How do I approve pending records? - php

I am working on a video-hosting website in which user-uploaded videos (called "answers" as they will be made in response to requests for help in hobby-making) are put into a pending list for a web administrator to examine and decide whether to approve for public viewing or not.
All video records have a boolean piece of data called "approved" that is set to either true ('1') or false ('0').
What I'm having trouble with is the actual approval process. No matter what I do, I can never get to set on the video's "approved" status.
Here is the code I have written...
answer.php (Main video page)
<a class="btn btn-success btn-lg btn-block" href="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-check fa-2x"></i>Approve</a>
approve.php
if(!isset($_GET['id'])) {
redirect_to(url_for('/pending.php'));
}
$id = $_GET['id'];
if(is_post_request()) {
$answer = [];
$answer['id'] = $id;
$answer['approved'] = $_POST['approved'];
$result = approve_answer($id);
$_SESSION['message'] = '<div class="text-success">The answer was successfully approved and ready for public viewing.</div>';
redirect_to(url_for('/pending.php'));
} else {
$answer = find_answer_by_id($id);
$user = find_user_by_id($answer['user_id']);
}
?>
<?php $page_title = 'Confirm Approval'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div class="container my-2">
<div class="my-2">
<a class="back-link my-2" href="<?php echo url_for('/answer.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-arrow-circle-left fa-2x"></i> Back to Answer</a>
</div>
<div class="answer approve">
<h1>Confirm Approval</h1>
<p>Are you sure you want to approve this answer?</p>
<p class="item"><strong><?php echo h($answer['title']); ?></strong> by <emphasis><?php echo h($user['username']); ?></emphasis></p>
<p><italics><?php echo h($answer['content']); ?></italics>
<form action="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>" method="post">
<div id="operations">
<input type="hidden" name="approved" value="1" />
<input class="btn btn-success btn-lg btn-block" type="submit" name="approved" id="approved" value="Confirm" />
</div>
</form>
</div>
</div><!-- container -->
function approve_answer (query_functions.php)
function approve_answer($answer) {
global $db;
$errors = validate_answer($answer);
if(!empty($errors)) {
return $errors;
}
$sql = "UPDATE answers SET ";
$sql .= "approved='" . db_escape($db, '1') . "', ";
$sql .= "WHERE id='" . db_escape($db, $answer['id']) . "' ";
$sql .= "LIMIT 1";
$result = mysqli_query($db, $sql);
// For UPDATE statements, $result is true/false
if($result) {
return true;
} else {
// UPDATE failed
echo mysqli_error($db);
db_disconnect($db);
exit;
}
}
So where have I gone wrong?


Replace below code to query.
$sql = "UPDATE answers SET ";
$sql .= "approved='" . db_escape('1') . "', ";
$sql .= "WHERE id='" . db_escape($answer['id']) . "' ";
$sql .= "LIMIT 1";


if(!isset($_GET['id'])) {
redirect_to(url_for('/pending.php'));
}
if(is_post_request()) {
$result = approve_answer($_POST['id']);
$_SESSION['message'] = '<div class="text-success">The answer was successfully approved and ready for public viewing.</div>';
redirect_to(url_for('/pending.php'));
} else {
$answer = find_answer_by_id($_GET['id']);
$user = find_user_by_id($answer['user_id']);
}
?>
<?php $page_title = 'Confirm Approval'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div class="container my-2">
<div class="my-2">
<a class="back-link my-2" href="<?php echo url_for('/answer.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-arrow-circle-left fa-2x"></i> Back to Answer</a>
</div>
<div class="answer approve">
<h1>Confirm Approval</h1>
<p>Are you sure you want to approve this answer?</p>
<p class="item"><strong><?php echo h($answer['title']); ?></strong> by <emphasis><?php echo h($user['username']); ?></emphasis></p>
<p><italics><?php echo h($answer['content']); ?></italics>
<form action="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>" method="post">
<div id="operations">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input class="btn btn-success btn-lg btn-block" type="submit" name="approved" id="approved" value="Confirm" />
</div>
</form>
</div>
</div><!-- container -->
Query
$sql = "UPDATE answers SET ";
$sql .= "approved=1";
$sql .= "WHERE id='" . db_escape($db, $answer) . "' ";
You can try this code. I am still not sure where you are setting the value for $answer['user_id'] ? But this should solve your issue.

