Fatal编程技术网
  • php/
  • Php 添加响应按钮或锚点以更新数据库表中的索引

Php 添加响应按钮或锚点以更新数据库表中的索引

php

Php 添加响应按钮或锚点以更新数据库表中的索引,php,Php,我正在尝试添加一个按钮或锚来更新“状态”列中的“已批准”或“已拒绝” $query = "SELECT * FROM `section`"; $result = mysqli_query($conn, $query); echo "<table border='1'>"; echo "<tr><th>" . "Request #" . "</th> <th>" . "Student Name" . "</th> <

我正在尝试添加一个按钮或锚来更新“状态”列中的“已批准”或“已拒绝”

$query = "SELECT * FROM `section`";
$result = mysqli_query($conn, $query);

echo "<table border='1'>"; 
echo "<tr><th>" . "Request #" . "</th> <th>" . "Student Name" . "</th> <th>" . "Student #" . "</th> <th>" . "Course Name " . "</th> <th>" . "Course #" . "</th> </tr>";
while($row = mysqli_fetch_array($result)){
    echo "<tr><td>" . $row['request'] . "</td> <td>" . $row['studentName'] . "</td> <td>" . $row['studentNumber'] . "</td><td>" . $row['courseName'] . "</td><td>" . $row['courseNumber'] . "</td><td>" . "<a href='???'></a>" . "</td></tr>";
我希望管理员批准或拒绝,我知道我可能需要一个额外的栏一个用于批准,一个用于拒绝 这可以通过下拉列表来完成吗

Home.php

while($row = mysqli_fetch_array($result)) {
    if ($row['studentName'] == $_POST['']) {
        echo "<tr><td>" . $row['request'] . "</td> <td>" . $row['studentName'] 
            ."</td> <td>" . $row['studentNumber'] . "</td><td>" . $row['courseName'] 
            ."</td><td>" . $row['courseNumber'] . "</td> <td>" . $row['status'] 
            ."</td><td>" . "<a href='app.php?id=".$row['request']."'>Approve</a>" . "</td><td>" . "<a href='dec.php?id=".$row['request']."'>Decline</a>" . "</td></tr>";
    }
}

echo "</table>";

mysqli_close($conn);
警告:使用mysqli时,应使用参数化查询和bind_param向查询中添加任何数据。不要使用字符串插值或连接来完成此操作,因为您已经创建了一个严重的SQL注入错误。永远不要将$\u POST、$\u GET或任何类型的数据直接放入查询中,如果有人试图利用您的错误,这可能是非常有害的。 
    include('approve.php');
    $dbhost = "localhost";
    $dbuser = "root";
    $dbpass = "";
    $db = "university";
    $conn = new mysqli($dbhost, $dbuser, $dbpass,$db);
    $id = $_GET['id'];
    // echo "<br>";
    // echo ($id);

    if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }

    // sql to delete a record
    $sql = "UPDATE `section` SET `status`='Approved' WHERE `request` = $id"; 

    if (mysqli_query($conn, $sql)) {
        mysqli_close($conn);
        header('Location: home.php'); 
        exit;
    } else {
        echo "Error Updating record";
    }
?>

    include('approve.php');
    $dbhost = "localhost";
    $dbuser = "root";
    $dbpass = "";
    $db = "university";
    $conn = new mysqli($dbhost, $dbuser, $dbpass,$db);

    $id = $_GET['id'];
    if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }

    // sql to delete a record
    $sql = "UPDATE `section` SET `status`='Declined' WHERE `request` = $id"; 

    if (mysqli_query($conn, $sql)) {
        mysqli_close($conn);
        header('Location: approve.php'); 
        exit;
    } else {
        echo "Error Updating record";
    }
?>