• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

AAC On submit change SQL value from 0 to 1

Adorius Black

Adorius Black

Advanced OT User
Joined
Mar 31, 2020
Messages
303
Solutions
3
Reaction score
180
Hi I wrote short code for reports. This code takes info from database and show on webpage all reports. I created in table "player_reports" column "solved" which has automaticaly value 0. Code written below show on webpage all reports with value "solved=0". I created also button "Solve!" which is displayed with every report on webpage. I would like this button to be able to change the value of the exact report from 0 to 1 after clicking on it (solved set to 1). So after click on button of exact report change "solved" "value from 0 to 1 and in this case report will be marked as solved and will not be able to see on webpage anymore.

Anybody can help me with this?

PHP: 
<?php $reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id'); ?>

<table>
<?php foreach($reports as $report) {echo '
        <tr>
              <td>'.$report['id'].'</td>
              <td>'.$report['date'].'</td>
              <td>'.$report['name'].'</td>
              <td>'.$report['report_description'].'</td>
              <td><button>Solve!</button></td>
         </tr>            
';} ?>
</table>
 
Last edited:
Solution
B
Sorry, I thought you meant on this line:
HTML: 
onclick="javascript:document.location=\'?subtopic=report&action=solve&id='.$report['id'].'\'">

It was just an example, you should prepare the string properly anyway, any concatenation with user input is asking for trouble.
Post automatically merged:

For anyone wanting a safe prepared solution:

PHP: 
<?PHP if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {

if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $stmt = $SQL->prepare('UPDATE player_reports SET solved = 1 WHERE id = :id');
        $stmt->bindParam(":id", $gid);
        $stmt->execute()...
Sort by date Sort by votes
This should be either a form or a link with query parameters. Then, by reading $_POST (in case of form) or $_GET (in case of query params) you can read the passed arguments and execute the query updating the report. You could, for example doing it gesior aacs way, use ?view=reports&action=solve&id=$report['id'], then read $_GET['action'] and $_GET['id'] and by passing the sanitised id to the update query execute it.
 
Upvote 0 Downvote
EvulMastah said:
This should be either a form or a link with query parameters. Then, by reading $_POST (in case of form) or $_GET (in case of query params) you can read the passed arguments and execute the query updating the report. You could, for example doing it gesior aacs way, use ?view=reports&action=solve&id=$report['id'], then read $_GET['action'] and $_GET['id'] and by passing the sanitised id to the update query execute it.
Click to expand...
Sorry I am beginner. I read your comment more times but I still dont know how to do it.
 
Upvote 0 Downvote
PHP: 
<?php
 
if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');
        //header('Location:my_php_page.php');
    }
}

$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id'); ?>

<table>
<?php foreach($reports as $report) {echo '
        <tr>
              <td>'.$report['id'].'</td>
              <td>'.$report['date'].'</td>
              <td>'.$report['name'].'</td>
              <td>'.$report['report_description'].'</td>
              <td><button onclick="javascript:document.location=\'my_php_page.php?action=solve&id='.$report['id'].'\'">Solve!</button></td>
         </tr>        
';} ?>
</table>

Something along the lines of that will work. I don't know what ACC engine you are using. But I would recommend using PDO or something to prepare the SQL statement before execution to prevent SQL Injection.

You will have to change both instances of "my_php_page", as I am unsure of what your page is called.

Also, you can redirect to your page after the change by using header/location to remove the URL parameters. Just uncomment the line and put the appropriate link in.
 
Upvote 0 Downvote
Boy67 said:
PHP: 
<?php
 
if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');
        //header('Location:my_php_page.php');
    }
}

$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id'); ?>

<table>
<?php foreach($reports as $report) {echo '
        <tr>
              <td>'.$report['id'].'</td>
              <td>'.$report['date'].'</td>
              <td>'.$report['name'].'</td>
              <td>'.$report['report_description'].'</td>
              <td><button onclick="javascript:document.location=\'my_php_page.php?action=solve&id='.$report['id'].'\'">Solve!</button></td>
         </tr>    
';} ?>
</table>

Something along the lines of that will work. I don't know what ACC engine you are using. But I would recommend using PDO or something to prepare the SQL statement before execution to prevent SQL Injection.

You will have to change both instances of "my_php_page", as I am unsure of what your page is called.

