PHP/MYSQL Multi HTML Tables with buttons Not Working

Scruffy · April 15, 2020, 1:34am

Hello, I will try to explain this in as much detail as I can. I am probably making a simple mistake but I have gone through the code multiple times and can’t figure it out.

I have 3 HTML Site tables, pending, accepted and denied applications. I have accept, deny, and delete buttons on all the tables for each row. I could probably do with out the accept and deny buttons on the last two HTML Site tables, but in the case an admin making a mistake and clicking the wrong button. I don’t want the admin to have to delete the app and have the user fill out a new one. User experience and all that.

My problem: The last two HTML Site tables, Accept and Denied, the three buttons do not function but in Pending they do. I don’t remember assigning those functions to one table and looked thought the code and didn’t see any place I did it is only looking for id at the displayed row. Enough of my jabbering. Here is what I am working with. I asked for help in another php site and they told me that I need to just rewrite my code, that’s fine I know there are better ways of doing this but it didn’t really answer my question so I came back here to see if I could get some help.

Here is the code, I have done for the deletes and edits to the application status.

//DELETE APPLICATION

if(isset($_POST['delete'])) {

    $to_change = mysqli_real_escape_string($conn, $_POST['to_change']);



    $sql = "DELETE FROM apps WHERE id = $to_change";



    if(mysqli_query($conn, $sql)) {

        $feedback['delete'] = '<div class="green white-text alert-box">Success the user deleted from list.</div>';

        header('Location: admin.php');

    } else {

        $feedback['ui_feedback'] = '<div class="red white-text alert-box">Connection Error</div>';

    }

} else {

    $feedback['ui_feedback'] = '<div class="red white-text alert-box">Connection Error</div>';

}



//UPDATE APPLICATION STATUS TO ACCEPT

if(isset($_POST['accept'])) {

    $to_change = mysqli_real_escape_string($conn, $_POST['to_change']);

    //QUERY DB

    mysqli_query($conn, "UPDATE apps SET app_status='Accepted' WHERE id = $to_change");

    $feedback['accept'] = '<div class="green white-text alert-box">Success, the user was accepted.</div>';

    header('Location: admin.php');

} else {

    $feedback['ui_feedback'] = '<div class="red white-text alert-box">Connection Error</div>';

}



//UPDATE APPLICATION STATUS TO DENIED

if(isset($_POST['denied'])) {

    $to_change = mysqli_real_escape_string($conn, $_POST['to_change']);

    //QUERY DB

    mysqli_query($conn, "UPDATE apps SET app_status='Denied' WHERE id = $to_change");

    $feedback['denied'] = '<div class="green white-text alert-box">Success, the user was denied.</div>';

    header('Location: admin.php');

} else {

    $feedback['ui_feedback'] = '<div class="red white-text alert-box">Connection Error</div>';

}

I know the $feedback doesn’t work I wanted to see it worked and it didn’t I will research that later.

