Delete article with submit button - php

i have a problem with deleting the articles. I want it to delete after click on submit button but i dont know how. I do not want use javascript to autosubmit form in select tag. Can u help me ? I would appriciate that. Thanks.
<?php
session_start();
include_once('../includes/conn.php');
include_once('../includes/article.php');
$article= new Article;
if(isset($_SESSION['logged_in'])){
if(isset($_POST['id'])){
$id=$_POST['id'];
$query=$pdo->prepare('DELETE FROM articles WHERE article_id=?');
$query->bindValue(1, $id);
$query->execute();
header('Location: delete.php');
}
$articles=$article->fetch_all();
?>
<html>
<head>
<title>CMS Tutorial</title>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<div class="container">
CMS
<br/>
<h4>Delete article:</h4>
<form action="delete.php" method="post" name="id">
<select>
<?php foreach($articles as $article){?>
<option value="<?php echo $article['article_id']; ?>"><?php echo $article['article_title']; ?></option>
<?php } ?>
</select>
<input type="submit" value="Delete article">
</form>
</div>
</body>
?>


According to your code, shift name="id" from form to select.
You are trying to get selected id of drop down, so the name should be given to select.
<form action="delete.php" method="post" name="id">
<select>
to
<form action="delete.php" method="post">
<select name="id">
Another issue noticed in your code is, you should terminate execution
immediately after header('Location: delete.php'); with die(); or
exit(); to ensure remaining lines should not be executed. In PHP,
header() is just a function which helps in setting header, and here
you are settling Location header, which further handled by browser
for taking necessary action (here redirection). So, header() does
not ensure stopping execution of remaining code.


add <?php echo $_SERVER['PHP_SELF']; ?> to the form instead of delete.php to execute the php code above and i assume the file looks as your post .
and add name="id" to select element to grap the post value to manipulate instead of form.
i hope this works according to what you provide in your post.
session_start();
include_once('../includes/conn.php');
include_once('../includes/article.php');
$article= new Article;
if(isset($_SESSION['logged_in'])){
if(isset($_POST['id'])){
$id=$_POST['id'];
$query=$pdo->prepare('DELETE FROM articles WHERE article_id=?');
$query->bindValue(1, $id);
$query->execute();
header('Location: delete.php');
}
$articles=$article->fetch_all();
?>
<html>
<head>
<title>CMS Tutorial</title>
<link rel="stylesheet" href="assets/style.css" />
</head>
<body>
<div class="container">
CMS
<br/>
<h4>Delete article:</h4>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<select name="id">
<?php foreach($articles as $article){?>
<option value="<?php echo $article['article_id']; ?>"><?php echo $article['article_title']; ?></option>
<?php } ?>
</select>
<input type="submit" value="Delete article">
</form>
</div>
</body>

Related

how to stop data automatically insert into database in php

I have problem in this code.
In this code when i press save data button , the data insert into database but when i refresh page then it's automatically insert into database, what should i do in my code then stop automatically insert data into database, thanks in advance
<?php
require './database/databaseConnection.php';
if(isset($_POST['save_button']))
{
if(($_POST['fname']&&($_POST['lname'])))
{
$first_name=$_POST['fname'];
$last_name=$_POST['lname'];
$qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
$result= mysql_query($qry)or die(mysql_error());
if($result){
echo 'SuccessFully saved data';
}
else{
echo 'Data Not Inserted!';
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title></title>
<link rel="stylesheet" href="bootStrap/css/bootstrap.min.css">
<link rel="stylesheet" href="bootStrap/css/bootstrap.css">
</head>
<body>
<div class="container jumbotron ">
<form action="" method="post">
<table class="table-responsive">
<div class="form-group form-inline">
<tbody>
<tr>
<td> <label for="fname" class="label-info">First Name</label></td>
<td><input class="form-control" type="text" name="fname"></td>
<td><label for="lname" class="label-info">Last Name</label></td>
<td><input class="form-control" type="text" name="lname"></td>
</tr>
</tbody>
</div>
</table>
<button type="submit" name="save_button" class="btn-success" >Save Data</button>
</form>
</div>
</body>
</html>

This is happening because your action is empty
Update your action to this
action="<?php echo $_SERVER['PHP_SELF']; ?>"

Make a separate php file that will insert data to database. Give this in the form action attribute.
<form action="insert.php" method="post">
......
......
</form>
insert.php file
<?php
require './database/databaseConnection.php';
if(isset($_POST['save_button']))
{
if(($_POST['fname']&&($_POST['lname'])))
{
$first_name=$_POST['fname'];
$last_name=$_POST['lname'];
$qry="INSERT INTO user_master(first_name,last_name) values('$first_name','$last_name')";
$result= mysqli_query($qry)or die(mysql_error());
if($result){
echo 'SuccessFully saved data';
}
else{
echo 'Data Not Inserted!';
}
}
}
?>
You can use header() to redirect to your previous page if you want. Thus not allowing the refreshing of insert.php
header("location: your_page.php");
it will be safe if you use Prepared Statements
Take a look

How to make "MadLibs" form results appear below form fields after submitting?

