I am looking to delete a particular row from a database using the code below. The code below is within a file called "delete.php" and it is taking input from an input box that is located on another php file called "yourReports.php".
When the form is submitted on "yourReports.php" it should delete the row from the database, however it doesn't appear to be working.
delete.php
<?php
$mysqli = mysqli_connect("localhost", "root", "DBPASS","DBNAME") or die ('Could not connect to database!');
$_POST['delete'];
$deletereport = mysqli_real_escape_string($mysqli, $_POST['delete']);
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'");
header('Location: yourreports.php');
?>
yourReports.php
<form action="delete.php" method="post" name="form1">
<label><strong>Enter Report Name To Delete:</strong></label>
<input name="delete" id="delete" type="text">
<input value="Delete Report" name="delete" class='myButton' type="submit">
</form>
Any help would be appreciated.
Thanks
Set the method and name attribute of form to post
<form action="delete.php" method="post" name="form1">
Check if the query fails:
if(! mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'")){
echo mysqli_error();
}
[Updated]
You cannot have two inputs with the same name. Your input and delete button both have the name delete. So try considering different names for inputs.
change
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'");
To
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '{$deletereport}'");
Related
This is the php code to delete.
<?php
$namez = $_POST['vendel'];
$name = mysql_real_escape_string($namez);
mysql_connect("localhost","root",
"") or die("Wrong username or password");
mysql_select_db("vendor") or die( "Unable to select database");
mysql_query("DELETE FROM vendoradd WHERE venname='$name'");
?>
And here is the code where I select from a combobox.
<form action="delete.php" method="post">
<select name="vendel">
<?php
$con=mysqli_connect("localhost","root","","vendor") or die("Unable to connect");
$query = mysqli_query($con,"select venname from vendoradd");
while ($row=$query->fetch_assoc()){
echo "<option value=\"vendel1\">".$row['venname']."</option>";
}
?>
</select>
<input type="submit" value="Delete" id="del">
</form>
I am not getting any error, the page is redirecting to delete.php file but when I cross check the database the selected data is not deleted. Any help is appreciated. Thanks in advance
Well... Its because you're posting a value "vendel1", which means that you're always sending the same value, just for you to know... The name of the select combobox is the index in the $_POST and the value in the option is the value, for example, if you have:
<form action="" method="post">
<select name="foo">
<option value="1">Stack</option>
<option value="2">Overflow</option>
</select>
<input type="submit">
</form>
<?php
echo $_POST['foo'];
?>
And you select the option "Stack" the output of
$_POST['foo']
will be 1.
So if you re going to post with a select combobox, you'll have to give an unique value to each option, so you can delete the correct one in your database. My recommendation for you is to create an unique ID to each user in your table, its better to compare unique ID's than strings... Why? Because if you have two people with the same name, you'll delete both, but, with an unique ID you'll not have that problem. If you want to delete
<form action="delete.php" method="post">
<select name="vendel">
<?php
$con=mysqli_connect("localhost","root","","vendor") or die("Unable to connect");
$query = mysqli_query($con,"select TRIM(venname) from vendoradd");
while ($row=$query->fetch_assoc()){
echo "<option value=".$row['venname'].">".$row['venname']."</option>";
}
?>
</select>
<input type="submit" value="Delete" id="del"></form>
And your delete should be like this:
<?php
$namez = $_POST['vendel'];
$name = mysql_real_escape_string($namez);
mysql_connect("localhost","root", "") or die("Wrong username or password");
mysql_select_db("vendor") or die( "Unable to select database");
mysql_query("DELETE FROM vendoradd WHERE TRIM(venname) = TRIM('$name')");
?>
I have a table within my database containing subscriptions, each subscription has a name, id and a notes column.
I'm trying to allow the user to update the notes column through a text area on the webpage. All of the subscriptions are in a list on the page which allows the user to click on them to view that specific subscription.
How would I make sure the note that is updated is correct with the id of the subscription they have clicked on?
I currently have this code.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="submit" name="submit"/>
</form>
This is what I think my noteAction.php should look like however I cannot get it working.
mysql_connect ("host", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("database_name") or die ('Data error:' . mysql_error());
$text = mysql_real_escape_string($_POST['noteValue']);
$query="UPDATE `subscription` SET `notes`= '$text' WHERE `id` = '$id'";
mysql_query($query) or die ('Error updating database ' . mysql_error());
Any help would be great, thanks.
Use hidden element to store your id inside it.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="hidden" name="id" value="id" value="your id goes here" />
<input type="submit" name="submit"/>
</form>
When you're putting the note in the form, you must have an id for that note kicking about somewhere, after you retrieved it from the database. If you only selected the note contents in that query, select the ID as well. Then pass the ID over in a hidden field, and you have the ID to use in the MySQL query (which is correct).