Also, you can redirect to your page after the change by using header/location to remove the URL parameters. Just uncomment the line and put the appropriate link in.
Click to expand...
Hi my friend :) . I dont know why its not working. It make action but dont change value from 0 to 1 :(
I am using Gesior 2012 and page which show reports is at http://pagename/?subtopic=report

PHP: 
<?PHP if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {

if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');
      //  header('?subtopic=report');
    }
}
$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id');
$main_content .= '<a class="f20 darkgreen3 u-none fs1 b px20">Reports</a>
<table width="100%">';        
foreach($reports as $report) {
$bgcolor = (($number_of_players_online++ % 2 == 1) ?  $config['site']['darkborder'] : $config['site']['lightborder']);
$main_content .= '    <tr BGCOLOR='.$bgcolor.'>
                        <td width="5%" class="f16 orange5 u-none fs1 b px17">'.$report['id'].'</td>
                        <td class="f13 px14 orange5 fs1">'.$report['date'].'</td>
                        <td class="f13 px14 green3 fs1">'.$report['name'].'</td>
                        <td class="f13 px15 white4 fs1">'.$report['report_description'].'</td>
                        <td><button class="button" onclick="javascript:document.location=\'index.php?action=solve&id='.$report['id'].'\'">Solve!</button></td>

                    </tr>';}
$main_content .= '</table>';}
else {$main_content .= '<a class="f20 red5 u-none fs1 b px20">Sorry, you have not the rights to access this page.</a>';} ?>
 
Upvote 0 Downvote
samco said:
You are going to index.php, but i doubt this code is in index.php but anywhere else...
Click to expand...
When I use
PHP: 
<td><button class="button" onclick="javascript:document.location=\'?subtopic=report?action=solve&id='.$report['id'].'\'">Solve!</button></td>

it shows:
Fatal error: Uncaught InvalidArgumentException: Cannot load page <b>report?action=solve</b>, invalid file name [contains illegal characters]. in C:\xampp\htdocs\system\load.compat.php:23 Stack trace: #0 C:\xampp\htdocs\index.php(33): include_once() #1 {main} thrown in C:\xampp\htdocs\system\load.compat.php on line 23
Click to expand...
 
Upvote 0 Downvote
report&action

Don't use that code in your production environment, you have to escape the id.

Also, this will not work: $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');

You have to use double quotes for string interpolation
 
Upvote 0 Downvote
PHP: 
<?PHP if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {

if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');
        header('Location:?subtopic=report');
    }
}
$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id');
$main_content .= '<a class="f20 darkgreen3 u-none fs1 b px20">Reports</a>
<table width="100%">';     
foreach($reports as $report) {
$bgcolor = (($number_of_players_online++ % 2 == 1) ?  $config['site']['darkborder'] : $config['site']['lightborder']);
$main_content .= '    <tr BGCOLOR='.$bgcolor.'>
                        <td width="5%" class="f16 orange5 u-none fs1 b px17">'.$report['id'].'</td>
                        <td class="f13 px14 orange5 fs1">'.$report['date'].'</td>
                        <td class="f13 px14 green3 fs1">'.$report['name'].'</td>
                        <td class="f13 px15 white4 fs1">'.$report['report_description'].'</td>
                        <td><button class="button" onclick="javascript:document.location=\'?subtopic=report&action=solve&id='.$report['id'].'\'">Solve!</button></td>

                    </tr>';}
$main_content .= '</table>';}

As I already said, you have to sanitize the ID. I would suggest implementing PDO (Prepared Dynamic Objects).
Post automatically merged:

EvulMastah said:
report&action

Don't use that code in your production environment, you have to escape the id.

Also, this will not work: $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');

You have to use double quotes for string interpolation
Click to expand...

In PHP, when echo'ing HTML, you use single quotes to echo, as most HTML attributes use double quotes for values. Therefore, when applying inline javascript or other scenarios, you just cancel escaping the string with a \.