Related

How to submit just one button from a set of buttons that are displayed using a php while-loop

I am coding a website for an online university portal where I have a programs/courses page in which I am displaying the programs/courses on the page using data from the database in a PHP while-loop I have the enroll buttons also being displayed in that same while loop. but I'm having a bit of difficulty submitting the enroll buttons as when I click one of them all of them get submitted.
can anyone please let me know what I'm doing wrong here or if I have to use any javascript in this case!
<?php
session_start();
$con = mysqli_connect('localhost', 'root', '');
mysqli_select_db($con, 'htdatabase');
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$id = $_SESSION['userID'];
$sql = "SELECT * FROM programs";
$result = $con->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$i = '';
$progID = $row["progID"];
$name = $row["progName"];
$halfTime = $row["halfTDuration"];
$fullTime = $row["fullTDuration"];
$fee = $row["fee"];
$descrip = $row["description"];
$stringname = strval($name);
$spaceRemoved = str_replace(' ', '', $stringname);
?>
<div class="card-header" id="headingOne">
<h5 class="mb-0">
<?php echo "<button class='btn btn-link' type='button' data-toggle='collapse' data-target='#$spaceRemoved' aria-expanded='false' aria-controls='$spaceRemoved'> $name </button>"; ?>
</h5>
</div>
<?php echo "<div id='$spaceRemoved' class='collapse' aria-labelledby='headingOne' data-parent='#accordionExample'>"; ?>
<div>
<div class="ccard-body col-md-9">
<h6><?php echo $descrip; ?></h6>
<hr>
<h5>Duration:</h5>
<h6>Full time: <?php echo $fullTime; ?></h6>
<h6>Half time: <?php echo $halfTime; echo $i; ?></h6>
<hr>
<h5 style="display: inline-block;">Estimated fees: $</h5><h5 style="display: inline-block;"><?php echo $fee ?></h5>
</div>
<form action="programs.php" method="post">
<div id="enroll" class="col-md-3">
<?php
$sql1 = "SELECT * FROM userprograms WHERE userID = '$id' AND progID = '$progID'";
$result1 = $con->query($sql1);
if ($result1->num_rows > 0) {
echo '<div id="enrolled" name="enrolled">ENROLLED</div>';
} else {
if (isset($_POST["enroll"])) {
$enrollqry = "insert into userprograms (userID, progID) values ('$id' , '$progID')";
mysqli_query($con, $enrollqry);
}
echo "<button name='enroll'type='submit'>ENROLL</button>";
}
?>
</div>
</form>
</div>
</div>
<?php
}
} ?>

You can specify a value for the button. like
<button name='enroll' value="<?php echo $program_id?>" type='submit'>ENROLL</button>
Then when checking for $_POST['enroll'] check the value and also validate it before entry to db.

After clicking the submit button a browser will send a POST request to programs.php with a form data, that includes values of input & button tags.
<input type="submit" name="course1" value="42">Subscribe</input>
<input type="text" name="first_name" placeholder="Your name"/>
Will send
course1=42
first_name=...
So you should either give a unique name to each submit button to be able to distinguish them on the server-side, or set up distinct values, as #mohamed-jailam mentioned above.

How to display a post and its comments?

