Want to create approved button if status is approved else pending button will appear

Question

0.00/5 (No votes)

See more:

I have two table add_batch and assign_student

By using while loop I display all subject of add_batch table with a static button below all subject.

Now I want to create button in such a way that from assign_student table if student with respect course status is Approved then Approved button will appear and if status is pending then Pending Button will appear.

Please programmers reply as soon as possible. Help me please

What I have tried:

<?php
include 'connect.php';
session_start();
$id=$_SESSION['id']; 

?>

<!DOCTYPE html>
<html lang="en">
<!-- BEGIN HEAD -->
<head>
<?php include 'head.php';?>
<head/>
 <!-- END HEAD -->
<body class="page-header-fixed sidemenu-closed-hidelogo page-content-white page-md header-white white-sidebar-color logo-indigo">
    <div class="page-wrapper">
        <!-- start header -->
        <div class="page-header navbar navbar-fixed-top">
           <?php include 'header.php';?>

        </div>
        <!-- end header --> 
        <!-- start page container -->
        <div class="page-container">
            <!-- start sidebar menu -->
            <?php include 'menu.php';?>
            <!-- end sidebar menu --> 
            <!-- start page content -->
            <div class="page-content-wrapper">
                <div class="page-content-wrapper">
                <div class="page-content">
                    <div class="page-bar">
                         <?php include './breadcrumb.php';?>
                    </div>
                     
		            <div class="row clearfix">

                    <?php

                    if(isset($_POST['submit']))
					{


						$branch_id = mysqli_real_escape_string($conn, $_POST['branch_id']);
						$institute_id = mysqli_real_escape_string($conn, $_POST['institute_id']);
						

						$res=mysqli_query($conn, "SELECT * FROM add_batch WHERE branch_id='$branch_id' && institute_id='$institute_id'");

						$product_count = mysqli_num_rows ($res);

						$course_id = $row['course_id'];
						if ($product_count > 0) {
                      
                      		
								
									while ($row=mysqli_fetch_array($res)) {


						
										?>

									<div class="col-md-6 col-sm-6">
	                        	<form method="POST" action="student.php?page=subscribecourse">
				                        <div class="card">
				                            <div class="panel-body">
				                            	
				                                <h3><?php echo $row['course_name']; ?></h3>

				                                <input type="hidden" name="student_name" value="<?php echo $s_name; ?>">
				                               <input type="hidden" name="institute_id" value="<?php echo $row['institute_id']; ?>">
				                               
				                               <input type="hidden" name="branch_id" value="<?php echo $row['branch_id']; ?>">
				                               
				                               <input type="hidden" name="batch_id" value="<?php echo $batch_id; ?>">
				                               
				                               <input type="hidden" name="course_id" value="<?php echo $course_id; ?>">
				                                 <input type="hidden" name="course_name" value="<?php echo $row['course_name']; ?>">

				                               <input type="hidden" name="student_id" value="<?php echo $s_id; ?>">
				                                <?php

				                                $res1=mysqli_query($conn, "SELECT * FROM assign_student WHERE branch_id='".$branch_id."'");
				                              #$row1=mysqli_fetch_array($res1);
				                               
				                                while ($row1=mysqli_fetch_array($res1)) {

				                               
				                                	if (($course_id == $row1['course_id']) && ($row1['status'] == 'Approved')) {
				                                		# code...
				                                		echo "<button class='btn-button default' type='submit' name='submit'>Taken</button>";
				                                	}
				                                	else
				                                	{
				                                		echo "<button class='btn-button default' type='submit' name='subscribe'>Not Taken</button>";
				                                	}
				                                	
				                               }

				                                ?>
				                              
				                                
				                                
				                           </div>
				                        </div>
				                         </form>
				                    </div>

									<?php

									}
									
								



                      }
                       else
                      {
                      	?>
                      		<div class="col-md-12 col-sm-12">
	                        	
		                        <div class="card">
		                            <div class="panel-body">
		                            	<h3>Sorry! No course found in this branch</h3>
		                            </div>
		                        </div>
		                    </div>
                      	<?php
                      }

					}
			                   
                    
                ?>
                </div>
                </div>
            
                <!-- end page content -->
                 
            </div>
            </div>
            <!-- end page content -->
          
        </div>
        <!-- end page container -->
        <!-- start footer -->  
        <?php include './footer.php';?>

Posted 5-Jun-18 2:20am

Member 13783315

Updated 5-Jun-18 9:03am

Add a Solution

Comments

Member 13812021 5-Jun-18 12:04pm

When they select a coarse what is taking place? Is there a table with courses that are with associated user? Meaning is there a course table, user table, and then a UserCourses table? Or is there a User table, coarse table, UserToCourse Table?

Member 13783315 6-Jun-18 0:32am

course table, user table and UserCourse table

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2018-06-05T09:05:00

Escaping user input do not prevent SQL injection:

PHP

$branch_id = mysqli_real_escape_string($conn, $_POST['branch_id']);
$institute_id = mysqli_real_escape_string($conn, $_POST['institute_id']);
$res=mysqli_query($conn, "SELECT * FROM add_batch WHERE branch_id='$branch_id' && institute_id='$institute_id'");

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]