<!DOCTYPE html>
<?php
include('func1.php');
$con = mysqli_connect("localhost", "root", "", "myhmsdb");
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
$doctor = $_SESSION['dname'];
// Handle cancel action
if (isset($_GET['cancel'])) {
$id = $_GET['ID'];
$query = "UPDATE appointmenttb SET doctorStatus='0' WHERE ID='$id'";
if (mysqli_query($con, $query)) {
echo "<script>alert('Your appointment has been successfully cancelled');</script>";
}
}
// Handle approve action
if (isset($_GET['approved'])) {
$id = $_GET['ID'];
$query = "UPDATE appointmenttb SET doctorStatus='2' WHERE ID='$id'";
if (mysqli_query($con, $query)) {
echo "<script>alert('The appointment has been successfully approved');</script>";
}
}
?>
<div class="tab-pane fade" id="list-app" role="tabpanel" aria-labelledby="list-home-list">
<table class="table table-hover">
<thead>
<tr>
<th scope="col">First Name</th>
<th scope="col">Last Name</th>
<th scope="col">Gender</th>
<th scope="col">Email</th>
<th scope="col">Contact</th>
<th scope="col">Appointment Date</th>
<th scope="col">Appointment Time</th>
<th scope="col">Current Status</th>
<th scope="col">Action</th>
<th scope="col">Prescribe</th>
</tr>
</thead>
<tbody>
<?php
$con=mysqli_connect("localhost","root","","myhmsdb");
global $con;
$dname = $_SESSION['dname'];
$query = "select pid,ID,fname,lname,gender,email,contact,appdate,apptime,userStatus,doctorStatus,prescribed from appointmenttb where doctor='$dname';";
$result = mysqli_query($con,$query);
while ($row = mysqli_fetch_array($result)){
?>
<tr>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['gender'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['contact'];?></td>
<td><?php echo $row['appdate'];?></td>
<td><?php echo $row['apptime'];?></td>
<td>
<?php if(($row['userStatus']==1) && ($row['doctorStatus']==1))
{
echo "Pending";
}
if(($row['userStatus']==0) && ($row['doctorStatus']==1))
{
echo "Cancelled by You";
}
if(($row['userStatus']==1) && ($row['doctorStatus']==0))
{
echo "Cancelled by MA";
}
if(($row['userStatus']==1) && ($row['doctorStatus']==2))
{
echo "Approved by MA";
}
?></td>
<td>
<?php
if(($row['userStatus']==1) && ($row['doctorStatus']==1)) {
// Condition for both userStatus and doctorStatus being 1 (Pending)
?>
<a href="doctor-panel.php?ID=<?php echo $row['ID']?>&cancel=update"
onClick="return confirm('Are you sure you want to cancel this appointment ?')"
title="Cancel Appointment" tooltip-placement="top" tooltip="Remove">
<button class="btn btn-danger">Cancel</button>
</a>
<?php
} elseif(($row['userStatus']==1) && ($row['doctorStatus']==2)) {
echo "Approved";
// New condition for doctorStatus being 2 (Approved)
?>
<a href="doctor-panel.php?ID=<?php echo $row['ID']?>&approved=update"
onClick="return confirm('Are you sure you want to approve this appointment ?')"