I want to view all posts, all comments for each post at once. While I have no problems with displaying posts, displaying comments is already a problem. One post can have multiple comments, so I have no idea how to create a query to display this. I tried to use LEFT JOIN but it didn't help. I include a table schema below the code to make my problem easier to understand.
<?php foreach ($tweet->userData as $user)
{ ?>
<div class='col-xl-8' id='posty'>
<div class='row' id='time'>
<div class='btn-block d-flex justify-content-between'>
<div class='imie'>
<?php echo $user['autor'] ?>
</div>
<div class='czas'>
<?php echo $user['date_to_add'] ?>
</div>
</div>
</div>
<?php echo $user['comment'] ?>
<form action='' method='post' id="myForm">
<div class='row'>
<div class='col-12 col-xl-12 d-flex justify-content-between' id='icon'>
<button class='button2' name='dodaj_like' style="background-color: <?php if($user['like_color']==1){echo '#00FA9A';}else{echo 'black';} ?>" ><i class='fas fa-heart' ></i><input type='hidden' name='like' value="<?php echo $user['id']?>" /><span id="font"><?php echo $user['likes']?></span></button>
<button class='button2' name='dodaj_dislike' style="background-color: <?php if($user['dislike_color']==1){echo '#00FA9A';}else{echo 'black';} ?>"><i class='fas fa-heart-broken'></i><input type='hidden' name='dislike' value="<?php echo $user['id']?>"/><span id="font"><?php echo $user['dislikes']?></span></button>
<button class='button2' name='dodaj_comment' id="com" ><i class='far fa-comment-dots'></i><input type='hidden' name='comment' value="<?php echo $user['id']?>"/><span id="font">Comment</span></button>
<button class='button2' name='dodaj_share' style="background-color: <?php if($user['share_color']==1){echo '#00FA9A';}else{echo 'black';} ?>" ><i class='far fa-share-square' ></i><input type='hidden' name='share' value="<?php echo $user['id']?>"/><span id="font"><?php echo $user['shares'] ?></span></button>
</div>
</div>
</form>
<div class="row d-flex">
<div class="col-xl-12 bg-success ">
<form method="post">
<textarea id="form103" class="md-textarea form-control" rows="5" placeholder="Co słychać?" name="komentarz"></textarea>
<div>
<?php echo $aabbcc ?? '' ?>
</div>
<div class="button">
<button class="btn btn-danger mt-2" name='dodaj_comment'><input type='hidden' name='com' value="<?php echo $user['id']?>"/>Publikuj</button>
</div>
</form>
</div>
</div>
</div>
<?php } ?>
$id = $_GET['id'];
$session = $_SESSION['id'];
$sql = $this->database->connect()->prepare("SELECT post.id, CONCAT(first_name,' ', last_name) AS author, post.comment, post.date_to_add, post_comment.comment, post_comment.date_to_add FROM user JOIN post ON user.id = post.user_id LEFT JOIN post_comment ON post.user_id=post_comment.post_id where post.user_id = :user_id order by post.id DESC");
$sql->bindParam(':user_id',$id, PDO::PARAM_INT);
$sql->bindParam(':id',$session, PDO::PARAM_INT);
$sql->execute();
if($sql->rowCount())
{
$this->userData = [];
while ($row = $sql->fetch())
{
$this->userData[] = $row;
}
}
}

You can get the Comment form database for specific Post using post_id by selecting Comment Table:
$query="select * form post_comment where post_id=". $post_id;
here is the PHP Implementation :
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql_post = "SELECT * FROM post";
$result = $conn->query($sql_post );
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<br> post id: ". $row["id"]. " - <br> Post: ". $row["post"]<br>";
$comment_query=$conn->query("select * form post_comment where post_id=". $row["id"]);
if ($comment_query->num_rows > 0) {
// output data of each row
while($comment= $result->fetch_assoc()) {
echo " <p>Comment ".comment['comment']." </p>";
}
}
}
} else {
echo "0 results";
}
$conn->close();

