-2

I know that MySQL is depreciated but I am working on a very old code. Once its fixed I will Switch it to mysqli.

I have numbers of user, when I click on edit button for that particular user it will take me to another page where it will show me the courses/topics user is assigned. If they have completed that topic it will show complete and if not there will be date field and button to update it to complete. When I like on the button to button it for one topic it will update it to complete to all the other topic for that user.

I tried to change the value of button to learnID to CoureID but it doesn't work. Remove if from the loop but still no luck

while ($row = mysql_fetch_array($result) ) {
    $firstName = $row["a01FirstName"];
    $lastName = $row["a01LastName"];
    
    if (isset($_POST['scomp']) && intval($_POST['scomp'])) {
        
stmt
    }
}
Toral Harish
  • 11
  • 2
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Oct 27 '22 at 19:46
  • @Dharman Read the first sentence of the question. – Barmar Oct 27 '22 at 19:48
  • "When I like on the button to button it for one topic" huh? I guess "like" is a typo for "click" but I don't understand the rest. – Barmar Oct 27 '22 at 19:48
  • @Barmar I know and I hesitated posting the comment, but even for the old mysql_* API this code is bad. I think a warning is still in order. – Dharman Oct 27 '22 at 19:48
  • @Dharman i am working on that part. as it a very old project not written by be is taking a while to go through every page and understand the concept so doing 1 thing at a time. – Toral Harish Oct 27 '22 at 19:53
  • @Barmar when I click on the "Set Completion" button. it should update the query. I jus want to update it for one row but instead of that this code updates all the rows. – Toral Harish Oct 27 '22 at 19:55

1 Answers1

-1

You shouldn't be doing the UPDATE in the same loop that's displaying the form. You're not updating the course associated with $_POST['scomp']; each iteration of the loop is updating the current row of the loop.

Take that update code out of the loop and just do it once.

IF (!empty($_POST['scomp'])) {
    $CourseId = intval($_POST['scomp']);
    $pt_date = mysql_real_escape_string($_POST["pt_date"]);
    $progress = 47;
    $str1Update = "UPDATE tbl04usercourses SET a04WhmisProgress=$progress,a04note='completed manually',a04Completion=1,a04CompletionDate='$pt_date' WHERE a04CourseId=$CourseId AND a04UserId=$learnerID AND a04Status=1";
    $resultUpdate1 = mysql_query($str1Update,$db) or die('Error:'.mysql_error());
}
Barmar
  • 741,623
  • 53
  • 500
  • 612
  • Thank you so much. i did try putting the if stmt out side the loop but my mistake was not use !. I fill so stupid right now that i forgot that. – Toral Harish Oct 27 '22 at 20:08
  • @ToralHarish Many beginners get confused about the order of operations when mixing client-side and server-side code. – Barmar Oct 28 '22 at 15:25