0

My question is when user click on checkbox, then user is activated. this code is working fine. But when user again click on uncheckbox, then again user de-activated. How to do that? here is my working code.

Activate user when user click on checkbox

if($_GET['doAction'] == 'Activate') {
    if(!empty($_GET['q'])) {
        $userid = $_GET['q'];
        $conn = db_connection();
        $query = "UPDATE user SET activate = '1' WHERE userid = '".$userid."' ";
        $result=$conn->query($query);
    }
}

here is my checkbox

<input type="checkbox" name="app" onchange="callUser(this.value,doAction.value);" value="<?php echo $userid;?>" <?php if($row['approved'] == '1'){ echo "checked=\"true\""; }?>/>
<input type="hidden" name="doAction" id="doAction" value="Approved" />

thanks you so much. :-) EDIT-> Here is calluser() Function

<script type="text/javascript">
function callUser(str,action,third)
{
 var xmlhttp;    
if (str=="")
{
document.getElementById("txtHint").innerHTML="";
return;
}
if (window.XMLHttpRequest)
  {// code for IE7+, Firefox, Chrome, Opera, Safari 
  xmlhttp=new XMLHttpRequest();
}
else
 {// code for IE6, IE5
 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
 }
xmlhttp.onreadystatechange=function()
 {
if (xmlhttp.readyState==4 && xmlhttp.status==200)
 {
 document.getElementById("txtHint").innerHTML=xmlhttp.responseText;

}
}
xmlhttp.open("GET","adminPanel.php?    q="+str+"&doAction="+action+"&app="+third,true);
    xmlhttp.send();
}
 </script>

Here is screenshot https://i.sstatic.net/MpQfC.png

Improve this question
3
  • 4
    You are calling the JavaScript function callUser. Can you post this function? Commented Feb 24, 2011 at 9:22
  • There is no Activate word in html at all. Did you miss something? Commented Feb 24, 2011 at 9:24
  • A checkbox has a value of on when checked (in the ? part of the URL), and is missing when not checked. Commented Feb 24, 2011 at 9:33

4 Answers 4

Reset to default
4

You should send the state of the checkbox rather than the hidden field value.

onchange="callUser(<?php echo $userid;?>,this.value);"

then on the PHP side you can do a

$userid = $_GET['q'];
if(!empty($_GET['doAction']) {
   ... activate ...
}
else { ... deactivate ... }

Also, please be aware that your code sample and my anwser are both EXTREMELY insecure. You are wide open to SQL injection attacks and potential permission problems.

EDIT : fix not sending user ID.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

A common misconception to security is that it is an add-on or a patch to be done later. Secure systems must designed to be secure from the start for best results. It is also more work to add all later than to do as you go along, much like code comments.
1

Update: Seeing as how the just revealed Javascript method kind of ruins the default form sending abilities of a web page, please ignore this answer.

An unchecked checkbox does not get passed back to the server when the form is submitted. So, in this case:

if($_GET['doAction'] == 'Activate') {
    if(!empty($_GET['q'])) {
        $userid = $_GET['q'];
        $conn = db_connection();

        if (!empty($_GET['app'])) {
            $query = "UPDATE user SET activate = '1' WHERE userid = '".$userid."' ";
        }
        else {
            $query = "UPDATE user SET activate = '0' WHERE userid = '".$userid."' ";
        }
        $result=$conn->query($query);
    }
}

Hope this helps

Also, you would do well to be using parameters and binding the variables to the SQL rather than concatenating strings. This will go a long way to preventing SQL injection attacks.

Improve this answer

3 Comments

or you could use mysql_real_secape_string($userid) just as good but a damn site less work
@barkermn01 else { $query = "UPDATE user SET activate = '0' WHERE userid = '".$userid."' "; } This statement Will never execute, because I'm retrieving value of app from the database.
app should only be sent when it is active have you got some javascript activating the checkbox every time?
0

Your need if user uncheck checkbox than doAction='Deactivate'?
Post here source code of callUser function

Improve this answer

Comments

0

one other thing is you dont use value to set if its checked or not,

checked="checked" means enabled in the Input Tag

Then who ever said it is not sent is correct your best way of detecting them is using a isset($_REQUEST['checkBx'])

E.G

if(isset($_REQUEST['checkbx'])){
  // code for they are enabled
}else{
  // code for they are disabled
}
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.