title="approved" tooltip-placement="top" tooltip="Remove">
<button class="btn btn-success">Approve</button>
</a>
<?php
} else {
// Condition for all other cases
echo "Cancelled";
}
?>
</td>
<td>
<?php if(($row['userStatus']==1) && ($row['doctorStatus']==1))
{ ?>
<a href="prescribe.php?pid=<?php echo $row['pid']?>&ID=<?php echo $row['ID']?>&fname=<?php echo $row['fname']?>&lname=<?php echo $row['lname']?>&appdate=<?php echo $row['appdate']?>&apptime=<?php echo $row['apptime']?>"
tooltip-placement="top" tooltip="Remove" title="prescribe">
<button class="btn btn-success">Prescribe</button></a>
<?php } else {
echo "-";
} ?>
</td>
</tr></a>
<?php } ?>
</tbody>
</table>
<br>
</div>
my full code
<!DOCTYPE html>
<?php
include('func1.php');
$con = mysqli_connect("localhost", "root", "", "myhmsdb");
if (!$con) {
die("Connection failed: " . mysqli_connect_error());
}
$doctor = $_SESSION['dname'];
// Handle cancel action
if (isset($_GET['cancel'])) {
$id = $_GET['ID'];
$query = "UPDATE appointmenttb SET doctorStatus='0' WHERE ID='$id'";
if (mysqli_query($con, $query)) {
echo "<script>alert('Your appointment has been successfully cancelled');</script>";
}
}
// Handle approve action
if (isset($_GET['approved'])) {
$id = $_GET['ID'];
$query = "UPDATE appointmenttb SET doctorStatus='2' WHERE ID='$id'";
if (mysqli_query($con, $query)) {
echo "<script>alert('The appointment has been successfully approved');</script>";
}
}
?>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<link rel="stylesheet" type="text/css" href="font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="stylesheet" href="style.css">
<!-- Bootstrap CSS -->
<link rel="stylesheet" href="vendor/fontawesome/css/font-awesome.min.css">
<link rel="shortcut icon" type="image/x-icon" href="images/favicon.png" />
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css" integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M" crossorigin="anonymous">
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
<link href="https://fonts.googleapis.com/css?family=IBM+Plex+Sans&display=swap" rel="stylesheet">
<nav class="navbar navbar-expand-lg navbar-dark bg-primary fixed-top">
<a class="navbar-brand" href="#"><i class="fa fa-user-plus" aria-hidden="true"></i> UNIMEDIMATE </a>
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<style >
.btn-outline-light:hover{
color: #25bef7;
background-color: #f8f9fa;
border-color: #f8f9fa;
}
</style>
<style >
.bg-primary {
background: -webkit-linear-gradient(left, #3931af, #00c6ff);
}
.list-group-item.active {
z-index: 2;
color: #fff;
background-color: #342ac1;
border-color: #007bff;
}
.text-primary {
color: #342ac1!important;
}
</style>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a class="nav-link" href="logout1.php"><i class="fa fa-sign-out" aria-hidden="true"></i>Logout</a>
</li>
<li class="nav-item">
<a class="nav-link" href="#"></a>
</li>
</ul>
<form class="form-inline my-2 my-lg-0" method="post" action="search.php">
<input class="form-control mr-sm-2" type="text" placeholder="Enter contact number" aria-label="Search" name="contact">
<input type="submit" class="btn btn-outline-light" id="inputbtn" name="search_submit" value="Search">
</form>
</div>
</nav>
</head>
<style type="text/css">
button:hover{cursor:pointer;}
#inputbtn:hover{cursor:pointer;}
</style>
<body style="padding-top:50px;">
<div class="container-fluid" style="margin-top:50px;">
<h3 style = "margin-left: 40%; padding-bottom: 20px;font-family:'IBM Plex Sans', sans-serif;"> Welcome  <?php echo $_SESSION['dname'] ?> </h3>
<div class="row">
<div class="col-md-4" style="max-width:18%;margin-top: 3%;">
<div class="list-group" id="list-tab" role="tablist">
<a class="list-group-item list-group-item-action active" href="#list-dash" role="tab" aria-controls="home" data-toggle="list">Dashboard</a>
<a class="list-group-item list-group-item-action" href="#list-app" id="list-app-list" role="tab" data-toggle="list" aria-controls="home">Appointments</a>
<a class="list-group-item list-group-item-action" href="#list-pres" id="list-pres-list" role="tab" data-toggle="list" aria-controls="home"> Medical Records</a>
