I've listed a list of rows from my mySQL database onto an admin page. I now simply want to add an icon beside each row giving the user the option to delete the row in question.
Here's my php delete link:
<i class="icon-circle-blank"></i>
And my delete.php file looks like:
<?php
require_once 'db.php';
global $con;
if(($_GET['action'] == 'delete') && isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "DELETE FROM quotes WHERE id = '$id'";
$query = mysqli_query($con, $sql);
}
header("location: http://localhost:81/logintest/home.php");
mysqli_close($con);
?>
From some reason when I click the link, the page just returns a blank page with no database rows being deleted. What am I overlooking?
Unless you're showing us a pseudo-code, this will not parse the PHP id variable:
delete.php?action=delete&id='$id'
you need either:
delete.php?action=delete&id=<?= $id ?>
or
delete.php?action=delete&id=<?php echo $id; ?>
Related
I've put certain values like a user id into the url e.g /index.php?id=1 in previous PHP files.
I have a HTML form that has an action like this:
<form name="staffResponse" method="post" action="respond_ticket.php?id=<?php echo $_GET['id']; ?>">
Which when you go to respond_ticket.php and simply echo the value for the id and look at the URL it does it successfully. Whats more the data that I am posting to that file is also done without problem. However I want to then write that information to a table but it does not seem to work.
Here is the respond_ticket.php file
<?php
include 'database/db.php';
$id = $_GET['id'];
$staffResponse = $_POST['staffResponse'];
$sql = "INSERT INTO tickets (staffResponse) VALUES ('$staffResponse') WHERE id='$id'";
$result = mysqli_query($connection, $sql);
if ($result === TRUE) {
echo '<p>Response ' . $staffResponse . ', has been added</p>';
}
else {
echo '<p class="warning">Unable to respond</p>';
}
?>
The db.php file has all the necessary information for connection to the database i.e name password etc. It also opens the question there too.
I keep just getting the warning message that I wrote.
you cant do an insert with a where modifier like this. change it to update ;)
UPDATE tickets SET staffResponse = '$staffResponse' WHERE id = '$id'
You are not supposed to use a WHERE clause with INSERT
$sql = "INSERT INTO tickets (staffResponse) VALUES ('$staffResponse')";
You may wish to set your tickets table up with auto increment so you dont need to insert an id if you haven't done that already.
use ON DUPLICATE UPDATE if it helps
INSERT INTO tickets (id,staffResponse) VALUES ('$id','$staffResponse')
ON DUPLICATE KEY UPDATE id=VALUES(id), staffResponse=VALUES(staffResponse)
I have successfully implemented data transfer attempt from one page to another using PHP mysql_insert_id header, location method. What I did was:
I have validated it (transferring (i.e. form action) the form to the same page), I have saved it in database, and now I m trying to display the data on another page.
page1 (where original form is located)
$id = mysql_insert_id();
header('Location: page2.php?id='.$id);
and in page2
$id = $_GET['id'];
$query = "SELECT * FROM form1 WHERE id=$id";
{
// there after display of data
}
The problem I faced:
I m getting this link in the title bar
http://localhost/aaa/page2.php?id=76
now if I try to change id= 56 or 45 or any other it is changing displayed data to that id.. so any user can change it in address bar and hence will be able to see my db values..
I thought of encoding it in first place, then at second place I thought of changing it to sessions instead.
so I searched a lot on google to set it as session and I tried this
<?php
// Starting the session
session_start();
if(isset($_SESSION['id'])) //and is this use of id correct?
{ // then what?
}
thanks guys for your help
You have to explain what you are exactly trying to do ? so that we can give suggestion . Though below code will work fine. But i think no use of it.Use session_start before using the session.
Page 1:
$id = mysql_insert_id();
$_SESSION['last_id'] = $id;
header('Location: page2.php');
Page 2:
$id = $_SESSION['last_id'];
$query = "SELECT * FROM form1 WHERE id=$id";
{
// there after display of data
}
page1.php:
<form action="post" action="page2.php">
<input name="name" type="hidden" value="<?=mysql_insert_id();?>"></input>
</form>
page2.php:
<?php
$id = $_POST['name'];
$query = "SELECT * FROM form1 WHERE id=$id";
?>
There's basically pictures on my users profile page that people need permission to see.
I'm basically getting the user to click one link to open a jQuery window and then from within that jQuery window the user needs to click another link and this runs the mysql function and is suppose to insert the user_id which is the users $_session['user_id'] into the table 'ptb_permissions' and the profile id of the user whose pictures that user is trying to see.
So this means the users $profile_id needs to be inserted into 'private_id.
