I'm new to PHP and SQL but have just finished reading Kevin Yank's 'Build your own database driven website using php & mysql' 4th ed. I'm now trying to implement his suggestions for joke visibility on the main joke page of the site. I have added the new 'visible' column to the 'joke' table and successfully got the page to hide jokes that have 'NO' in the visibility column. My problem involves the ability to alter a jokes visible status from the admin pages. I will list the code that i have tried to implement so that hopefully someone can point out where i've gone wrong.
below is a code segment from my admin/jokes/index.php page:
if (isset($_POST['action']) and $_POST['action'] == 'Set')
include $_SERVER['DOCUMENT_ROOT'] . 'includes/db.inc.php';
$id = mysqli_real_escape_string($link, $_POST['id']);
$value = mysqli_real_escape_string($link, $_POST['visible']);
// Change visibility
$sql = "UPDATE joke SET visible='$value' WHERE id='$id'";
$error = 'Unable to set visibility.';
Below is another segment from my admin/jokes/jokes.html.php page:
<?php foreach ($jokes as $joke): ?>
<td><?php bbcodeout($joke['text']); ?></td>
<form action="?" method="post">
<input type="hidden" name="id" value="<?php
<input type="submit" name="action" value="Edit"/>
<input type="submit" name="action" value="Delete"/>
<select name="visible" id="visible"><br />
<option value="">...</option><br />
<option value="'YES'">Yes</option><br />
<option value="'NO'">No</option><br />
<input type="submit" name="action" value="Set"/>
<?php endforeach; ?>
<?php endif; ?>
As you can probably see I've included a drop down box with options 'YES' and 'NO' that is visible next to each joke in the search results. The drop down box then has a 'SET' button next to it. Everything appears to display as I want it to but when I click the 'SET' button I get my error message 'Unable to set visibility'. I can't for the life of me see why it doesn't update my database so any pointers would be greatly appreciated.
Thanks for your time!
You are using mysqli_real_escape_string(), but then you perform the query with mysql_query()... Try mysqli_query()
Spot on! Works perfectly. I knew it would be something stupid like that but sometimes you just need a fresh pair of eyes to look it over. Thanks a lot for your help.