<a class="list-group-item list-group-item-action" href="#list-sess" id="list-sess-list" role="tab" data-toggle="list" aria-controls="home"> Schedule Session</a>
</div><br>
</div>
<div class="col-md-8" style="margin-top: 3%;">
<div class="tab-content" id="nav-tabContent" style="width: 950px;">
<div class="tab-pane fade show active" id="list-dash" role="tabpanel" aria-labelledby="list-dash-list">
<div class="container-fluid container-fullw bg-white" >
<div class="row">
<div class="col-sm-4" style="left: 10%">
<div class="panel panel-white no-radius text-center">
<div class="panel-body">
<span class="fa-stack fa-2x"> <i class="fa fa-square fa-stack-2x text-primary"></i> <i class="fa fa-list fa-stack-1x fa-inverse"></i> </span>
<h4 class="StepTitle" style="margin-top: 5%;"> View Appointments</h4>
<script>
function clickDiv(id) {
document.querySelector(id).click();
}
</script>
<p class="links cl-effect-1">
<a href="#list-app" onclick="clickDiv('#list-app-list')">
Appointment List
</a>
</p>
</div>
</div>
</div>
<div class="col-sm-4" style="left: 15%">
<div class="panel panel-white no-radius text-center">
<div class="panel-body">
<span class="fa-stack fa-2x"> <i class="fa fa-square fa-stack-2x text-primary"></i> <i class="fa fa-list-ul fa-stack-1x fa-inverse"></i> </span>
<h4 class="StepTitle" style="margin-top: 5%;"> Medical Records</h4>
<p class="links cl-effect-1">
<a href="#list-pres" onclick="clickDiv('#list-pres-list')">
Medical Records List
</a>
</p>
</div>
</div>
</div>
<div class="col-sm-4" style="left: 15%">
<div class="panel panel-white no-radius text-center">
<div class="panel-body">
<span class="fa-stack fa-2x"> <i class="fa fa-square fa-stack-2x text-primary"></i> <i class="fa fa-list-ul fa-stack-1x fa-inverse"></i> </span>
<h4 class="StepTitle" style="margin-top: 5%;"> Schedule Session</h4>
<p class="links cl-effect-1">
<a href="#list-sess" onclick="clickDiv('#list-sess-list')">
Schedule Session
</a>
</p>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="list-app" role="tabpanel" aria-labelledby="list-home-list">
<table class="table table-hover">
<thead>
<tr>
<th scope="col">First Name</th>
<th scope="col">Last Name</th>
<th scope="col">Gender</th>
<th scope="col">Email</th>
<th scope="col">Contact</th>
<th scope="col">Appointment Date</th>
<th scope="col">Appointment Time</th>
<th scope="col">Current Status</th>
<th scope="col">Action</th>
<th scope="col">Prescribe</th>
</tr>
</thead>
<tbody>
<?php
$con=mysqli_connect("localhost","root","","myhmsdb");
global $con;
$dname = $_SESSION['dname'];
$query = "select pid,ID,fname,lname,gender,email,contact,appdate,apptime,userStatus,doctorStatus,prescribed from appointmenttb where doctor='$dname';";
$result = mysqli_query($con,$query);
while ($row = mysqli_fetch_array($result)){
?>
<tr>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['gender'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['contact'];?></td>
<td><?php echo $row['appdate'];?></td>
<td><?php echo $row['apptime'];?></td>
<td>
<?php if(($row['userStatus']==1) && ($row['doctorStatus']==1))
{
echo "Pending";
}
if(($row['userStatus']==0) && ($row['doctorStatus']==1))
{
echo "Cancelled by You";
}
if(($row['userStatus']==1) && ($row['doctorStatus']==0))
{
echo "Cancelled by MA";
}
if(($row['userStatus']==1) && ($row['doctorStatus']==2))
{
echo "Approved by MA";
}
?></td>
<td>
<?php
if(($row['userStatus']==1) && ($row['doctorStatus']==1)) {
// Condition for both userStatus and doctorStatus being 1 (Pending)
?>
<a href="doctor-panel.php?ID=<?php echo $row['ID']?>&cancel=update"
onClick="return confirm('Are you sure you want to cancel this appointment ?')"
title="Cancel Appointment" tooltip-placement="top" tooltip="Remove">
<button class="btn btn-danger">Cancel</button>
</a>
<?php
} elseif(($row['userStatus']==1) && ($row['doctorStatus']==2)) {
echo "Approved";
// New condition for doctorStatus being 2 (Approved)
?>
<a href="doctor-panel.php?ID=<?php echo $row['ID']?>&approved=update"
onClick="return confirm('Are you sure you want to approve this appointment ?')"
