CHANGE PHP STATUS [closed]

0

I am having a problem when changing the status of the users of my database, when I am going to change the status of some user it does not approve the user of that line but last user what can be?

logado.php

  <?php  
                //Consulta
                $buscarusuario=$pdo->prepare("SELECT * FROM usuario");
                $buscarusuario->execute();

                //atribuindo dados á variavel
                $linha = $buscarusuario->fetchAll(PDO::FETCH_ASSOC);

                //percorrendo a variavel para listar os dados
                foreach ($linha as $listar) {
                    $iduser = $listar['id'];
                    echo "<tr>";
                    echo " <td>".$listar['id']."</td>";
                    echo "<td>".$listar['nome']."</td>";
                    if($listar['status'] > 0 ){
                    echo "<td class='success text-success'>Aprovado 
  <form method='post' action='pg/mudastatus.php'>
    <input type='hidden' name='desaprovauser' value='$iduser'>
      <button type='submit' class='btn btn-xs btn-success alinha-btn' name='desaprova' value='desaprovar'>Desaprovar</button>

                    </td>";
                  }else{
                    echo "<td class='danger text-danger'> Aguardando aprovação 
  <form method='post' action='pg/mudastatus.php'>
   <input type='hidden' name='aprovauser' value='$iduser'>
   <button type='submit' class='btn btn-xs btn-danger alinha-btn' name='aprova' value='aprovar' >Aprovar</button>
</form>

                    </td>";
                  } 
  }
              ?>

mudastatus.php

    if(isset($_POST['aprova'])){

   $atualizarstatus = $pdo->prepare("UPDATE usuario SET status=1 WHERE id='".$_POST["aprovauser"]."' ");
   $atualizarstatus->execute();
   $linha = $atualizarstatus->rowCount();

   if($linha > 0){
     header("location:../logado.php");
   }else{
    echo "Erro ao Mudar status";
   }
}elseif (isset($_POST['desaprova'])){

   $atualizarstatus = $pdo->prepare("UPDATE usuario SET status=0 WHERE id='".$_POST["desaprovauser"]."' ");
   $atualizarstatus->execute();
   $linha = $atualizarstatus->rowCount();

   if($linha > 0){
     header("location:../logado.php");
   }else{
    echo "Erro ao Mudar status";
    header("location:../logado.php");
   }
}
    
asked by anonymous 03.07.2016 / 04:53

2 answers

0

First a brief comment about security, since it is using PDO and prepare ... it is advisable that you do not pass the variables directly in the query ...

$atualizarstatus = $pdo->prepare("UPDATE usuario SET status=1 WHERE id=? ");
$atualizarstatus->execute(array($_POST["aprovauser"]));

So, you would already avoid sql injection through direct inserted variables in the query. Now returning your question may be that, from what I understand, your code will have a user and the button to approve or disapprove. And if they have more than one, I would: User1 Approve User2 Approve User3 Approve If this approve the submit button, you agree that when I click on approve I will send normally, but as there are more than one button approve, ie with the same name, not time to get the value it will not know which you clicked and Yeah, I got the last button, that's what's happening. I hope I have helped

    
03.07.2016 / 05:39
-2

You are creating several input hidden with same name, so you are not guaranteed what the value arrives in the backend, try to change your logic for each input to have a unique name.

    
03.07.2016 / 05:37