Trying to show the updated msql row after successfully updating a form using php

I would like to have a confirmation page where it can show what are the results of an updated form using php.
I have the edit.php form, and I also created an updated.php page, where I want to show the results of the edited rows.
edit.php
<?php
//get ID sent by GET collection
$parentID = $_GET['id'];
ob_start();
include('connection.php');
include('functions.php');
//query the database with client ID
$query = "SELECT * FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
//if result is returned
if( mysqli_num_rows($result) > 0 ) {
//we have data
//set some variables
while( $row = mysqli_fetch_assoc($result) ) {
$parentName = $row['p_name'];
$parentEmail = $row['email'];
$studentName = $row['s_name'];
$parentPhone = $row['phone'];
$notes = $row['notes'];
$parentDeposit = $row['deposit'];
$packageNotColl = $row['Package-NotCollected'];
$depositNotColl = $row['deposit-not-collected'];
}
} else {
$alertMessage = "<div class='alert alert-warning'>Nothing to see here.<a href='list.php'>Head back</a></div>";
}
// id update button was submitted
if( isset( $_POST['update'] ) ) {
//set variables
$parentName = validateFormData( $_POST['parentName'] );
$parentEmail = validateFormData( $_POST['parentEmail'] );
$studentName = validateFormData( $_POST['studentName'] );
$parentPhone = validateFormData( $_POST['parentPhone'] );
$notes = validateFormData( $_POST['notes'] );
$parentDeposit = validateFormData( $_POST['parentDeposit'] );
//create new database query result
$query = "UPDATE users
SET p_name = '$parentName',
email = '$parentEmail',
s_name = '$studentName',
phone = '$parentPhone',
notes = '$notes',
deposit = '$parentDeposit'
WHERE id ='$parentID'";
$result = mysqli_query( $conn, $query );
if( $result ) {
//redirect to client page with query string
header("Location: updated.php?alert=updatesuccess");
return $result;
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
if( isset( $_POST['delete'] ) ) {
$alertMessage = "<div class='alert alert-danger'>
<p>Are you sure you want to delete this profile? This action cannot be undone!</p><br>
<form action='". htmlspecialchars( $_SERVER['PHP_SELF'] ) ."?id=$parentID' method='post'>
<input type='submit' class='btn btn-danger btn-sm' name='confirm-delete' value='Yes, delete!'>
<a type='button' class='btn btn-default btn-sm' data-dismiss='alert'>Maybe not this time.</a>
</form>
</div>";
}
if( isset( $_POST['confirm-delete'] ) ) {
$query = "DELETE FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
if($result) {
header("Location: list.php?alert=deleted");
} else {
echo "Error deleting client: " . mysqli_error($conn);
}
}
mysqli_close($conn);
include('header.php');
?>
<h1>Edit Profile</h1>
<?php echo $alertMessage; ?>
<form action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>?id=<?php echo $parentID; ?>" method="post" class="row">
<div class="form-group col-sm-6">
<label for="parent-name">Parent Name</label>
<input type="text" class="form-control input-lg" id="client-name" name="parentName" value="<?php echo $parentName; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-email">Email</label>
<input type="text" class="form-control input-lg" id="client-email" name="parentEmail" value="<?php echo $parentEmail; ?>">
</div>
<div class="form-group col-sm-6">
<label for="student-name">Student Name</label>
<input type="text" class="form-control input-lg" id="student-name" name="studentName" value="<?php echo $studentName; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-phone">Phone #</label>
<input type="text" class="form-control input-lg" id="parent-phone" name="parentPhone" value="<?php echo $parentPhone; ?>">
</div><div class="form-group col-sm-6">
<label for="student-name">Notes</label>
<input type="textarea" class="form-control input-lg" id="notes" name="notes" value="<?php echo $notes; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-deposit">Deposit</label>
<input type="text" class="form-control input-lg" id="parent-deposit" name="parentDeposit" value="<?php echo $parentDeposit; ?>">
</div>
<hr>
<div class="col-sm-12">
<hr>
<button type="submit" class="btn btn-lg btn-danger pull-left" name="delete">Delete</button>
<div class="pull-right">
Cancel
<button type="submit" class="btn btn-lg btn-success" name="update">Update</button>
<!-- Print -->
</div>
</div>
</form>
<hr>
<div>
<?php if($packageNotColl > 0) { ?>
<div class='col-sm-3 alert alert-danger'>Package not collected 2018: $<?php echo $packageNotColl; ?></div>
<?php } ?>
</div>
<?php
include('footer.php');
?>
updated.php
<?php
//get ID sent by GET collection
$parentID = $_GET['id'];
ob_start();
include('connection.php');
include('functions.php');
//query the database with client ID
$query = "SELECT * FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
mysqli_close($conn);
include('header.php');
?>
<table class="table table-striped table-bordered">
<tr>
<th>ID</th>
<th>Parent Name</th>
<th>Email</th>
<th>Student Name</th>
<th>Phone #</th>
<th>Notes</th>
<th>Deposit</th>
<th>Edit</th>
</tr>
<?php
if(isset($_GET['id'])) {
if(mysqli_num_rows($result) > 0) {
//we have data
//output the data
while( $row = mysqli_fetch_assoc($result) ) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td><td>" . $row['p_name'] . "</td><td>" . $row['email'] . "</td><td>" . $row['s_name'] . "</td><td>" . $row['phone'] . "</td><td>" . $row['notes'] . "</td><td>" . $row['deposit'] . "</td>";
echo '<td><span class="glyphicon glyphicon-edit"></span></td>';
echo '</tr>';
}
} else { //if no entries
echo "<div class='alert alert-warning'>You have no clients!</div>";
}
}
?>
<?php
include('footer.php');
?>
The updated.php page shows the table, but does not include any sql query results.