title="approved" tooltip-placement="top" tooltip="Remove">
<button class="btn btn-success">Approve</button>
</a>
<?php
} else {
// Condition for all other cases
echo "Cancelled";
}
?>
</td>
<td>
<?php if(($row['userStatus']==1) && ($row['doctorStatus']==1))
{ ?>
<a href="prescribe.php?pid=<?php echo $row['pid']?>&ID=<?php echo $row['ID']?>&fname=<?php echo $row['fname']?>&lname=<?php echo $row['lname']?>&appdate=<?php echo $row['appdate']?>&apptime=<?php echo $row['apptime']?>"
tooltip-placement="top" tooltip="Remove" title="prescribe">
<button class="btn btn-success">Prescribe</button></a>
<?php } else {
echo "-";
} ?>
</td>
</tr></a>
<?php } ?>
</tbody>
</table>
<br>
</div>
<div class="tab-pane fade" id="list-pres" role="tabpanel" aria-labelledby="list-pres-list">
<table class="table table-hover">
<thead>
<tr>
<th scope="col">Student ID</th>
<th scope="col">First Name</th>
<th scope="col">Last Name</th>
<th scope="col">Appointment ID</th>
<th scope="col">Appointment Date</th>
<th scope="col">Appointment Time</th>
<th scope="col">Disease</th>
<th scope="col">Allergy</th>
<th scope="col">Prescribe</th>
</tr>
</thead>
<tbody>
<?php
$con=mysqli_connect("localhost","root","","myhmsdb");
global $con;
$query = "select pid,fname,lname,ID,appdate,apptime,disease,allergy,prescription from prestb where doctor='$doctor';";
$result = mysqli_query($con,$query);
if(!$result){
echo mysqli_error($con);
}
while ($row = mysqli_fetch_array($result)){
?>
<tr>
<td><?php echo $row['pid'];?></td>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['ID'];?></td>
<td><?php echo $row['appdate'];?></td>
<td><?php echo $row['apptime'];?></td>
<td><?php echo $row['disease'];?></td>
<td><?php echo $row['allergy'];?></td>
<td><?php echo $row['prescription'];?></td>
</tr>
<?php }
?>
</tbody>
</table>
</div>
<div class="tab-pane fade" id="list-app" role="tabpanel" aria-labelledby="list-pat-list">
<table class="table table-hover">
<thead>
<tr>
<th scope="col">First Name</th>
<th scope="col">Last Name</th>
<th scope="col">Email</th>
<th scope="col">Contact</th>
<th scope="col">MA Name</th>
<th scope="col">Appointment Date</th>
<th scope="col">Appointment Time</th>
</tr>
</thead>
<tbody>
<?php
$con=mysqli_connect("localhost","root","","myhmsdb");
global $con;
$query = "select * from appointmenttb;";
$result = mysqli_query($con,$query);
while ($row = mysqli_fetch_array($result)){
#$fname = $row['fname'];
#$lname = $row['lname'];
#$email = $row['email'];
#$contact = $row['contact'];
?>
<tr>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['contact'];?></td>
<td><?php echo $row['doctor'];?></td>
<td><?php echo $row['docFees'];?></td>
<td><?php echo $row['appdate'];?></td>
<td><?php echo $row['apptime'];?></td>
</tr>
<?php } ?>
</tbody>
</table>
<br>
</div>
<div class="tab-pane fade" id="list-sess" role="tabpanel" aria-labelledby="list-sess-list">
<div class="form-group">
<form action="doctor-panel.php" method="post">
<div class="form-row">
<label for="date" class="form-label">Date:</label>
<input type="date" id="date" name="date" class="form-control" required>
</div>
<div class="form-row">
<label for="start_time" class="form-label">Start Time:</label>
<input type="time" id="start_time" name="start_time" class="form-control" required>
</div>
<div class="form-row">
<label for="end_time" class="form-label">End Time:</label>
<input type="time" id="end_time" name="end_time" class="form-control" required>
</div>
<div class="form-row">
<input type="submit" name="submit_availability" value="Set Availability" class="btn btn-primary">
</div>
</form>
</div>
</div>
<div class="tab-pane fade" id="list-messages" role="tabpanel" aria-labelledby="list-messages-list">...</div>
<div class="tab-pane fade" id="list-settings" role="tabpanel" aria-labelledby="list-settings-list">
<form class="form-group" method="post" action="admin-panel1.php">
<div class="row">
<div class="col-md-4"><label>MA Name:</label></div>
<div class="col-md-8"><input type="text" class="form-control" name="doctor" required></div><br><br>
<div class="col-md-4"><label>Password:</label></div>
<div class="col-md-8"><input type="password" class="form-control" name="dpassword" required></div><br><br>
<div class="col-md-4"><label>Email ID:</label></div>
<div class="col-md-8"><input type="email" class="form-control" name="demail" required></div><br><br>
</div>
<input type="submit" name="docsub" value="Add Doctor" class="btn btn-primary">
</form>
</div>
<div class="tab-pane fade" id="list-attend" role="tabpanel" aria-labelledby="list-attend-list">...</div>
</div>
</div>
</div>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js" integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.11.0/umd/popper.min.js" integrity="sha384-b/U6ypiBEHpOf/4+1nzFpr53nxSS+GLCkfwBdFNTxtclqqenISfwAzpKaMNFNmj4" crossorigin="anonymous"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/js/bootstrap.min.js" integrity="sha384-h0AbiXch4ZDo7tp9hKZ4TsHbi047NrKGLO3SEJAg45jXxnGIfYzk4Si90RDIqNm1" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/limonte-sweetalert2/6.10.1/sweetalert2.all.min.js"></script>
</body>
</html>
To post formatted code on the forum, either add bbcode [code][/code]
tags or three markdown ``` back-ticks before/after the lines code. I have edited your posts above.
