How to delete a specific row MySQL - php

I am trying to get my PHP script to delete a specific row from a table. Every row has an unique ID. However, my code deletes always the first row, while for instance I want it to delete the row where I clicked the button.
$task_id = $row_list['task_id'];
if (!empty($_GET['delete'])) {
mysql_query("DELETE FROM to_do.list WHERE list.task_id=$task_id");
header('Location: http://localhost/to_do/list_view.php');
};
Table + trigger for script:
do { ?>
<?php echo "<table><tr>";
echo "<td>" . $row_list['task_id'] . "</td>";
echo "<td>" . $row_list['task_info'] . "</td>";
echo "<td>" . "<form action=script.php method=get name=delete>
<input type=hidden name=delete value=$task_id>
<input type=submit value=Delete></form>" . "</td>"; ?>
<?php } while ($row_list = mysql_fetch_assoc($list));
echo "</table>" ?>
I am not sure how I can make it work. Thanks in advance!


Maybe
if (isset($_GET['submit'])) {
mysql_query("DELETE FROM to_do.list WHERE list.task_id = $_GET['delete']");
header('Location: http://localhost/to_do/list_view.php');
};
and
echo "<td>" . "<form action=script.php method=get>
<input type=hidden name=delete value=$task_id>
<input type=submit name=submit value=Delete></form>" . "</td>"; ?>

Related

Trying to create an editable HTML table using PHP and mySQL but the table won't update

I'm trying to make a HTML table as a frontend to a mySQL database. The table displays fine and I can type in the edits I want to make to each row of the table but when I press the submit button the changes aren't actually made. Can anyone see where I'm going wrong?
<?php
include("db.php");
$sql = "SELECT * FROM `artist`";
$result = mysqli_query($conn, $sql);
if (isset($_POST['update'])){
$artID = $_POST['artID'];
$artName = $_POST['artName'];
$key = $_POST['hidden'];
$UpdateQuery = "UPDATE `artist` SET `artID` = '$artID', `artName` = '$artName' WHERE `artist`.`artID` = '$key'";
mysqli_query($conn,$UpdateQuery);
header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
};
echo "<table border='1'>";
echo "<tr>";
echo "<th>ID</th>";
echo "<th>Name</th>";
echo "</tr>";
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
The db.php file simply includes the connection info to the mySQL database and I'm 100% sure there's nothing wrong with it as it retrieves the table correctly it just doesn't update.

You are putting form tag inside tr which is not allowed td are only allowed
so you have to remove that tr from there.
You have to use jquery or you can replace the table with some other grid structure so that it can look the same and the form can be placed there as well
One more suggestion Don't mix the php and html together separate them for the clean code
If you do all these you code will be like this

Your form is being constructed with multiple elements with the same name. When you submit the form it is using the last elements as the values so regardless of the record you want updated the last record is being updated (or throwing an error because of string encapsulation). You should use parameterized queries as well.
So instead of:
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
Use:
if ($result->num_rows > 0) {
// output data of each row
while($row = mysqli_fetch_array($result)) {?>
<form class='artisttable' action ='getartiststable.php' method ='post'>
<tr>
<td><input type='text' name ='artID' value ='<?php echo $row['artID'];?>' /></td>
<td><input type='text' name ='artName' value ='<?php echo $row["artName"];?>' /></td>
<td><input type = 'hidden' name ='hidden' value='<?php echo $row['artID'];?>' /></td>
<td><input type='submit' name ='update'" . " </td>
</tr>
</form>
<?php } ?>
</table>
So you get a form for each data set. Here's a link on prepared statements with mysqli: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php. You also should update your mark up. Tables for formatting aren't the best approach. Your inputs also weren't closed missing >.
Also this changed artisttable from an id to class because there will be multiples. Update CSS/JS accordingly.

