-1

I can't change the state of a value with a href. I have tried in all ways. Here is my code

 <a href="giallo.php?id=' . $row['id'] . '">Giallo</a>

giallo.php=

<?php
                            
// Create connection
$conn = new mysqli('localhost','root','','agenda');
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
 
$id = $_GET['id']; 

$qry = mysqli_query($db,"select * from note where id='$id'"); // select query

// when click on Update button
if(isset($_POST['update'])) {
    $colore=1;
    
    $edit = mysqli_query($db,"update note set colore='$colore' where id='$id'");
    
    if($edit) {
        mysqli_close($db); // Close connection
        header("location:udienze.php"); // redirects to all records page
        exit;
    } else {
        echo mysqli_error();
    }   
}

if (mysqli_query($conn, $sql)) {
    echo "<script>
    alert('Nota inserita correttamente');
    window.location.href='add-udienze.php';
    </script>";
} else {
    echo "<script>
    alert('Errore');
    window.location.href='add-udienze.php';
    </script>";
}
    
mysqli_close($conn);
?>

What is wrong with my code? There are probably cleaner ways to do it. I have tried all ways that I know.

Dharman
  • 30,962
  • 25
  • 85
  • 135
grhyt
  • 1
  • this code should change color = 1 – grhyt May 08 '21 at 06:56
  • Hyperlinks send a GET not a POST. Submit a form instead of using a link, or send all the parameters in the query string and make PHP look for them via GET. – ADyson May 08 '21 at 07:49
  • 1
    P.s. please urgently read https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php and then use the information you learned there to fix the gaping security holes in your code, thanks. – ADyson May 08 '21 at 07:51
  • 1
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman May 08 '21 at 11:58

1 Answers1

0

I think the problem is that you are calling the giallo.php script with multiple kind of params (POST and GET).

So when you click on the link, the "href" attribute redirects to giallo.php, but nothing happen because it miss the $_POST['update'] action.

Probably the solution fit your case can be edit the href attribute, adding a GET parameter for "update", like:

<a href="giallo.php?update=1&id=' . $row['id'] . '">Giallo</a>

And then edit the giallo.php file and consider the new $_GET["update"] and not the POST one.

Francesco
  • 189
  • 1
  • 1
  • 10