Thanks in advance for your help. I've searched a lot before posting this but I end up more confused than when I started :)
I'm trying to have one page contain the form fields and after pressing submit, the resulting story with user's form field entries inserted into the story.
It would be great to have the text from the form fields remain so that the user doesn't need to retype everything if they need to change a word or two.
I really appreciate your help. Hopefully this will help many people at once.
<html>
<head>
<title>My MadLib</title>
</head>
<body>
<h1>MadLib</h1>
<?php if (isset($_POST['action']) && $_POST['action'] == "show"): ?>
<p>Hello, I am a <?php echo $_POST['adj'] ?> computer that owns a <?php echo $_POST['noun'] ?>.</p>
<?php else : ?>
<form action="madlib.php" method="post">
<input type="hidden" name="action" value="show">
<p>An adjective: <input type="text" name="adj"></p>
**strong text** <p>A noun: <input type="text" name="noun"></p>
<p><input type="submit" value="Go!"></p>
</form>
<?php endif ?>
</body>
</html>

As you said you don't want to "keep it simple", you may simply add the needed value attribute to each of your <input>s, like this:
<html>
<head>
<title>My MadLib</title>
</head>
<body>
<h1>MadLib</h1>
<?php
if (isset($_POST['action']) && $_POST['action'] == "show") {
?>
<p>Hello, I am a <?php echo #$_POST['adj']; ?> computer that owns a <?php echo #$_POST['noun']; ?>.</p>
<?php
} else {
?>
<form action="madlib.php" method="post">
<input type="hidden" name="action" value="show">
<p>An adjective: <input type="text" name="adj" value="<?php echo #$_POST['adj']"; ?> /></p>
**strong text**
<p>A noun: <input type="text" name="noun" value="<?php echo #$_POST['noun']"; ?> /></p>
<p><input type="submit" value="Go!"></p>
</form>
<?php
}
?>
</body>
</html>
Note the (sometimes unloved) "#" to prevent firing a notice when $_POST['...'] doesn't exist yet. I also added the same in your <p>Hello... line.

Deleting a ROW from MySQL database using MySQLi

I've got a delete.php file with yes/no buttons that call deleteRecord.php to delete the selected row from the database.
The problem seems to be that I'm not passing the variable for the ProjectID through to the deleteRecord file.
Can someone please tell me what's wrong?
delete.php
<?php
error_reporting(E_ALL|E_STRICT); ini_set('display_errors', true);
require('includes/conn.inc.php');
require('includes/functions.inc.php');
$sProjectID = safeInt($_GET['ProjectID']);
$stmt = $mysqli->prepare("SELECT ProjectID, ProjectName, ProjectImage, LanguageUsed, ApplicationUsed, Description FROM Projects WHERE ProjectID = ?");
$stmt->bind_param('i', $sProjectID);
$stmt->execute();
$stmt->bind_result($ProjectID, $ProjectName, $ProjectImage, $LanguageUsed, $ApplicationUsed, $Description);
$stmt->fetch();
$stmt->close();
?>
<!DOCTYPE HTML>
<input name="ProjectID" type="hidden" value="<?php echo
$ProjectID; ?>">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Delete <?php echo $ProjectName; ?></title>
<link href="styles/cms.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<header>
<h1>Delete <?php echo $ProjectName; ?></h1>
<?php
require('includes/nav.inc.php');
?><p>Hello </p><?php echo "$sProjectID" ?>
</header>
<form name="form1" method="get" action="process/deleteRecord.php">
<p>Are you sure you wish to delete <?php echo $ProjectName; ?>?</p>
<p>
<input type="submit" name="del" id="del" value="Delete">
</p>
</form>
<form name="form2" method="" action="listall.php" id="saveForm">
<input type="submit" name="save" id="save" value="Save">
</form>
<?php
require('includes/footer.inc.php');
?>
</div>
</body>
</html>
deleteRecord.php
<?php
error_reporting(E_ALL|E_STRICT); ini_set('display_errors', true);
require('../includes/conn.inc.php');
require('../includes/functions.inc.php');
// sanitize user variables
$sProjectID = safeInt($_POST['ProjectID']);
// prepare SQL
$stmt = $mysqli->prepare("DELETE FROM Projects WHERE ProjectID = ?");
$stmt->bind_param('i', $sProjectID);
$stmt->execute();
$stmt->close();
//header("Location: ../index.php");
// redirect browser
exit;
// make sure no other code executed
?>

You need to write the hidden field inside your form and change your method to POST.
<form name="form1" method="post" action="process/deleteRecord.php">
<p>Are you sure you wish to delete <?php echo $ProjectName; ?>?</p>
<p>
<input name="ProjectID" type="hidden" value="<?php echo
$ProjectID;
?>">
<input type="submit" name="del" id="del" value="Delete">
</p>
</form>
As per #VolkerK comment below, put the input element "within" the form element instead of the one before the <html> tag.

