1

I am completely unable to get this to work.

I am following a course on Udemy.com, "The Complete PHP MYSQL Professional Course with 5 Projects". On video #115 "Approve Comments", I have the exact same code as he does.

His code sets the un-approved comment to approved and then adds the comment to the comment section. My code shows a message saying that it was successful, but in reality, nothing happened and the comment is still un-approved.

Here is my code:

<?php require_once("Includes/Functions.php"); ?>
<?php require_once("Includes/Sessions.php"); ?>
<?php

if(isset($_GET["id"])) {
  $SearchQueryParameter = $_GET["id"];
  global $ConnectingDB;
  $Admin = $_SESSION["AdminName"];
  $sql = "UPDATE comments SET status='ON', approvedby='$Admin' WHERE id='$SearchQueryParameter'";
  $Execute = $ConnectingDB->query($sql);
  if ($Execute) {
    $_SESSION["SuccessMessage"]="Comment Approved Successfully! The comment is now visible to anyone.";
    Redirect_to("Comments.php");
  } else {
    $_SESSION["ErrorMessage"]="Something went wrong. Try Again.";
    Redirect_to("Comments.php");
  }
}

?>

<?php // FIXME: ERROR WITH CHANGING COMMENTS TO APPROVED! ?>
Shadow
  • 33,525
  • 10
  • 51
  • 64
QienCodes
  • 11
  • 1
  • Right after this line `$sql = "UPDATE com...` place this `die($sql);` to see if your query is what you think it is – Kinglish Jun 26 '21 at 00:15
  • 2
    The first explanation that comes to my mind is that $SearchQueryParameter contains a non-existent id. The update is syntactically correct, but does not fond a matching record. Also, your code is vulnerable to sql injection attacks. – Shadow Jun 26 '21 at 00:35
  • 1
    This code is anything but professional, I would find a different resource for learning if I were you. See [How can I prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) for the first mistake in this code. – miken32 Jun 26 '21 at 03:33

1 Answers1

1

It may be that the $_GET["id"] variable is empty or otherwise not matching a column in your SQL's where clause. Instead of checking whether $_GET["id"] is set, you may want to try validating it or at least checking it's not empty before executing the query. E.g.

if (!empty($_GET["id"])) {
    your routine...
}
P. Tisa
  • 146
  • 4