Home/ Questions/Q 9160557
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T13:46:02+00:00

I’ve pretty much never coded in PHP and MySQL before, so you’ll have to

  • 0

I’ve pretty much never coded in PHP and MySQL before, so you’ll have to excuse my god awful code.

I have a 3 columns in my database. ID, Class, and Need.

Tables

Basically, I’m trying to find the easiest way for me to code a page in order to allow users to change the "Need" value of each row from 0 to 1, or 1 to 0.

Currently I have it working where I have 2 buttons that run 2 separate but almost identical scripts whose only purpose is to change a specific row’s "Need" value to 1 or 0 (shown below)

<?php
mysql_connect("localhost", "muffins", "sugarcookies") or die(mysql_error());
mysql_select_db("crackers_cheese") or die(mysql_error());

mysql_query("UPDATE recruitment SET Need=1
WHERE ID='1'");

mysql_close($con);

header("location: /admin.html"); 
?>

The inverse .php file is identical except for "SET Need=0"

So, what can I do instead of having 22 individual .php files whos only purpose is setting each specific row to 0 or 1.

Thanks!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have one of your buttons send an HTTP parameter to indicate whether the field should be 0 or 1. Also, look at using the PDO class instead of mysql_* functions.

    Here’s an example of how it can be done using PDO functions:

    PHP code

    <?php

if(!isset($_POST['need'])) {
    die('Missing need parameter');
} elseif($_POST['need'] !== '0' && $_POST['need'] !== '1') {
    die('Invalid need values');
}

if(!isset($_POST['id']) || !is_numeric($_POST['id'])) {
    die('Missing ID');
}

$db = new \PDO('mysql:dbname=crackers_cheese;host=localhost', 'muffins', 'sugarcookies');
$statement = $db->prepare("UPDATE `recruitment` SET `Need` = :need WHERE `ID`= :id");

$statement->bindValue(':need', $_POST['need'], \PDO::PARAM_INT);
$statement->bindValue(':id', $_POST['id'], \PDO::PARAM_INT);

$statement->execute();

header("location: /admin.html"); 
?>

    Note that since you are using a prepared statement here, the data does not need to be escaped using real_escape_string or anything like that, thus mitigating SQL injection attacks.

    It is good practice to use parameter binding instead of concatenating a query to prevent SQL injection attacks. For more information, see: Are PDO prepared statements sufficient to prevent SQL injection?

    HTML form

    <form method='POST' action='update.php'>
    <label for='id'>ID:</label>
    <input type='number' name='id' id='id'>

    <input type='radio' name='need' value='0' id='needfalse'> <label for='needfalse'>Need = 0</label>
    <input type='radio' name='need' value='1' id='needtrue'> <label for='needtrue'>Need = 1</label>

<button type='submit'>Submit</button>

    This isn’t the best form designed. I’ve used radio buttons here, it would be slightly more complex to do it with actual buttons, but this should be sufficient to get you started.

    • 0