header('Location: ...) returns the uri/url you provide to the browser, which then calls this page. any information your script had, when you called that redirection, is gone, since it's a different request.
Hence, you should add the id to the url you provide. Like
header('Location: /updated.php?id='.$parentID.'&alert=deleted');
However You really should prevent the sql injection that's just waiting to happen. PLEASE read up on how to prevent it, because your script is vulnerable to it. Your script is also vulnerable to XSS. Sanitize ALL externally provided data ($parentID = $_GET['id']; should at the very least be $parentId = intval($_GET['id']) to fight XSS).

Show all equal values from table inside same div

This code gets all values from a table and for each row it shows its details inside a alert div and i can click a "order ready button" for that single product.
What I need to do is put in a single div all the products that are from the same order, and for that I'm thinking about using all the rows that have the same date value and when this value changes create a new div.
<?php
$result = mysqli_query($mysqli, "SELECT * FROM kitchen");
while ($row = mysqli_fetch_array($result)) {
$table = $row['table'];
$customer = $row['customer'];
$product = $row['product_name'];
$code = $row['product_code'];
$size = $row['size'];
$id = $row['id'];
$date = $row['date'];
// It would have to open here in each first distinct $date
echo '<div class="alert alert-info" role="alert" id="'.$code.'">';
echo '<h4>'.'Table '.$table.'</h4>';
echo '<h4>'.'Name: '.$name.'</h4>';
// Repeat this for each equal $date value
if($code=="A01"||$code=="A02"||$code=="A03"||$code=="A04"){
echo '<h4>'.$code.' - '.$product.' ('.$size.')'.'</h4>';
}
else{
echo '<h4>'.$code.' - '.$product.'</h4>';
}
// Close here before each next distinct $date
echo '<form action="actionkitchen.php" method="post">';
echo "<button class='btn btn-lg btn-primary btn-block' name='data' value='$data' type='submit'>Order Ready</button>";
echo '</form>';
echo '</div>';
}
?>