At the moment though only the user_id is being inserted. can someone please show me where I'm going wrong I think I'm loosing the echo at the first link, I don't think I've written the code write here:
<?php
$photo = "data/private_photos/0/_default.jpg";
if (!file_exists($photo)) {
$photo = "data/photos/0/_default.jpg";
}
$thumb = "data/private_photos/0/_default.jpg";
if (!file_exists($thumb)) {
$thumb = "data/photos/0/_default.jpg";
}
echo
"<li><img src=\"$thumb\" width=\"90\" height=\"90\" alt=\"<strong>{$profile[2]}'s Photos</strong>\" /></li>";
?>
after this link is clicked this then opens up a jquery window and the user needs to click:
Let Me See
then i run my function:
<?php
// CONNECT TO THE DATABASE
require('includes/_config/connection.php');
// LOAD FUNCTIONS
require('includes/functions.php');
require_once("includes/session.php");
// GET IP ADDRESS
$ip_address = $_SERVER['REMOTE_ADDR'];
session_start();
if (isset ($_GET['to'])) {
$user_to_id = $_GET['to'];
}
if (!isset($_GET['to']))
exit('No user specified.');
$user_id = $_GET['to'];
$sql = "INSERT INTO ptb_permissions (id, user_id, private_id) VALUES (NULL, '".$_SESSION['user_id']."', '".$user_to_id."');";
mysql_query($sql, $connection);
echo "<div class=\"infobox2\"><strong>Your message has successfully been sent.</strong></div>";
?>
I don't know, but the link syntax is not correct:
request_priv_pix.php?to=?to=...
May be:
request_priv_pix.php?to=...
Looks like you may have a typo in second link?
href="request_priv_pix.php?to=?to="
I wanted to expand my PHP skills so I read through a tutorial on tutorialzine. I understand the instructions presented in the tutorial. But when it comes to expanding on it I seem to be lacking a connection. My main goal was to simply delete a selected note when an a tag is clicked. However I don't know how to select the id assigned to the note to be able to pass it to my delete function.
Source: http://tutorialzine.com/2010/01/sticky-notes-ajax-php-jquery/
Thanks for the help.
<?php
error_reporting(E_ALL^E_NOTICE);
require 'connect.php';
mysql_query("DELETE FROM notes WHERE id>3 AND dt<SUBTIME(NOW(),'0 1:0:0')");
$query = mysql_query("SELECT * FROM notes ORDER BY id DESC");
$notes = '';
$left='';
$top='';
$zindex='';
while($row=mysql_fetch_assoc($query)){
list($left,$top,$zindex) = explode('x',$row['xyz']);
$notes.= '
<div class="note '.$row['color'].'" style="left:'.$left.'px;top:'.$top.'px;z-index:'.$zindex.'">
'.htmlspecialchars($row['text']).'
<div class="author">'.htmlspecialchars($row['name']).'</div>
<span class="data">'.$row['id'].'</span>
<a id="remove_note" href="javascript:;" onclick="deleteNote('<? echo $row['id']; ?>');"> </a>
</div>';
}
function deleteNote(id){
$sql="DELETE FROM notes WHERE id='$rows['id']'";
$result=mysql_query($sql) or die("Error when tryin to delete note.");
}
?>
Update:
I've been playing around with this and the answers that both Andrew and sachleen have provided. And ill plan to work on an AJAX alternative since you've mentioned the whole SQL Injection issue. But I am still having issues with passing the id to the remove.php file. I believe is has to do with how $notes is creating the information from the DB.
I say this because I get: Parse error: syntax error, unexpected T_STRING in /home/avonamyd/public_html/projects_php/sticky_notes/demo.php on line 24
And that is only when I include the code as is from sachleen. But when I update it to account for the single quotes I have the following code. The id is present and is passed to the remove.php file but I am still getting an error. This is when I use my code or what you've provided.
$notes.= '
<div class="note '.$row['color'].'" style="left:'.$left.'px;top:'.$top.'px;z-index:'.$zindex.'">
'.htmlspecialchars($row['text']).'
<div class="author">'.htmlspecialchars($row['name']).'</div>
<span class="data">'.$row['id'].'</span>
<a id="remove_note" target="_blank" href="remove.php?id='.$row['id'].'"> </a>
</div>';
Below is what I currently have in my remove.php file:
<?php
include 'connect.php';
$_GET['id'];
function deleteNote($id){
$sql="DELETE FROM notes WHERE id='$id'";
}
$result=mysql_query($sql) or die("Error when tryin to delete note.");
?>
Update
I've added in additional echo lines throughout the remove.php and this is what I am coming up with.