' this is still a \'string\''; // this is still a 'string'
 
Last edited by a moderator:
Upvote 0 Downvote
Boy67 said:
PHP: 
<?PHP if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {

if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');
        header('Location:?subtopic=report');
    }
}
$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id');
$main_content .= '<a class="f20 darkgreen3 u-none fs1 b px20">Reports</a>
<table width="100%">';    
foreach($reports as $report) {
$bgcolor = (($number_of_players_online++ % 2 == 1) ?  $config['site']['darkborder'] : $config['site']['lightborder']);
$main_content .= '    <tr BGCOLOR='.$bgcolor.'>
                        <td width="5%" class="f16 orange5 u-none fs1 b px17">'.$report['id'].'</td>
                        <td class="f13 px14 orange5 fs1">'.$report['date'].'</td>
                        <td class="f13 px14 green3 fs1">'.$report['name'].'</td>
                        <td class="f13 px15 white4 fs1">'.$report['report_description'].'</td>
                        <td><button class="button" onclick="javascript:document.location=\'?subtopic=report&action=solve&id='.$report['id'].'\'">Solve!</button></td>

                    </tr>';}
$main_content .= '</table>';}

As I already said, you have to sanitize the ID. I would suggest implementing PDO (Prepared Dynamic Objects).
Post automatically merged:



In PHP, when echo'ing HTML, you use single quotes to echo, as most HTML attributes use double quotes for values. Therefore, when applying inline javascript or other scenarios, you just cancel escaping the string with a \.

' this is still a \'string\''; // this is still a 'string'
Click to expand...

lol, let's assume you make any sense...

Code: 
        $SQL->query('UPDATE player_reports SET solved = 1 WHERE id = $gid');

how is this part of html? how do you think this string will end up?
 
Upvote 0 Downvote
Sorry, I thought you meant on this line:
HTML: 
onclick="javascript:document.location=\'?subtopic=report&action=solve&id='.$report['id'].'\'">

It was just an example, you should prepare the string properly anyway, any concatenation with user input is asking for trouble.
Post automatically merged:

For anyone wanting a safe prepared solution:

PHP: 
<?PHP if($group_id_of_acc_logged >= $config['site']['access_admin_panel']) {

if(isset($_GET['action']) && isset($_GET['id'])){
    $gaction = $_GET['action'];
    $gid = (int)$_GET['id'];
    if($gaction == "solve" && $gid > 0){
        $stmt = $SQL->prepare('UPDATE player_reports SET solved = 1 WHERE id = :id');
        $stmt->bindParam(":id", $gid);
        $stmt->execute();
        header('Location:?subtopic=report');
    }
}
$reports = $SQL->query('SELECT * FROM player_reports WHERE solved = 0 ORDER BY id');
$main_content .= '<a class="f20 darkgreen3 u-none fs1 b px20">Reports</a>
<table width="100%">';
foreach($reports as $report) {
$bgcolor = (($number_of_players_online++ % 2 == 1) ?  $config['site']['darkborder'] : $config['site']['lightborder']);
$main_content .= '    <tr BGCOLOR='.$bgcolor.'>
                        <td width="5%" class="f16 orange5 u-none fs1 b px17">'.$report['id'].'</td>
                        <td class="f13 px14 orange5 fs1">'.$report['date'].'</td>
                        <td class="f13 px14 green3 fs1">'.$report['name'].'</td>
                        <td class="f13 px15 white4 fs1">'.$report['report_description'].'</td>
                        <td><button class="button" onclick="javascript:document.location=\'?subtopic=report&action=solve&id='.$report['id'].'\'">Solve!</button></td>

                    </tr>';}
$main_content .= '</table>';}
 
Last edited by a moderator:
Upvote 2 Downvote
Solution

Similar threads

ralke
  • Question
AAC ZnoteAAC show killing assists at characterprofile deathlist
Replies
0
Views
168
ralke
ralke
Czorcik
  • Question
Problem with Gesior Acc HIGHSCORE (offline player)
Replies
2
Views
465
Czorcik
Czorcik
Shoorkill
  • Question
AAC gesior creates an account, but when selecting a character in the game he receives an account error or wrong password.
Replies
2
Views
270
Shoorkill
Shoorkill
O
  • Question
help name of the invisible towns in myacc
Replies
2
Views
368
tobi132
T
ghunalma
  • Question
AAC [Znote AAC] admin_news dont upload images
Replies
3
Views
316
ghunalma
ghunalma
V
  • Question
AAC reset system geisor
Replies
0
Views
281
vitorelias1
V
3221920
  • Question
AAC [HELP] MyAAC Headline not work
Replies
4
Views
489
3221920
3221920
Czorcik
  • Question
Highscore reborn system in acc maker
Replies
0
Views
260
Czorcik
Czorcik
Back
Top