Help with php form

kphigh · 11-19-2010, 07:18 PM

Hi,

I am extremely new to PHP. I have a form which is used to add/update data a mysql database. One of the fields is called "Approved' and I use a yes/no radio button to update the field. Is there a way to only allow certain team members see and or uddate the Approved field? I capture the username from the browser cookie.

Here is the code I use for the form:

<html>
<head>
<title>My Page</title>
</head>
<body>
<align = center><h2>SureIt Entry/Update Form</h2></align>
<?php
// set database server access variables:
$host = "";
$user = "";
$pass = "";
$db = "";

$tag=$_POST['tag'];
$developer=$_POST['developer'];
$application=$_POST['application'];
$username=$_COOKIE["InfoMgrWT"];

// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");

// select database
mysql_select_db($db) or die ("Unable to select database!");

// create query
$query = "SELECT * FROM revo.sureit where tag = '".$tag."' and developer ='".$developer."' and application = '".$application."'";
//print $query;
//$query= "SELECT * from sureit";
// execute query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());
$row = mysql_fetch_row($result);

if($row[0])
{
echo "<form name='ProdMove_1' action='sureit_update.php' method='POST'>";
echo "<div align='left'>";
}
else
{
echo "<form name='ProdMove_1' action='sureit_insert.php' method='POST'>";
echo "<div align='left'>";
}
echo "Tag<br>";

echo "<input type='text' name='tag' value='".$tag."'><BR><br>";

echo "Developer<br>";
echo "<input type='text' name='developer' value='".$developer."'><BR><br>";

echo "Application<br>";
echo "<input type='text' name='application' value='".$application."'><BR><br>";

echo "Description of Code change<br>";
echo '<textarea cols=60 rows=15 wrap="soft" name="descofchange">'.$row[3].'</textarea><BR><br>';

echo "Details<br>";
echo '<textarea cols=60 rows=15 wrap= "soft" name="details">'.$row[14].'</textarea><BR><br>';

echo "Description of Database Change<br>";
echo '<textarea cols=60 rows=15 wrap="hard" name="descofdbchange">'.$row[4].'</textarea><BR><br>';

echo "Front End Changes<br>";
echo '<textarea cols=60 rows=15 wrap="soft" name="frontendchanges">'.$row[9].'</textarea><BR><br>';

echo "Move Instructions<br>";
echo '<textarea cols=60 rows=15 wrap="soft" name="moveinst">'.$row[11].'</textarea><BR><br>';

echo "Post Move Validation<br>";
echo '<textarea cols=60 rows=15 wrap = "soft" name="postmovevalidate">'.$row[12].'</textarea><BR><br>';
echo "Move Validated<br>";
if ($row[15] == 'Y')
{
echo "<input type='radio' name='movevalidated' value='Y' checked >Y<br>";
echo "<input type='radio' name='movevalidated' value='N' >N<br>";
}
else
{
echo "<input type='radio' name='movevalidated' value='Y' >Y<br>";
echo "<input type='radio' name='movevalidated' value='N' checked >N<br><br><br>";
}
'<br><br>';
echo "Approved<br>";

if ($row[6] == 'Y')
{
echo "<input type='radio' name='approved' value='Y' checked >Y<br>";
echo "<input type='radio' name='approved' value='N' >N<br>";
}
else
{
echo "<input type='radio' name='approved' value='Y' >Y<br>";
echo "<input type='radio' name='approved' value='N' checked >N<br><br>";
}

echo "Cancelled<br>";
if ($row[13] == 'Y')
{
echo "<input type='radio' name='cancelled' value='Y' checked >Y<br>";
echo "<input type='radio' name='cancelled' value='N' >N<br>";
}
else
{
echo "<input type='radio' name='cancelled' value='Y' >Y<br>";
echo "<input type='radio' name='cancelled' value='N' checked >N<br>";
}
?>
<br>
<input type = "submit" value = "Submit">
<br><br>
<a href="http://revolab0.uswin.ad.vzwcorp.com/sureit_query.html">Back</a>
</form>
</body>
</html>

Thanks
kevin

tony · 11-19-2010, 08:55 PM

I would query for the user security level and only show that radio if it is in a certain level or higher.

SaintIsaiah · 11-20-2010, 12:13 AM

I agree with tony here, the best way is to check for their security level. You would need to have a users table in the sql with a column representing their security level. You would need to assign a default, such as "0" for that column, then that value increases by one each time on specific users when there is higher access to grant.

Lets say you have a usersystem that uses an sql table called "users".

Using their userid, you query their info in the database, then establish whether or not to show them the specific content or not, based on their security level

For this example, I'm using "$user['userid']"

There may already be a variable like this to identify your users if you are integrating your script into an existing php system. Otherwise, you will need to develop a register/login system that handles sessions.
Follow the comments below, introduced by "//" for more information and feel free to reply with any questions you have.

PHP Code:


			
//Using their userid ($user['userid']) I can grab all their information from the database
if($user_arr = mysql_query("SELECT * FROM users WHERE userid ='" . $user['userid'] . "'"))
{
   //I now use "$userinfo" as the variable to display any of their information
   //NOTE: one of the SQL columns for their username contains their access 
   //level. This is labed as "access_level" but can be named anything
   $userinfo = mysql_fetch_array($user_arr);
   
   //I now see if their access level is equal to the required level to see the 
   //content. If they have access, the content shows. If they don't, the content 
   //is skipped from being displayed
   if($userinfo['access_level'] == '3') //'3' could be any access number you want
   {
      // Show Permissible Content Here or Skip Me
   }
}

kphigh · 11-22-2010, 01:13 PM

Thanks for the idea.. I'll give it a try and see what happens.

SaintIsaiah · 11-22-2010, 08:20 PM

Quote:

Originally Posted by kphigh

Thanks for the idea.. I'll give it a try and see what happens.

No prob. Let me know how it works out.