<?php
include 'connect.php';
$_GET['id'];
echo $id; --doesnt show
function deleteNote($id){
echo "hello"; --doesnt show
$sql="SELECT FROM notes WHERE id='$id'";
}
echo 'hello2'; --shows
$result=mysql_query($sql) or die("Error when tryin to delete note.");
?>
Update:
Thank you for everyone's help with this project I've finally gotten the concepts to click in my head after some tinkering around. I will post the functional code below for anyone else that stumbles upon this code. =D
Thx Everyone!
demo.php
error_reporting(E_ALL^E_NOTICE);
require 'connect.php';
mysql_query("DELETE FROM notes WHERE id>3 AND dt<SUBTIME(NOW(),'0 1:0:0')");
$query = mysql_query("SELECT * FROM notes ORDER BY id DESC");
$notes = '';
$left='';
$top='';
$zindex='';
while($row=mysql_fetch_assoc($query)){
list($left,$top,$zindex) = explode('x',$row['xyz']);
$id = $row['id'];
$notes.= '
<div class="note '.$row['color'].'" style="left:'.$left.'px;top:'.$top.'px;z-index:'.$zindex.'">
'.htmlspecialchars($row['text']).'
<div class="author">'.htmlspecialchars($row['name']).'</div>
<span class="data">'.$row['id'].'</span>
<a id="remove_note" target="_blank" href="remove.php?id='.$row['id'].'"> </a>
</div>';
}
remove.php
<?php
include 'connect.php';
$id = intval($_GET['id']);
$sql="DELETE FROM notes WHERE id=$id";
$result = mysql_query($sql) or die("Unable to delete database entry.");
?>
It looks like you are trying to mix JavaScript and PHP. You cannot call the deleteNote() function when your link is clicked because it is a PHP function. There are a couple of ways to go about calling the PHP script to delete the note:
Use something like the following:
<?php
// ...
$id_to_delete = $_GET['id'];
if( isset($id_to_delete) ) {
$sql="DELETE FROM notes WHERE id='$id_to_delete'";
$result=mysql_query($sql) or die("Error when tryin to delete note.");
}
$query = mysql_query("SELECT * FROM notes ORDER BY id DESC");
//...
while($row=mysql_fetch_assoc($query)){
//...
echo '<a id="remove_note" href="CURRENT_SCRIPT_URL?id=' . $id_to_delete . '">X</a>';
//...
}
?>
Or you could create a second script that deletes a row from the database based on the data that you pass to it and use ajax (I would recommend using jQuery for ajax functionality) to call that script with the id of the item to delete.
Remember that anyone could call your script with a GET parameter and delete a record from the database (or worse, perform an SQL injection attack), so make sure that you have some sort of safeguard in place unless you want all of your records wiped out!
You can't onclick a PHP function. You're mixing JavaScript with PHP. I would do this:
<a id="remove_note" href="remove.php?id=<?php echo $row['id']; ?>">Remove</a>
And then on remove.php get the ID using $_GET['id'] and pass that into the DELETE query.
you have 2 options.
1) make an <a href="another_php_script.php?delete=true"> (or similar), then run the delete script. (then header back to the same page you were on).
This is because you cannot run an onClick php function, you have to redirect to the other page.
2) You can use the onclick function to call an AJAX script, and execute the deleting PHP script from the page you're on - without redirecting.
Option 1 is the easy option, Option 2 is the better option to learn from.
Firstly, I got a database of which I labelled different id for different content. However, I also made a comment box, of which my comments are all numbered by id=1,2,3... so whenever I submit a comment, it is able to link it back to the correct id I got earlier (not the comment box id), i.e. if I entered in www.example.com/synopsis?id=1, I will go back there. However, I have a delete.php file which is linked to reload.php file, whereby the page is reloaded. From this, it is unable to go back to the synopsis?id=1, instead it's just synopsis?id=
Here is my code for the submit comment button
<form action="synopsis.php?id=<?php $id =$_GET["id"]; echo $id; ?>" method="POST">
and this works.
Here is the reload.php file, which doesn't work, and I want it to be back to synopsis?id=1 everytime I hit delete
<?php
$id=$_GET['id'];
$link = mysql_connect("localhost", "root", "");
$refresh = mysql_query("SELECT id FROM dvd where id=$id",$link);
$row = mysql_fetch_assoc($result);
header("Location:synopsis.php?id=<?php $id =$_GET["id"]; echo $id; ?>");
?>
Please help
Correct string concatenation:
header("Location:synopsis.php?id=" . $id);
You already set the $id variable, you don't need to set it again
$id=$_GET['id'];
$link = mysql_connect("localhost", "root", "");
$refresh = mysql_query("SELECT id FROM dvd where id=$id",$link);
$row = mysql_fetch_assoc($result);
header("Location:synopsis.php?id=". $id);
Duplicate of quotes syntax errors?
Anyways :
<?php
$id=$_GET['id'];
$link = mysql_connect("localhost", "root", "");
$refresh = mysql_query("SELECT id FROM dvd where id=$id",$link);
$row = mysql_fetch_assoc($result);
header("Location:synopsis.php?id=".$_GET['id']);
?>
The <?php is used to switch from HTML to PHP mode, but in this code you're already in PHP mode:
header("Location:synopsis.php?id=<?php $id =$_GET["id"]; echo $id; ?>");
It's also good practice to escape variables when you build a new query string:
header("Location: synopsis.php?" . http_build_query(array(
'id' => $_GET['id'],
)));