1

I need to be able to update my sql table from open to close task.

I already wrote code for this but it is not working properly. On the modal it shows 2 'continue' buttons and right now the task table contains two tasks. Can somebody help me?

This is what the modal looks like:

enter image description here

and this is my code:

<?php

if (isset($_POST["closetask"])) {

    $close_task_id = mysqli_real_escape_string($con, $_POST["close_task_id"]);
    $sql = "UPDATE task SET task_status='closed' WHERE id_task='$close_task_id'";
    $result = mysqli_query($con, $sql);
    if ($result) {
        $_SESSION['success'] = "Task closed";
        $_SESSION['text'] = "Task has been closed successfully";
        $_SESSION['icon'] = "success";
    } else {
        $_SESSION['success'] = "Error";
        $_SESSION['text'] = "Unkown error, please try again";
        $_SESSION['icon'] = "error";
    }
}

?>
<?php
$query = "SELECT * FROM task ORDER BY id_task DESC";
$result = mysqli_query($con, $query);
?>
<!-- reject button --> 
<form action="task-view.php" method="post" enctype="multipart/form-data">
<div id="rejectModal" class="modal fade" role="dialog" >
  <div class="modal-dialog modal-lg">
    <!-- Modal content-->
    <div class="modal-content">
      <div class="modal-header">
        <h4 class="modal-title">Close this task?</h4>
        <button type="button" class="close" data-dismiss="modal">&times;</button>
      </div>
      <div class="modal-body">

       <div class="d-flex align-items-center justify-content-center form-group" >
                <p class="align-items-center text-center" for="company">This button means closing the task. Are you sure you want to continue?</p>
            
       </div>
      
     </div>
      <div class="modal-footer">
      <?php
        while ($row = mysqli_fetch_array($result)) {

            if ($row['task_status'] == 'open'){
                $check_task = '
               
                    <input type="text" name="close_task_id" class="form-control" value="' . $row["id_task"] . '" hidden>
                    <button class="btn btn-success" type="submit" name="closetask"  class="btn btn-success">Continue</button>
                    
                    </button>
                    
                     ';
            }
            echo ' 
            <br>
            ' . $check_task . '  
            ';
         }
            ?>
       
      </div>
    </div>
  </div>
</div>
</div> 
</form>
<!-- end of reject button--> 
         <?php
    if (isset($_SESSION['success']) && $_SESSION['success'] != '') {
    ?>
        <script>
            swal({
                title: "<?php echo $_SESSION['success']; ?>",
                text: "<?php echo $_SESSION['text']; ?>",
                icon: "<?php echo $_SESSION['icon']; ?>",
                button: "OK",
            });
        </script>
    <?php
        unset($_SESSION['success']);
    }
    ?>
ADyson
  • 57,178
  • 14
  • 51
  • 63
Eya
  • 21
  • 4
  • _WHERE id_task='$close_task_id'_ Are you sure PHP is treating _$close_task_id_ as variable, and not as literal text here? – GWR May 06 '22 at 09:35
  • @GWR The string is double-quoted so PHP will [interpolate](https://stackoverflow.com/a/43437427/5947043) it. That won't be the issue. – ADyson May 06 '22 at 10:15
  • **Warning:** Your code may be vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. `mysqli_real_escape_string` doesn't stop everything and is obsolete. – ADyson May 06 '22 at 10:16
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 06 '22 at 10:16
  • Why are you looping to create the buttons? You only need one "continue" button. I can see you're trying to create a hidden field with the task ID in it...if you want to pre-populate that you'll need a separate modal for each task. But that's inefficient. Instead, put the ID on the element in your list of tasks which triggers the modal to be created. Then use JS to put the ID into the (one) hidden field at the time the modal is shown. – ADyson May 06 '22 at 10:20
  • FYI `enctype="multipart/form-data"` isn't needed unless you're uploading a file – ADyson May 06 '22 at 10:21

1 Answers1

0

Well, after going through your code snippet, I could see this query

$query = "SELECT * FROM task ORDER BY id_task DESC";
$result = mysqli_query($con, $query);

meaning this fetches all records in the task table, the two continue buttons you see are coming from the while loop

while ($row = mysqli_fetch_array($result)) {
  ....
}

it logically implies you have two records or rows in your database task table and all the records where retrieved from the table.

Apollos Geofrey
  • 56
  • 6
  • hi! what else can i use in replacement for the while loop? – Eya May 06 '22 at 11:52
  • replacing the while loop is not really the problem, you just need to restructure the program. – Apollos Geofrey May 07 '22 at 18:24
  • If you inspect element on your browser, you will clearly confirm there are two hidden inputs with difference values. – Apollos Geofrey May 07 '22 at 18:35
  • Therefore if you want to handle this action for each record, I will suggest you take out that modal and get all rows from the database listed out like some kind of list-table with each list item having it own "continue" button – Apollos Geofrey May 07 '22 at 18:41