I've just started to learn php and I decided to work on a simple ticket system. I've managed to show a list of tickets and then when user clicks on the ticket id I can show the ticket details passing the ticket id variable to the url.
Now, to update the ticket I've created a new form with action="ctrl_client_edit_ticket.php" method="post" so in this file I can execute the database query to update the ticket.
The problem is that I have to use _POST to assign the ticket id to a new variable. So I thought maybe I could create a hidden field in the form <input type="hidden" name="ticketid" value="<?php echo $ticket_id ?>">
It is working but I don't really know if this is the best and safer method to do this operation.
Many thanks
This is the code.
This is the file client_view_ticket.php where i show to the user all the tickets.
<?php
$view_ticket_query = mysqli_prepare($conn, "SELECT ticket_id, ticket_subject, ticket_status, ticket_time_stamp FROM user_tickets WHERE ticket_user_id= ? ");
$view_ticket_query -> bind_param("i", $userid);
$view_ticket_query -> execute();
$view_ticket_query -> bind_result($ticket_id, $ticket_subject, $ticket_status, $ticket_time_stamp);
while($view_ticket_query -> fetch())
{
// set ticket's colors
if ($ticket_status == "Aperto"){
$tcolor = "<span class='label label-lg label-success'>";
}else if ($ticket_status == "Chiuso"){
$tcolor = "<span class='label label-lg label-danger'>";
}else if ($ticket_status == "In Lavorazione"){
$tcolor = "<span class='label label-lg label-info'>";
}
echo '
<tr>
<td><a href="client_edit_ticket.php?id='.$ticket_id.'"> '.$ticket_id.'</a></td>
<td><a href="client_edit_ticket.php?id='.$ticket_id.'"> '.$ticket_subject.'</a></td>
<td>'.$ticket_time_stamp.'</td>
<td>'.$tcolor.'' .$ticket_status. '</span></td>
</tr>
';
}
$view_ticket_query -> close();
?>
This is the file client_edit_ticket.php
<?php
// Prelevo l'id del ticket dall'url e lo passo ad una variabile
$ticket_id = $_GET['id'];
// Query al database per prendere i dati del ticket
$view_ticket = mysqli_prepare($conn, "SELECT ticket_subject, ticket_body, ticket_user_first, ticket_user_last, ticket_user_email, ticket_time_stamp, ticket_status, ticket_priority FROM user_tickets WHERE ticket_id= ? ");
$view_ticket -> bind_param("i", $ticket_id);
$view_ticket -> execute();
$view_ticket -> bind_result($ticket_subject, $ticket_message, $ticket_user_first, $ticket_user_last, $ticket_user_email, $ticket_created_time, $ticket_status, $ticket_priority);
$view_ticket -> fetch();
$view_ticket -> close();
// Coverto la data di creazione del ticket in un formato europeo
$new_ticket_date = date('d-m-Y', strtotime($ticket_created_time));
?>
<form class="form-group" action="controllers/ctrl_client_edit_ticket.php" method="post">
<!-- hidden input for ticket id -->
<input type="hidden" name="ticketid" value="<?php echo $ticket_id ?>">
<div class="row">
<div class="col-xs-12">
<h3>
<i class="icon-action-redo"></i> Messaggio di risposta</h3>
<textarea class="ticket-reply-msg" row="10"></textarea>
</div>
</div>
<div class="row">
<div class="col-md-4">
<h3 class="ticket-margin">
<i class="icon-info"></i> Aggiorna Priorità</h3>
<select class="ticket-status" name="ticketpriority">
<option value="Bassa" selected>Bassa</option>
<option value="Media">Media</option>
<option value="Alta">Alta</option>
<option value="Urgente">Urgente</option>
<option value="Critica">Critica</option>
</select>
</div>
</div>
<button class="btn btn-square uppercase bold green" type="submit">Aggiorna</button>
</form>
This is the file ctrl_client_edit_ticket.php
$ticket_id = $_POST['ticketid'];
$ticket_priority = check_input($_POST['ticketpriority']);
if ($ticket_update_query = mysqli_prepare($conn, "UPDATE user_tickets SET ticket_priority= ? WHERE ticket_id= ? ")) {
/* bind parameters for markers */
mysqli_stmt_bind_param($ticket_update_query, 'si', $ticket_priority, $ticket_id);
/* execute query */
mysqli_stmt_execute($ticket_update_query);
echo "ticket aggiornato";
} else{
echo "ticket non aggiornato";
}
?>
