSOC);
?>
<?php foreach ($users as $row): ?>
<tr>
    <td>
        <a href="basic_table.html#"><?= $row['First_name']; ?></a>
    </td>
    <td class="hidden-phone"><?= $row['Last_name']; ?></td>
    <td><?= $row['email']; ?></td>
    <td><?= $row['Country']; ?></td>
    <td><span class="label label-info label-mini"><?= $row['paid']; ?></span></td>
    <td>
        <form action="registered.php" method="GET">
            <button class="btn btn-success btn-xs auth" name="myButton" value="<?= $row['id']; ?>"><span class="fa fa-check"
                    title="Authorize Access"></span></button>
            <button class="btn btn-primary btn-xs" name="removeAccess"><span class="fa fa-times" title="Remove Access"></span></button>
            <button class="btn btn-danger btn-xs" name="deleteUser"><span class="fa fa-trash-o " title="Delete user"></span></button>
        </form>
    </td>
</tr>
<?php endforeach; ?>

Then in your registered.php you can execute UPDATE query based on the value received.

<?php
include 'mysqli.php';

if (isset($_GET['myButtton'])) {
    $stmt = $conn->prepare("UPDATE users SET paid='ads' WHERE id=?");
    $stmt->bind_param('s', $_GET['myButton']);
    $stmt->execute();
}

Hi sorry, I need to use a post method because the button has to update the database for each row — Asiive Zamxaka, Mar 21 '20 at 15:29
No problem, simply change `method="GET"` and the use `$_POST[]` instead of `$_GET[]` — Dharman, Mar 21 '20 at 15:31
I just did however it doesn't update to the database, basically nothing happens. — Asiive Zamxaka, Mar 21 '20 at 18:47
What debugging have you done. Did you enable mysqli error reporting? [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) — Dharman, Mar 21 '20 at 18:53

PHP how to generate a unique name for a button create on while loop for each row

1 Answers1