This is what I ended up with, not the most elegant solution but it's working.
<?php
$result = mysqli_query($mysqli, "SELECT * FROM kitchen");
while ($row = mysqli_fetch_array($result)) {
$table[] = $row['table'];
$name[] = $row['name'];
$product[] = $row['product_name'];
$code[] = $row['product_code'];
$size[] = $row['size'];
$date[] = $row['date'];
}
$count = array_count_values($date);
$y = 0;
foreach ($count as $item){
for($i=0;$i<$item;$i++){
if($i==0){
echo '<div class="alert alert-info">';
echo '<h4>'.'Table '.$table[$y].'</h4>';
echo '<h4>'.'Name: '.$name[$y].'</h4>';
}
if($code[$y]=="A01"||$code[$y]=="A02"||$code[$y]=="A03"||$code[$y]=="A04"){
echo '<h4>'.$code[$y].' - '.$product[$y].' ('.$size[$y].')'.'</h4>';
}
else{
echo '<h4>'.$code[$y].' - '.$product[$y].'</h4>';
}
if($i==$item-1){
echo '<form action="actionkitchen.php" method="post">';
echo "<button class='btn btn-lg btn-primary btn-block' name='data' value='$data[$y]' type='submit'>Order Ready</button>";
echo '</form>';
echo '</div>';
}
$y++;
}
}
?>

To set your products in the same order, I would group them by the key in an array. For our purposes, we'll use a multidimensional array so that we can add our products within the unique key (using "date" in the example). Below you will see me set the array, fetch the rows from the database (sorting by our group key so that we have some consistency on the front end) and begin placing them in their unique groups. When pushing a product into the date array, I am using array_merge() in combination of in_array() and a ternary operator to set the "product string" within the HTML.
<?php
/* Fetch/Set Kitchen */
$kitchen = array();
$sql = "SELECT * FROM `kitchen` ORDER BY `date`";
$query = mysqli_query($mysqli, $sql);
while($row = mysqli_fetch_array($query)) {
$kitchen[$row['date']][] = array_merge($row, array(
'product_string' => (in_array($row['product_code'], array('A01', 'A02', 'A03', 'A04')) !== FALSE)
? $row['product_code'] . ' - ' . $row['product_name'] . ' (' . $row['size'] . ')'
: $row['product_code'] . ' - ' . $row['product_name']
));
}
?>
To keep our HTML tidy and readable apart from our PHP, you'll see that I've chosen to use an alternative syntax for the control structures. This helps by using tab indentations from having put any awkwardly placed curly brackets in our code.
<?php foreach($kitchen as $date => $items): ?>
<div class="alert alert-info" role="alert" id="<?php echo $date; ?>">
<?php foreach($items as $item): ?>
<h4>Table <?php echo $item['table']; ?></h4>
<h4>Name: <?php echo $item['customer']; ?></h4>
<h4><?php echo $item['product_string']; ?></h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="<?php echo $item['data']; ?>" type="submit">Order Ready</button>
</form>
<?php endforeach; ?>
</div>
<?php endforeach; ?>
The above reference code will output HTML similar to:
<div class="alert alert-info" role="alert" id="2016-10-21">
<h4>Table Table 1</h4>
<h4>Name: Name 1</h4>
<h4>XXX1 - Product 1 (XXX)</h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="XXX1" type="submit">Order Ready</button>
</form>
<h4>Table Table 2</h4>
<h4>Name: Name 2</h4>
<h4>XXX2 - Product 2</h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="XXX2" type="submit">Order Ready</button>
</form>
<h4>Table Table 3</h4>
<h4>Name: Name 3</h4>
<h4>XXX3 - Product 3 (XXX)</h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="XXX3" type="submit">Order Ready</button>
</form>
</div>
<div class="alert alert-info" role="alert" id="2016-10-27">
<h4>Table Table 4</h4>
<h4>Name: Name 4</h4>
<h4>XXX4 - Product 4</h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="XXX4" type="submit">Order Ready</button>
</form>
<h4>Table Table 5</h4>
<h4>Name: Name 5</h4>
<h4>XXX5 - Product 5 (XXX)</h4>
<form action="actionkitchen.php" method="POST">
<button class="btn btn-lg btn-primary btn-block" name="data" value="XXX5" type="submit">Order Ready</button>
</form>
</div>
<div class="alert alert-info" role="alert" id="2016-11-06">
...etc.