beginner form with "update from" and "remove" buttons

I'm a beginner with PHP. I watched a tutorial to create a form which modifies my wamp-created mysql database table. Copied the video at first, but then made my own table from scratch and tried to upgrade it.
My add row works correctly, but the update and remove do not. I think the WHERE clause is not correct, referencing reg_id.
I created a unique primary key, which auto-increments and cannot be modified; this is what I want to reference when changes are made (since it cannot be changed).
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE register SET First_Name='$_POST[first_name]', Last_Name='$_POST[last_name]', Breed='$_POST[breed]', Weight='$_POST[weight]', Age='$_POST[age]', Sex='$_POST[sex]' WHERE '$_POST[reg_id]'='$_POST[reg_id]'";
mysqli_query($con,$UpdateQuery);};
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM register WHERE reg_id='$_POST[reg_id]'";
mysqli_query($con,$DeleteQuery);};
Here is the rest of it where the form is located:
while($record=mysqli_fetch_array($myData)){
echo "<form action=register.php method=post>";
echo "<tr>";
echo "<td>" . $record['reg_id'] . " </td>";
echo "<td>" . "<input type=text name=first_name value=" . $record['First_Name'] . " </td>";
echo "<td>" . "<input type=text name=last_name value=" . $record['Last_Name'] . " </td>";
echo "<td>" . "<input type=text name=breed value=" . $record['Breed'] . " </td>";
echo "<td>" . "<input type=int name=weight value=" . $record['Weight'] . " </td>";
echo "<td>" . "<input type=int name=age value=" . $record['Age'] . " </td>";
echo "<td>" . "<input type=text name=sex value=" . $record['Sex'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
Please help me fix it.

if (isset($_POST['update'])){
$UpdateQuery = "UPDATE register SET First_Name='".$_POST['first_name']."',Last_Name='".$_POST['last_name']."', Breed='".$_POST['breed']."', Weight='".$_POST['weight']."', Age='".$_POST['age']."', Sex='".$_POST['sex']."' WHERE reg_id ='".$_POST['reg_id']."'";
mysqli_query($con,$UpdateQuery);
};
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM register WHERE reg_id='".$_POST['reg_id']."'";
mysqli_query($con,$DeleteQuery);
};
should be enclosed by ' ,that is optional.add hidden will be more better
echo "<td><input type='hidden' name='reg_id' value='".$record['reg_id']."'></td>";
echo "<td><input type='submit' name='update' value='update'></td>";
echo "<td><input type='submit' name='delete' value='delete'></td>";

You are using $_POST without '.
Try this : {$_POST['first_name']} and replace all $_POST according to this.
So your update query will be like this :
"UPDATE register SET First_Name='{$_POST['first_name']}', Last_Name='{$_POST['last_name']}', Breed='{$_POST['breed']}', Weight='{$_POST['weight']}', Age='{$_POST['age']}', Sex='{$_POST['sex']}' WHERE reg_id='{$_POST['reg_id']}'";
There is no field with name reg_id, so your $_POST['reg_id'] will not work.Also please change your where condition. You are matching same value in where condition.
And your delete query will be :
"DELETE FROM register WHERE reg_id='{$_POST['reg_id']}'";
Your query is open for sql injection. Refer this :How can I prevent SQL injection in PHP?

