CODEWITHSUNDEEP
phpmysql
Sebastiaan Schillebeeckx
Sebastiaan Schillebeeckx

Reputation: 29

update data in Mysql with a select form

I'm building a bug tracker tool.

You can add bugs to a project, and these bugs have a status (unsolved or solved).

With this select form you can change the status on the project page, all the bugs are shown in a table:

                <form action="classes/bugStatus.class.php" method="post">
                  <select name="status" id="status" onchange='this.form.submit()'>
                       <option>-Select-</option>
                       <option value="Solved">Solved</option>
                       <option value="Unsolved">Unsolved</option>
                   </select>
                <input type='hidden' name='ID' value="<?php echo $id;?>"> 
                <noscript><input type="submit" value="Submit"></noscript> 
                </form>

With this class the status will be changed:

 $status = $_POST['status'];
 $id     = $_POST['ID'];

$sql="UPDATE bugs SET status = '$status'";  

 $result = mysql_query($sql); 
 $result = mysql_real_escape_string($sql); 

 if($result){
      header('Location: ../projectpage.php?id='.$id); 
      } else { 
      echo "There is something wrong. Try again later."; } 
      mysql_close();

The problem is, when I select something, it changes every status of every bug in that project, I don't want that. I only want to change the status of the selected bug. In the MySQL db, the bugs each have a unique ID, so I think I have to select that bug ID as well. I don't know how to retrieve that bug id from the database.

The form isnt sql injection proof and it isn't mysqli, I will change this later on.

Can anyone help me?

Upvotes: 0

Views: 831

Answers (1)

castis
castis

Reputation: 8223

$sql="UPDATE bugs SET status = '$status'";

you need to update this line with WHERE id = $id

You're currently not specifying which bug you want to update, so you update all of them.

As an added note, the community at large is going to come after you for using the old mysql extension. Take a look at mysqli or PDO, it'll be worth your while in the long run, I promise.

oops, you've already mentioned that, nevermind.

Upvotes: 1

Related Questions