1

I am creating a form to either approve or deny a time-off request. So this will bring up a table with rows of data of time off requests. You check the box and on submitting the form I want it to change the Status of the row AND send an email to the user letting them know it has been accepted. I have it updating the row, but when it sends the email it is using the information from the LAST row of data in the table. So I have a PHP form containing the following:

    <form name="bulk_action_form" action="" method="post"/>
    <tr>
            <th></th>
            <th>Username</th>
            <th>Employee Name</th>
            <th>First Day Off</th>
            <th>First Day Back</th>
            <th>Status</th>
            <th>Date of Request</th>

    </tr>
    </thead>
    <?php
        if(mysqli_num_rows($query) > 0){
            while($row = mysqli_fetch_assoc($query)){
    ?>

    <tr>
        <td align="center"><input type="checkbox" name="checked_id[]" class="checkbox" value="<?php echo $row['ID']; ?>"/>
            <input type="hidden" name="worker_name" value="<?php echo $row['worker_name']; ?>"/>
            <input type="hidden" name="Name" value="<?php echo $row['Name']; ?>"/>
            <input type="hidden" name="FirstDayOff" value="<?php echo $row['FirstDayOff']; ?>"/>
            <input type="hidden" name="FirstDayBack" value="<?php echo $row['FirstDayBack']; ?>"/></td>

        <td><?php echo $row['worker_name']; ?></td>
        <td><?php echo $row['Name']; ?></td>
        <td><?php echo $row['FirstDayOff']; ?></td>
        <td><?php echo $row['FirstDayBack']; ?></td>
        <td><?php echo $row['Status']; ?></td>
        <td><?php echo $row['_sfm_form_submision_time_']; ?></td>
    </tr> 
    <?php } }else{ ?>
        <tr><td colspan="5">No records found.</td></tr> 
    <?php } ?>
<input type="submit" class="btn btn-success" name="bulk_approve_submit" formaction="action-approve.php" value="Approve Request">

    </form>

And my action-approve.php looks as follows.

<?php
session_start();
include_once('dbConfig.php');
if(isset($_POST['bulk_approve_submit'])){

$idArr = $_POST['checked_id'];

    foreach($idArr as $id){
        mysqli_query($conn,"UPDATE Request_off SET Status='Approved' WHERE ID=".$id);

// Get Parameters about the row that was selected
$worker_name = $_POST['worker_name'];
$Name = $_POST['Name'];
$FirstDayOff = $_POST['FirstDayOff'];
$FirstDayBack = $_POST['FirstDayBack'];
// Email Parameters 
$to      = $worker_name.'@somewhere.com, [email protected]';
$subject = 'APPROVED: Time off request for '.$Name;
$message = 'Dear '.$Name.','. "\r\n\n" .'Your time off request from '.$FirstDayOff.' to '.$FirstDayBack.' has been approved!'. "\r\n\n" .'Note: Please keep a copy of this email for your records.';
$headers = 'From: [email protected]';

        mail($to, $subject, $message, $headers);
    }
    $_SESSION['success_msg'] = 'Request has been approved successfully.';
    header("Location: Request_off-admin.php?Status=Pending");
}
?>

How would I go about getting the row data from the checked row, NOT the last row in the particular table?

UPDATE:

I just took those hidden fields and turned them into checkboxes. If I check all of the boxes for a particular row, I can make it update and send the email correctly. I'm going to look into hiding those checkboxes and using just one to select them all...

Improve this question
3
  • 1
    do you find the missing form tags to be irrelevant? Commented Jan 26, 2018 at 14:53
  • 1
    Thanks for noticing! I just didn't copy them over from my Notepad++. Commented Jan 26, 2018 at 14:55
  • $to = $worker_name.'@somewhere.com, [email protected]'; that is part of the problem here. To: expects the email to be sent to the email row, or is that just pseudo code? Seeing the edit, <form> defaults to a GET method (and as self) and you're using POST arrays. Commented Jan 26, 2018 at 14:55

1 Answer 1

Reset to default
3

Essentially your problem is that you're using the same name for all your inputs. If you look at the source of your PHP form in your web browser you will notice lots of worker_name fields, for instance - one for each record. So the last input in the list is overwriting all the previous ones when they're posted to your script.

My suggestion, however, would be to only POST the IDs in the checkboxes. The rest of the data you already have in your database. In the action-approve.php script you can load the name, days off, etc details from the database and loop over them.

Something like this (untested):

<?php

foreach($idArr as $id){
    mysqli_query($conn,"UPDATE Request_off SET Status='Approved' WHERE ID=".$id);

// Get Parameters about the row that was selected
$newQuery = mysqli_query($conn, "SELECT * FROM Request_off WHERE ID = $id");
if(mysqli_num_rows($newQuery) > 0){
    while($_newRow = mysqli_fetch_assoc($newQuery)){
        $worker_name = $_newRow['worker_name'];
        $Name = $_newRow['Name'];
        $FirstDayOff = $_newRow['FirstDayOff'];
        $FirstDayBack = $_newRow['FirstDayBack'];

        // Email Parameters 
        $to      = $worker_name.'@somewhere.com, [email protected]';
        $subject = 'APPROVED: Time off request for '.$Name;
        $message = 'Dear '.$Name.','. "\r\n\n" .'Your time off request from '.$FirstDayOff.' to '.$FirstDayBack.' has been     approved!'. "\r\n\n" .'Note: Please keep a copy of this email for your records.';
        $headers = 'From: [email protected]';

        mail($to, $subject, $message, $headers);
    }
}

This will also make it easier to validate your data, because currently people can easily do SQL injection or other unexpected things.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I will give this a shot. Yes I know this is very susceptible to SQL Injection. This is only going to be run on our local network at work, so I'm not TOO worried about it. It is something I need to learn more about though.
$newQuery = mysql_query is a typo here.
It is indeed updating the data in the table, but it isn't pulling the other data from the other rows in order to formulate the email properly.
I just fixed a type on my answer (underscore before newQuery) - check that on your copy.
No, just the error that it is bouncing off of our mail server because it's just trying to go to @ourcompany.com

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.