<!-- NEW APPLICATIONS -->
            <div id="new_apps" class="container white container-style">
                <h4 class="blue-text text-darken-3">New Applications</h4>
                <div class="table-responsive">
                <table class="highlight centered row">
                    <thead>
                        <tr class="">
                            <th class="blue-text text-darken-3">ID</th>
                            <th class="blue-text text-darken-3">Name</th>
                            <th class="blue-text text-darken-3">Email</th>
                            <th class="blue-text text-darken-3">Discord</th>
                            <th class="blue-text text-darken-3">Steam Hex ID</th>
                            <th class="blue-text text-darken-3">DOB</th>
                            <th class="blue-text text-darken-3">Department</th>
                            <th class="blue-text text-darken-3">Date Applied</th>
                            <th class="blue-text text-darken-3">Status</th>
                            <th class="blue-text text-darken-3">Actions</th>
                        </tr>
                        <tbody class="">
<?php if($pending): ?>
<?php foreach($pending as $pend): ?>
                                    <tr>
                                        <td><?php echo $pend['id']; ?></td>
                                        <td><?php echo $pend['first_name'] . " " . $pend['last_name']; ?></td>
                                        <td><?php echo $pend['email']; ?></td>
                                        <td><?php echo $pend['discord_name']; ?></td>
                                        <td><?php echo $pend['steam_hex']; ?></td>
                                        <td><?php echo $pend['dob']; ?></td>
                                        <td><?php echo $pend['dept_select']; ?></td>
                                        <td><?php echo $pend['created_at']; ?></td>
                                        <td><?php echo $pend['app_status']; ?></td>
                                        <td>
                                            <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
                                                <input type="hidden" name="to_change"  value="<?php echo $pend['id']; ?>">
                                                <button type="submit" name="accept" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Accept"><i class="material-icons green-text text-darken-3">check_circle</i></button>
                                                <button type="submit" name="denied" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Deny"><i class="material-icons yellow-text text-darken-3">not_interested</i></button>
                                                <button type="submit" name="delete" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Delete"><i class="material-icons red-text text-darken-3">delete</i></button>
                                            </form>
                                        </td>
                                    </tr>
                            </tbody>
<?php endforeach; ?>
<?php else: ?>
                <div class="blue darken-3 white-text table-empty-box">There are no applications</div>
<?php endif; ?>
                        </thead>
                    </table>
            </div>
        </div>
<!-- ACCEPTED APPLICATIONS-->
                <div id="accepted_apps" class="container white container-style">
                    <h4 class="blue-text text-darken-3">Accepted Applications</h4>
                    <div class="table-responsive">
                    <table class="highlight centered row">
                        <thead>
                        <tr class="">
                            <th class="blue-text text-darken-3">ID</th>
                            <th class="blue-text text-darken-3">Name</th>
                            <th class="blue-text text-darken-3">Email</th>
                            <th class="blue-text text-darken-3">Discord</th>
                            <th class="blue-text text-darken-3">Steam Hex ID</th>
                            <th class="blue-text text-darken-3">DOB</th>
                            <th class="blue-text text-darken-3">Department</th>
                            <th class="blue-text text-darken-3">Date Applied</th>
                            <th class="blue-text text-darken-3">Status</th>
                            <th class="blue-text text-darken-3">Actions</th>
                        </tr>
                            <tbody class="">
<?php if($accepted): ?>
<?php foreach($accepted as $accept): ?>
                                    <tr>
                                        <td><?php echo $accept['id']; ?></td>
                                        <td><?php echo $accept['first_name'] ." " . $accept['last_name']; ?></td>
                                        <td><?php echo $accept['email']; ?></td>
                                        <td><?php echo $accept['discord_name']; ?></td>
                                        <td><?php echo $accept['steam_hex']; ?></td>
                                        <td><?php echo $accept['dob']; ?></td>
                                        <td><?php echo $accept['dept_select']; ?></td>
                                        <td><?php echo $accept['created_at']; ?></td>
                                        <td><?php echo $accept['app_status']; ?></td>
                                        <td>
                                            <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
                                                <input type="hidden" name="to_change"  value="<?php echo $accept['id']; ?>">
                                                <a type="submit" name="accept" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Accept"><i class="material-icons green-text text-darken-3">check_circle</i></a>
                                                <a type="submit" name="denied" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Deny"><i class="material-icons yellow-text text-darken-3">not_interested</i></a>
                                                <a type="submit" name="delete" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Delete"><i class="material-icons red-text text-darken-3">delete</i></a>
                                            </form>
                                        </td>
                                    </tr>
<?php endforeach; ?>
<?php else: ?>
                                <div class="blue darken-3 white-text table-empty-box">There are no applications</div>
<?php endif; ?>
                            </tbody>
                        </thead>
                    </table>
                    </div>
                </div>
<!-- deniedED APPLICATIONS -->
            <div id="denieded_apps" class="container white container-style">
                <h4 class="blue-text text-darken-3">Denied Applications</h4>
                <div class="table-responsive">
                <table class="highlight centered row">
                    <thead>
                    <tr class="">
                            <th class="blue-text text-darken-3">ID</th>
                            <th class="blue-text text-darken-3">Name</th>
                            <th class="blue-text text-darken-3">Email</th>
                            <th class="blue-text text-darken-3">Discord</th>
                            <th class="blue-text text-darken-3">Steam Hex ID</th>
                            <th class="blue-text text-darken-3">DOB</th>
                            <th class="blue-text text-darken-3">Department</th>
                            <th class="blue-text text-darken-3">Date Applied</th>
                            <th class="blue-text text-darken-3">Status</th>
                            <th class="blue-text text-darken-3">Actions</th>
                        </tr>
                        <tbody class="">
<?php if($denied): ?>
<?php foreach($denied as $deny): ?>
                                <tr>
                                    <td><?php echo $deny['id']; ?></td>
                                    <td><?php echo $deny['first_name'] ." " . $deny['last_name']; ?></td>
                                    <td><?php echo $deny['email']; ?></td>
                                    <td><?php echo $deny['discord_name']; ?></td>
                                    <td><?php echo $deny['steam_hex']; ?></td>
                                    <td><?php echo $deny['dob']; ?></td>
                                    <td><?php echo $deny['dept_select']; ?></td>
                                    <td><?php echo $deny['created_at']; ?></td>
                                    <td><?php echo $deny['app_status']; ?></td>
                                    <td>
                                        <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
                                            <input type="hidden" name="to_change"  value="<?php echo $deny['id']; ?>">
                                            <a type="submit" name="accept" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Accept"><i class="material-icons green-text text-darken-3">check_circle</i></a>
                                            <a type="submit" name="denied" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Deny"><i class="material-icons yellow-text text-darken-3">not_interested</i></a>
                                            <a type="submit" name="delete" class="tooltipped btn-floating btn-flat btn-small transparent" data-postion="bottom" data-tooltip="Delete"><i class="material-icons red-text text-darken-3">delete</i></a>
                                        </form>
                                    </td>
                                </tr>
<?php endforeach; ?>
<?php else: ?>
                                <div class="blue darken-3 white-text table-empty-box">There are no applications</div>
<?php endif; ?>
                        </tbody>
                    </thead>
                </table>
                </div>
            </div>