The approved button/link (which should be a post method form), is dependent on data meeting the logic conditions in the code. Since we don’t know what your data is we cannot directly help with the problem. You would need to use print_r($row) to see or show us what the data actually is.
The session dname variable (which should actually be the user id of the logged in user) is an input to your code. If it is required to be set for the page to do anything, you must have code testing if it is set before trying to use it, then performing an apocopate action if it is not set, such as displaying an error message or redirecting elsewhere.
The following are a bunch of programming practices that will help organize and simplify the code, making it easier to write, test, debug, and maintain the code.
The code for any page should be laid out in this general order -
- initialization
- post method form processing
- get method business logic - get/produce the data needed to display the page
- html document
Your post method form processing code should -
- detect if a post method form was submitted.
- keep the form data as a set, in a php array variable, then operate on elements in this array variable throughout the rest of the code.
- trim all the input data at once, mainly so that you can detect if a value was all white-space characters. after you do item #2 on this list, you can do this using one single line of code.
- validate all inputs separately, storing user/validation errors in an array using the field name as the main array index.
- after the end of the validation logic, if the array holding the user/validation errors is empty, use the submitted data.
- after the end of using the submitted data, if there are no errors, you would redirect to the exact same URL of the current page to cause a get request for that page. this will prevent the browser from trying to resubmit the form data should that page get reloaded or browsed away from and back to.
- to display a one-time success message, store it in a session variable, then test, display, and clear that session variable at the appropriate location in the html document.
- if there are user/validation errors, the code will continue on the page to display the html document, display any errors, redisplay the form, populating the form fields with any existing data so that the user doesn’t need to keep reentering values over and over, just correct what is wrong with the data, and resubmit the form.
- any dynamic value you output in a html context should have htmlentities() applied to it to help prevent cross site scripting.
Some additional points for the posted code -
- You should use a post method form when performing an action on the server, such as inserting, updating, or deleting data.
- You should use a get method form/link when determining what will be displayed on a page, e.g. the search form.
- If there is more than one post method form on a page, you should use a hidden field, named ‘action’ or similar with a unique value in it to identify each form, then use this value to control (switch/case statement) which form processing code to execute.
- By putting all the database specific code, that knows how to query for and fetch data into item #3 in the organizational layout, it will allow you to examine what all the data is, so that you can troubleshoot data problems.
- You should make a single database connection, in the initialization section.
- You should not use the root user for applications. Create a database user, with a password, with only the permissions needed by your application.
- You should use exceptions for database statement errors (this is the default setting now in php8+) and only catch and handle database exceptions for user recoverable errors, such as when inserting/updating duplicate or out of range user submitted values. For all other query errors and all other query types, do nothing in your code and let php catch and handle any database exception. With exceptions, since execution transfers elsewhere upon an error, you don’t need conditional logic testing the result of database statements, simplifying the code. If execution continues after a statement that can throw an exception, you know there was no error at that point.
- You should use a prepared query when suppling external, unknown, dynamic values to a query when it gets executed. If it seems like using the mysqli extension is overly complicated and inconsistent, especially when dealing with prepared queries, it is. This would be a good time to switch to the much simpler and more modern PDO extension.
- Use ‘require’ for things your code must have. include/require are not functions. the () around the filename should be removed.
- Don’t copy variables to other variables for nothing. just use the original variables that data is in.
- The login code should store the user id (auto-increment primary index) in a session variable to indicate who the logged in user is. you should query on each page request to get any other user data, permissions, … so that any changes made to this other data takes effect on the very next page request.
- If a page requires a logged in user to be able to see and perform actions on that page, you must test if the current user is logged in and only output the content and allow the actions the user can perform on that page.
- The global keyword only has meaning inside a function, and even then is should be avoided.
- the repetitive sections of markup should be dynamically produced by defining a list (array) of the items, then loop over the defining array to produce the output.
- if a select query doesn’t match any data, you should output a message stating so, instead of outputting nothing, e.g. the appointment data for the currently logged in doctor.
- every SELECT query that can match more than one row should have an ORDER BY … term so that the data is in a desired order.