This uses the GET method for doing the same:
Change in delete.php:
<form name="form1" method="get" action="process/deleteRecord.php?ProjectID=<?= $ProjectID ?>">
<p>Are you sure you wish to delete <?php echo $ProjectName; ?>?</p>
<p>
<input type="submit" name="del" id="del" value="Delete">
</p>
</form>
Change in deleteRecord.php:
$sProjectID = safeInt($_GET['ProjectID']);

PHP Checkbox from db, unchecked after submit

I have this code. I need that all the checkbox (taken by database) that I choose remain checked even after submitting the page.How can I do that?
?>
<?php
function connetti(){
$conn=mysql_connect("localhost","user","pass");
mysql_select_db('colours');
return $conn;
}
?>
<html>
<head>
<title>Scelta colori</title>
<meta charset="utf-8">
</head>
<body>
<h1>Scelta colori</h1>
<h1>Benvenuto <?php echo $_SESSION['user']; ?></h1><br>
<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<?php
$conn=connetti();
$sql="SELECT tonalita FROM colori";
$risultato=mysql_query($sql);
while ($row=mysql_fetch_array($risultato)){
$valore=$row['tonalita'];
echo('<input type="checkbox" value="'.$valore.'" name="colori[]">'.$valore.'</input><br>');
}
mysql_free_result($risultato);
mysql_close($conn);
?>
<input type="submit" value="Invia">
<input type="reset" value="Annulla">
</form>
</body>
</html>

u can use, after submitting the form, the $_POST vars and check it with $valore
<?php
echo('<input type="checkbox" value="'.$valore.'" name="colori['.$valore.']"'.((isset($_POST["colori"][$valore])&&$_POST["colori"][$valore]==$valore)?' checked="checked"':"").'>'.$valore.'</input><br>');
?>
untestet but should work
edit: got the error on the name-attr and fixed issue on not settet index. testet on php5

String %0D%0A causing comparison issues in SQL?

I have a drop down box that contains a list of names and a search field.
The drop down is populated with a list of names from the database and the search field allows you to perform a wild card search.
At the moment the wild card search works as expected but choosing a name from the drop down does not work.
I believe this might be possibly because of some unwanted characters as I am seeing the below in my address bar on the browser having chosen a name from the drop down list and clicked the search button:
http://localhost:81/connect/players/?name=%0D%0A3&text=&action=search
I think that text above (%0D%0A) is causing a problem as my code looks like this:
if (isset($_GET['action']) and $_GET['action'] == 'search')
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';
$id = $_GET['name']; // name slightly confusing but does return the id
$text = $_GET['text'];
try
{
$sql = "SELECT id, name, age FROM player
WHERE player.id = '$id'
OR player.name LIKE '%$text%'
GROUP BY player.id";
$s = $pdo->query($sql);
}
catch (PDOException $e)
{
$error = 'Error fetching names.' . $e->getMessage();;
include 'error.html.php';
exit();
}
// This is responsible for populating the new player info underneath all
foreach ($s as $row)
{
$names[] = array('id' => $row['id'], 'name' => $row['name'], 'age' => $row['age']);
}
include 'searchprofiles.html.php';
exit();
}
And I believe this is preventing it from comparing the id in the database with the id that is stored in the variable $id.
I have however also just manually stripped %0D%0A out from the address bar and it still doesn't work so perhaps there might be another issue?
It should also be noted that if no value is selected from the drop down and no wild card is entered then all rows are returned.
HTML is as follows:
SEARCHPROFILES.HTML.PHP
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Manage Jokes: Search Results</title>
</head>
<body>
<h1>Search Results</h1>
<?php if (isset($names)): ?>
<table>
<tr><th>Name</th><th>Options</th></tr>
<?php foreach ($names as $name): ?>
<tr>
<td><?php htmlout($name['name']); ?></td>
<td><?php htmlout($name['age']); ?></td>
<td>
<form action="?" method="post">
<div>
<input type="" name="id" value="<?php
htmlout($name['id']); ?>">
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Delete">
</div>
</form>
</td>
</tr>
<?php endforeach; ?>
</table>
<?php endif; ?>
<p>New search</p>
<p>Return to JMS home</p>
</body>
</html>
BELOW IS THE HTML FOR THE FORM WHERE THE VALUES ARE ADDED.
<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Manage Profiles</title>
</head>
<body>
<h1>Manage Profile</h1>
<p>Add new profile</p>
<form action="" method="get">
<p>View player profiles satisfying the following criteria:</p>
<div>
<label for="name">By name:</label>
<select name="name" id="name">
<option value="">Any name</option>
<!-- populates the drop down with names -->
<?php foreach ($names as $name): ?>
<option value="
<?php htmlout($name['id']); ?>">
<?php htmlout($name['name']); ?>
</option>
<?php endforeach; ?>
</select>
</div>
<div>
<label for="text">Containing text:</label>
<input type="text" name="text" id="text">
</div>
<div>
<input type="hidden" name="action" value="search">
<input type="submit" value="Search">
</div>
</form>
</body>
</html>
Any help is greatly appreciated.
Thanks

The reason is the line break you have in your form control:
Change
<option value="
<?php htmlout($name['id']); ?>">
<?php htmlout($name['name']); ?>
</option>
To
<option value="<?php htmlout($name['id']); ?>">
<?php htmlout($name['name']); ?>
</option>

Categories