diff --git a/editIsRated.js b/editIsRated.js
new file mode 100644
index 0000000000000000000000000000000000000000..4d8b62d9f695f10f2feb304bdd4721e36822c33a
--- /dev/null
+++ b/editIsRated.js
@@ -0,0 +1,29 @@
+const mysql = require('mysql');
+const { user, password } = require("./config");
+
+module.exports = function editIsRated(idTransaksi, val, response) {
+    if (idTransaksi && (val || val == 0) && response) {
+        var connection = mysql.createConnection({
+            host: 'localhost',
+            user: user,
+            password: password,
+            database: 'ws-transaksi'
+        });
+
+        connection.connect();
+
+        var query = `UPDATE TransaksiTiket SET isRated =? WHERE idTransaksi =?`;
+        connection.query(query, [val, idTransaksi], function (err, result) {
+            if (err) {
+                console.log(err);
+                response.status(400).send("Wrong Query!");
+            }
+            response.sendStatus(200);
+        });
+
+        connection.end();
+    } else {
+        response.status(400).send('Wrong Query!');
+    }
+}
+
diff --git a/editTransaction.js b/editTransaction.js
index b0d475918bc61cc66d5033a3580a52292a912575..851d6e39029f81bfe789412c92a239bfd42f2669 100644
--- a/editTransaction.js
+++ b/editTransaction.js
@@ -45,7 +45,7 @@ module.exports = function editTransaction(idTransaksi, response) {
         var statusTerkini;
 
         connection.connect();
-        var query = `SELECT creationTime, status from TransaksiTiket where idTransaksi=?`;
+        var query = `SELECT creationTime, status from TransaksiTiket WHERE idTransaksi=?`;
         connection.query(query, [idTransaksi], async function (err, result) {
             if (err) {
                 response.status(400).send("Wrong Query!");
diff --git a/index.js b/index.js
index eb1664edeab6e691815657902fbe98bdbc280625..bc4fea16bb77501913bc035ac0d458096c49ea69 100644
--- a/index.js
+++ b/index.js
@@ -4,13 +4,12 @@ const bodyParser = require('body-parser');
 const addTransaction = require('./addTransaction.js');
 const editTransaction = require('./editTransaction.js');
 const getTransaction = require('./getTransaction.js');
-const getSeats = require('./getSeats.js')
+const getSeats = require('./getSeats.js');
+const editIsRated = require('./editIsRated.js');
 const app = express();
 const { port } = require("./config");
 const cors = require("cors");
 
-
-
 app.use(cors());
 app.use(bodyParser.urlencoded({ extended: false }));
 app.use(bodyParser.json());
@@ -29,6 +28,12 @@ app.post('/edit', function (request, response) {
     editTransaction(idTransaksi, response);
 });
 
+app.post('/rate', function (request, response) {
+    let idTransaksi = request.body.idTransaksi;
+    let val = request.body.val;
+    editIsRated(idTransaksi, val, response);
+})
+
 app.get('/get', function (request, response) {
     let idUser = request.query.idUser;
     getTransaction(idUser, response);