How to associate query with changing variable in PHP

I'm in need of a bit help. I'm trying to find out how to associate a specific query (deletion of a record) with not the id of a record, but the record with which another query (selection of a record) is echoed out.
This line of code totally works when the id is specified, but again I need it for the record that gets called, where the id can skip numbers if I delete a record.
$querytwo = "DELETE FROM `paginas` WHERE id = 5";
I've got a table in my phpmyadmin database with columns 'id', 'pagetitle', 'toevoeging' (addition in Dutch) , 'message'. First one is an INT, rest are varchars/text.
This may be a stupid question, I'm sorry for that. I'm still new to PHP, and to programming in general.
Here is the code. I've commented on lines code to clarify. Thanks you!.
<?php
if (isset($_SESSION['email'])) //if the admin is active, forms can be written out.
{
echo '</nav>
<br><br> <div class="inlogscript">
<form action="verstuurd.php" method="post">
<input type="text" placeholder="Titel" method="POST" name="pagetitle" /><br><br>
<input type="text" placeholder="Toevoeging" method="POST" name="toevoeging" /><br><br>
<textarea class="pure-input-1-2" placeholder="Wat is er nieuws?" name="message"></textarea><br>
<input type="submit" value="Bevestigen" />
</form></div>';
}
?>
<div class="mainContent">
<?php
include_once("config.php"); //this is the database connection
$query = "SELECT * FROM paginas "; //selects from the table called paginas
$result = mysqli_query($mysqli, $query);
while($row = mysqli_fetch_assoc($result))
{
$pagetitle = $row['pagetitle'];
$toevoeging = $row['toevoeging'];
$message = $row['message'];
echo '<article class="topcontent">' . '<div class="mct">' . '<h2>' . "$pagetitle" .'</h2>' . '</div>' . "<br>" .
'<p class="post-info">'. "$toevoeging" . '</p>' . '<p class="post-text">' . '<br>'. "$message" . '</p>' .'</article>' . '<div class="deleteknop">' . '<form method="post">
<input name="delete" type="submit" value="Delete Now!">
</form>' . '</div>' ;
} //This long echo will call variables $pagetitle, $toevoeging and &message along with divs so they automatically CSS styled,
//along with a Delete button per echo that has the 3 variables
$querytwo = "DELETE FROM `paginas` WHERE id = 5";
if (isset($_POST['delete'])) //Deletes the query if 'delete' button is clicked
{
$resulttwo = $mysqli->query($querytwo);
}
?>
</div>
</div>
Also here is the Insert INTO query of the records. Thanks again!
$sql = "INSERT INTO paginas (pagetitle,toevoeging, message)
VALUES ('$_POST[pagetitle]','$_POST[toevoeging]','$_POST[message]')";
//the insertion into the table of the database
if ($MySQLi_CON->query($sql) === TRUE) {
echo "";
} else {
echo "Error: ". $sql . "" . $MySQLi_CON->error;
}

This won't be sufficient but, to begin with your echo :
echo '<article class="topcontent">
<div class="mct">
<h2>' . $pagetitle .'</h2>
</div><br>
<p class="post-info">'. $toevoeging . '</p>
<p class="post-text"><br>'.$message.'</p>
</article>
<div class="deleteknop">
<form method="post">';
// you ll want to use $_POST["id"] array to delete :
echo '<input type="hidden" name="id" value="'.$row['id'].'">
<input name="delete" type="submit" value="Delete Now!">
</form>
</div>' ;

Categories