0

I have read multiple solutions to this problem, yet none of them seem to work for me. I have two files manageadmin.php and rejectaction.php . The manageadmin.php files provides a button to the user to reject a admin. when a person clicks on reject button admin status must be set to zero.

Here is my initial code

manageadmin.php

<script type="text/javascript">
$(document).ready(function()
    {
       /* reject */
       $(".reject_btn").click(function(){

         var element = $(this);
         var reject_id = element.attr('reject_id');
         $.ajax({
            type: "POST",
            url: "rejectaction.php",
            data: {reject_id:reject_id},
            success: function(){
                alert("Reject Successful");
                location.reload();
            }
         });

       });
    });
</script>

rejectaction.php

    $reject_id=$_POST['reject_id'];
    $reject_query="UPDATE tbl_admin set admin_status=0 where admin_id='$reject_id'";
    mysql_query($reject_query);

This works fine but then I realized that I needed this reject code for multiple pages. So I thought of passing the table name , column to be updated and column to be checked in where condition as parameters. This is the modified code:

<script type="text/javascript">
$(document).ready(function()
    {
       /* reject */
       $(".reject_btn").click(function(){

         var element = $(this);
         var reject_id = element.attr('reject_id');
         var tbl_name = "tbl_admin";
         var column_reject = "admin_status";
         var column_cond = "admin_id";
         $.ajax({
            type: "POST",
            url: "rejectaction.php",
            data: {reject_id:reject_id, tbl_name:tbl_name, 
                column_cond:column_cond,
                column_reject:column_reject},
            success: function(){
                alert("Reject");
                location.reload();
            }
         });

       });
    });
</script>

rejectaction.php

    $reject_id=$_POST['reject_id'];

    $tbl_name = $_POST['tbl_name'];
    $column_cond = $_POST['column_cond'];
    $column_reject = $_POST['column_reject'];

    $reject_query="UPDATE '$tbl_name' set '$column_reject' = 0 where '$column_cond'='$reject_id'";


// $reject_query="UPDATE tbl_admin set admin_status=0 where admin_id='$reject_id'";
    mysql_query($reject_query);

This code is not working (that is the status is not getting updated) . But the alert("Reject Successful") is getting executed. I am a beginner. Could anyone point out the mistake I have made? Thanks

Improve this question
11
  • Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy. Commented Oct 24, 2016 at 15:30
  • Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe! Commented Oct 24, 2016 at 15:30
  • Have you watched the AJAX request / response in the browser's developer tools? Have you included the jQuery library in the project? Are there any errors reported? Are you running this on a web-server? Commented Oct 24, 2016 at 15:30
  • Do yourself a favor, simply place a print_r($_POST) or var_dump($_POST) in the PHP page which receives the form submission. Fill out your form, submit and look closely at the data printed to the screen. Familiarize yourself with how form data is posted to scripts, including what gets passed and what doesn't. Commented Oct 24, 2016 at 15:31
  • Now that they properly advised you to not use mysql_*, you should check the result status of the query. Also check if the query is properly formed. Commented Oct 24, 2016 at 15:31

1 Answer 1

Reset to default
1

Apart from the (good) advices you received in comments [also look under this answer], your main issue here is probaly the fact that you wrapped $table_name, $column_reject, and $column_cond between quotes.

You should write:

$reject_query =
    "UPDATE $tbl_name set $column_reject = 0 where $column_cond='$reject_id'";
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks for pointing out my mistake. That was really a silly mistake to make!!
@JanakyMurthy Glad to help. So might you consider accepting my answer?
Little Bobby says your script is at risk for SQL Injection Attacks. Learn about prepared statements for MySQLi. Even escaping the string is not safe! Don't believe it?
@JayBlanchard Why this comment here? My answer only proposed the correction of the text of a query. More: I however also cited the "(good) advices received" about risk.
@JayBlanchard Oh, ok. To be clear, I'd been a bit surprised due to the formula "your script is at risk", while it's not mine! Now I understand your will, so I edited my answer to enforce the presence of the advice.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.