display page
while($record = mysqli_fetch_array($myData)) {
echo "<table>";
echo "<tr>";
echo "<td>".$record['reg_id']."</td>";
echo "<td>".$record['First_Name']."</td>";
echo "<td>".$record['Last_Name']."</td>";
echo "<td>".$record['Breed']."</td>";
echo "<td>".$record['Weight']."</td>";
echo "<td>".$record['Age']."</td>";
echo "<td>".$record['Sex']."</td>";
echo "<td><a href='edit.php?reg_id=".$record['reg_id']."'>EDIT</a></td>";
echo "<td><a href='delete.php?reg_id=".$record['reg_id']."'>DELETE</a></td>";
echo "</tr>";
echo "</table>";
}
delete.php
<?php
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM `register` WHERE `reg_id`={$_GET['reg_id']}'";
mysqli_query($con,$DeleteQuery);
header("Location: your display page");
};
?>
Edit Form
while($record = mysqli_fetch_array($myData)) {
echo '<form action="edit.php" method="Post">
<input type="text" name="First_Name" value="'.$record['reg_id'].'"/>
<input type="text" name="First_Name" value="'.$record['First_Name'].'"/>
<input type="text" name="Last_Name" value="'.$record['Last_Name'].'"/>
<input type="text" name="Breed" value="'.$record['Breed'].'"/>
<input type="text" name="Weight" value="'.$record['Weight'].'"/>
<input type="text" name="Age" value="'.$record['Age'].'"/>
<input type="text" name="Sex" value="'.$record['Sex'].'"/>
<imput type="submit" value="save" name="submit" />
</form>';
}
edit.php
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE `register` SET `First_Name`='{$_POST['first_name']}', `Last_Name`='{$_POST['last_name']}', `Breed`='{$_POST['breed']}', Weight='{$_POST['weight']}', `Age`={$_POST['age']}, Sex='{$_POST['sex']}' WHERE `reg_id`={$_GET['reg_id']}";
mysqli_query($con,$UpdateQuery);
header("Location: your display page");
};

Assigning ID's to fields that are echoed using PHP inside a while loop

I currently have two dropdown menus that a user will select the course and a golfer which will load a scorecard.
What I am trying to do now is when a user enters a value into the "Score" field I want the "points" to be automatically shown ("Points" is a read only input field). To do this I am assuming that I will have to give each table row for score and points a specific ID.
echo "<div class='scorecardTable'>
<table 'id=scorecardTable'>
<tr>
<th>HoleNumber</th>
<th>Par</th>
<th>Stroke Index</th>
<th>Score</th>
<th>Points</th>
</tr>'";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['holeNumber'] . "</td>";
echo "<td>" . $row['par'] . "</td>";
echo "<td>" . $row['strokeIndex'] . "</td>";
echo "<td> <input type='text' maxlength='2' id='score' /></td>";
echo "<td> <input type='text' id='points' readonly></td>";
echo "</tr>";
}
echo "</table>";
From the above code I am using PHP to print the information from my database but I was just wondering if anyone would know how to assign a unique ID to each of the score and points input fields so I can apply the calculation to each user input.

You could use a variable to count the rows and set the id.
$rowIndex = 0;
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['holeNumber'] . "</td>";
echo "<td>" . $row['par'] . "</td>";
echo "<td>" . $row['strokeIndex'] . "</td>";
echo "<td> <input type='text' maxlength='2' id='score$rowIndex' /></td>";
echo "<td> <input type='text' id='points$rowIndex' readonly></td>";
echo "</tr>";
$rowIndex++;
}
You may also use
id='score[$rowIndex]'

Pass variable in php to next page from a table

I'm creating a table and when the user clicks on the button I want it to open a php file called player_profile, where that page will call up more information on that particular player.
When it comes to passing variable through pages I'm aware that something along these lines will work.
//On page 1
$_SESSION['varname'] = $var_value;
//On page 2
$var_value = $_SESSION['varname'];
Yet when I add it to the button the php file wont load. Below is my code without passing a variable that works.
<?php
$result = mysql_query("SELECT *, CONCAT(FirstName,' ', LastName) AS Name FROM Player WHERE TeamID = '$TeamID' ORDER BY LastName ASC");
echo "<table id='customers' border='1'>
<tr>
<th>PlayerID</th>
<th>Name</th>
<th>Position</th>
<th>Tries</th>
<th>Tackles</th>
<th>Turnovers</th>
<th> Info </th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row["PlayerID"] . "</td>";
echo "<td>" . $row["Name"] . "</td>";
echo "<td>" . $row['Position'] . "</td>";
echo "<td>" . $row['Tries'] . "</td>";
echo "<td>" . $row['Tackles'] . "</td>";
echo "<td>" . $row['Turnovers'] . "</td>";
echo "<td><form action=player_profile.php>
<input name=id type=hidden value='".$row['PlayerID']."';>
<input type=submit name=submit value=info>
</form></td>";
echo "</tr>";
echo "</tr>";
}
echo "</table>";
?>
The code above works perfectly at displaying a table and taking me to the player_profile page. But if change the button to the code below the page so that I can pass a variable it doesn't load
echo "<td><form action=player_profile.php>
<input name=id type=hidden value='".$row['PlayerID']."';>
$_SESSION['varname'] = ".$row['PlayerID'].";
<input type=submit name=submit value=info>
</form></td>";
echo "</tr>";