Any help would be amazing even if you tell me to look at a line lol

I am getting back into php after only doing it for a few weeks after switching to firebase, just coming back to what works and not having limits.

Thank you for taking the time to read this!

phdr · April 15, 2020, 2:06am

The reason only the first sets of forms work, is because the three icons are submit buttons. In the last two sets of forms, you are producing links/anchors, which do nothing for a form.

Don’t Repeat Yourself (DRY.) The three sections are (should be) the same, except for a heading and which data is being looped over. You should have a single set of code that produces the output, that you loop/call with each different set of input data. This alone would have prevented the mistake, since the output code would have only existed once.

Next, about the php code you posted -

In real life, data is almost never deleted. It is just UPDATEd to have a status value that indicates it is not used. This will allow you to recover data if needed.
The _escape_string() functions are for STRING data only. Using it on the id, an integer number, has no affect in your code/query and someone can inject sql into your sql statements. The best and simplest way of preventing sql injection for all data types is to use prepared queries. You would also want to switch to the much simpler and more consistent PDO extension.
You have inconsistent and confusing (it’s the query that is failing, not the connection) error handling for the database statements that can fail. You also should NOT unconditionally output database error information onto a web page. It’s meaningless for a legitimate visitor and would encourage a hacker to do more of the same if he/she managed to trigger a database error. Instead, use exceptions for database statement errors and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) You will then be able to remove the existing error handling logic, simplifying the code.
Every header() redirect needs an exit statement to stop program execution.

Scruffy · April 15, 2020, 3:13am

Thank you very much. Like I said I am still new php, I haven’t quite figured out how to do the looping thing as most of my learning is self taught or though youtubers. If you know of a place I can get good information on it could you send me a link?

The errors for the connection errors were for me and I was going to delete those before it went into full use.

The deletes are because this is for a gaming community and they didn’t feel the need to store things they wanted to delete, otherwise I would have thrown deleted on their status and made them not visible.

As for the anchor tags… as many times with this project I feel like a complete moron… years ago I was afraid of even touching php but it is so much fun and I wish I would have started it sooner. Again thank you so much for your help.

phdr · April 15, 2020, 4:28am

You want to LOG all errors, including database errors, on a live server, so that if a visitor to your site manages to do something that you didn’t expect, you will know what happened so that you can find and fix the problem. Don’t waste time putting in code that you have to spend more time removing or changing later. If you do what I stated, all you have to do is change the php error related settings when moving the code from development to a live server.

Scruffy · April 15, 2020, 5:59pm

Okay I will clean up my mistakes, again thank you for all your advice. I will try to find information on the things I do not know how to do yet. you are a huge help. Thank you for your patience and time.