I want to show a list of all entries where the column "approved" is "no" and then place a button next to it that when clicked will change the "approved" to a "yes". I ran this through code checker and fixed a few issues with brackets and such. It now tells me there are no errors so something else is just not working with this. It is probably something small that I am missing (I hope). Can anyone help me find/understand what part of this is incorrect... and/or if there is a better way to achieve what I'm wanting?
<?php
//select the database to write to
$unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
//While loop to cycle through the rows
while($row = mysql_fetch_assoc($unapprovedsires)){
$sirename = $row['sirename'];
echo $sirename;}
?>
<ul class="admin-fields">
<?php
foreach($row as $field){
if(empty($field)){
echo "....";
}
print '<li>' .$field.' </li>';
}//End For Each Loop
//print $sirename;
?>
</ul>
<p>
<?php
if(isset($_POST['approve'])){
mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '.$sirename.'") or die ("Something went wrong");
}
?>
<ul>
<li>
<form method="post">
<input type="hidden" name="sirename" value="$sirename" />
<button name="approve" id="approve" type="submit">Approve Sire</button>
</form>
</li>
</ul>
As I mentioned as a comment, you need to wrap $sirename in PHP tags with an echo statement. You are also not passing $_POST['sirename'] into your script. It otherwise defaults to the original $sirename from your mysql_fetch_assoc().
Warning: the way you have your script set up, you're vulnerable to injection attacks. This is just an example to show you how to pass in variables. See: How can I prevent SQL injection in PHP?
<?php
//select the database to write to
$unapprovedsires = mysql_query("SELECT * FROM nominatedsires WHERE approved = 'no'");
//While loop to cycle through the rows
while($row = mysql_fetch_assoc($unapprovedsires)){
$sirename = $row['sirename'];
echo $sirename;}
?>
<ul class="admin-fields">
<?php
while($row = mysql_fetch_assoc($unapprovedsires)){
if(empty($row['sirename']))
echo "....";
else
print '<li>' .$row['sirename'].' </li>';
}
//print $sirename;
?>
</ul>
<p>
<?php
if(isset($_POST['approve'])){
$sirename = mysql_real_escape_string($_POST['sirename']);
mysql_query("UPDATE nominatedsires SET approved = 'yes' WHERE sirename = '$sirename'") or die ("Something went wrong");
}
?>
<ul>
<li>
<form method="post" method="<?php echo $_SERVER[PHP_SELF]; ?>">
<input type="hidden" name="sirename" value="<?php echo $sirename; ?>" />
<input type="submit" name="approve" id="approve" value="Approve Sire" />
</form>
</li>
</ul>