Don't use the session to pass parameters. It breaks the way users expect a page works.
Use $_GET parameters:
John
Then in player_profile.php do:
$id = isset($_GET["id"]) ? $_GET["id"] : false;
if ($id === false) {
exit("missing input");
}
// etc
The problem with using a session here is that if someone opens two different player profiles what can he expect to see? What if he refreshes one of them?
A more advanced and involved way of parameter passing uses URL Rewriting to get nice looking URLs like:
John

You have code trying to set a session inside your echo. You want it separate:
echo "<td><form action=player_profile.php>
<input name=id type=hidden value='".$row['PlayerID']."'>
<input type=submit name=submit value=info>
</form></td>";
echo "</tr>";
If you want to access the PlayerID variable on the player_profile.php you just use:
$var_value = $_GET['id'];
You could also put it into a session var at that point, but I don't know why you would need that.

Delete button for each table row

I manage to succesfully read and display data from my database with the following code:
http://pastebin.com/rjZfBWZX
I also generate a delete button for each row of the table :) Clicking the delete button calls "obrisi.php" which is supposed to delete that row but I messed something up :S Here's obrisi.php code:
http://pastebin.com/mrFy1i7S
I'm getting a Parse error: syntax error, unexpected 'FROM' (T_STRING) :S

Let's try and do it with _GET instead of _POST.
In your main code you need to change line 39 (the input) from:
echo "<td>" . " <input type='submit' id= '$id' . ' value='Delete' >" . "</td>";
to:
echo "<td><a href='obrisi.php?id=$id'>Delete</a></td>";
In your obrisi.php change line 3 (the id setup) from:
$id = $_POST['id'];
to:
$id = $_GET['id'];
And finally as a nice addition, redirect back to the main page by adding the following line at the end of the obrisi.php file before the closing of the php tag.
header('location:index.php');
Where index.php the name of the main page you have.

echo "<td>" . " <input type='submit' id= '$id' . ' value='Delete' >" . "</td>";
some simple errors here. this would output (with $id = 1):
<td><input type='submit' id= '1' . ' value='Delete' ></td>
this line should be corrected to
echo '<td><input type="submit" id="' . $id . '" value="Delete" ></td>';
this is also going wrong.
echo "<form action="obrisi.php" method="post">";
should be like:
echo '<form action="obrisi.php" method="post">';
But the main problem is that there is no field id given in the post. The id of a html element is not sent on submit. it is basically to identify that element in the HTML structure.
And when using a submit button you will have to limit the scope of the form to that row and use a hidden input field, or use a link like thanpa suggests
to clarify: if you want to do it with a post (but i would sugget using the $_GET)
while ($row = mysqli_fetch_array($result) )
{
$id = $row['id'];
echo "<tr>";
echo '<form action="obrisi.php" method="post">';
echo "<td>" . $row['Ime'] . "</td>";
echo "<td>" . $row['Prezime'] . "</td>";
echo "<td>" . $row['Grad'] . "</td>";
echo "<td>" . $row['Drzava'] . "</td>";
echo "<td>" . $row['Obavijesti'] . "</td>";
echo "<td>" . $row['Tekst'] . "</td>";
echo "<td>"
echo '<td><input type="hidden" name="id" value="' . $id . '"/><input type="submit" value="Delete" ></td>';
echo "</form>
echo "</tr>";
}
and remove the echo's for the form from start and end of script.

as an additional note here, if this is going to be at some point being used in a live system you need to be checking $id in obrisi.php that it is actually an ID and not something nasty and unexpected like more sql, look up sql injection.

Categories