<input type="hidden" name="note-id" value="note_id_here">
So I'm creating a small program with 2 forms, one to add data to a database, and one to delete from it. I've managed to create the first input form, but I'm slightly confused as to how I would get the second form to work. In the database "tasks" I have a table called "ID" which has the columns "ID", "Name" and "Hours"
Here's what the two HTML forms look like
<h2>Add Tasks</h2>
<form action="test.php" method="get">
Name of Task: <input type="text" name="name"><br />
Hours: <input type="number" name="hours"><br />
<input type="submit" value="Add" name="submit">
</form>
<h2>Delete Tasks</h2>
<form action="delete.php" method="get">
ID: <input type="number" name="ID"><br />
<input type="submit" value="Delete">
</form>
And the PHP for the first form "Add tasks" which inserts data
$servername = "localhost";
$username = "root";
$password = "root";
$conn = new mysqli($servername, $username, $password, "Tasks");
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
};
if (isset($_GET['submit'])) {
mysqli_select_db ($conn,"Tasks");
$name = $_GET['name'];
$hours = $_GET['hours'];
$sql = "INSERT INTO ID (Name, Hours) VALUES ('".$name."','". $hours."')";
$results = mysqli_query($conn,$sql);
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
And the PHP for the second form which deletes tasks. This is the part that is not working
if (isset($_GET['submit'])) {
mysqli_select_db ($conn, "Tasks");
$id = $_GET['id'];
$sql = "DELETE FROM ID (ID) VALUES ('".$id."')";
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
How should I format the PHP for the second button. I've basically reused the code for the first form. Do I need to differentiate it somehow from the first button? Currently the page is showing up completely blank. I'm a complete novice so any help would be appreciated.
Your SQL Statement
"DELETE FROM ID (ID) VALUES ('".$id."')"
is wrong.
It should be
DELETE FROM table_name
WHERE some_column=some_value;
. So, change your statement to
DELETE FROM ID WHERE ID='$id'
Suggestions
You should use POST method for action which will result in data edit.
You should check the input, make sure it did not contain SQL statement. A good way is to use $stuff = mysql_real_escape_string($_GET["stuff"]).
I see you have name 'ID' in the form but your are trying to get 'id'. That could be the problem
The sql statement for deletion should look something like the snippet below.
$sql = "DELETE FROM ID WHERE `id`=".$id.";";
$results = mysqli_query($conn,$sql);
In addition to above answers you should give different name to the both form input tags as
<h2>Add Tasks</h2>
<form action="test.php" method="get">
Name of Task: <input type="text" name="name"><br />
Hours: <input type="number" name="hours"><br />
<input type="submit" value="Add" name="submit">
</form>
<h2>Delete Tasks</h2>
<form action="delete.php" method="get">
ID: <input type="number" name="ID"><br />
<input type="submit" value="Delete" name="delete">
</form>
So for adding into database , you can use
if (isset($_GET['submit'])){
// your code here
}
And for deleting from database , you can use
if (isset($_GET['delete'])){
mysqli_select_db ($conn, "Tasks");
$id = $_GET['id'];
$sql = "DELETE FROM ID (ID) WHERE ID='".mysql_real_escape_string($id)."' ;
$query = "SELECT `Name` FROM `ID`";
$result = mysqli_query($conn, $query);
$x=0;
}
This will solve all the problems.
If you are using same name for the type="submit" in both forms than you can use POST method on one form and GET method on the other.
And yes mysql_real_escape_string is used to prevent SQL INJECTION.
I'm creating a forum in PHP and using MySql as a database, and was wondering how I could check if a MySql field topic_locked was equal to 1. If it isn't, the reply code would be displayed. How can I check this, and if you can help me find how to check this, how could I set it to 1 through the forum?
I dont know your code. But I am sharing simple program to check a mysql field's value.
<?php
// Database select and connect to host
$sql= mysql_query("SELECT topic_locked FROM table WHERE Id='your_id'");
$res= mysql_fetch_array($sql);
$value= $res['topic_locked'];
if($value=='1')
{
// reply code
}
?>
Update asked,
<?php
if(isset($_POST['update']))
{
$id= $_POST['id'];
//Database select and connect to host
mysql_query("UPDATE table SET topic_locked='1' WHERE Id='$id'");
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="your_id" />
<input type="submit" name="update" />
</form>
I got a table with dynamic data with 5 td-s. First one is for the ID, second one for date, third for the name of the author, fourth for some properties and in the last one i got two buttons. I want them to change the value of the $status in applications table. For that I made 2 php files in which I added the mysql update function for each of the buttons. But I don't know why when I press the buttons it does everything in the php except it doesn't change the value of $status. Please let me know where I am wrong and how can I make it work. Thanks in advance.
The html code of the buttons (the last td):
<form action="status1.php">
<input type="submit" name="approve" value=" + ">
</form>
<form action="status2.php">
<input type="submit" name="refuse" value=" - ">
</form>
The PHP code for the buttons - status1.php (status2.php is the same but it changes the $status value to 2 instead of 1)
<?php
require_once('config.php');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_query('set names windows-1251', $link);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
$id=$_GET['id'];
$qry="UPDATE applications SET status=1 WHERE id='$id'";
$result = mysql_query($qry);
if($result) {
header("location: applications.php");
exit();
}
else {
die("Query failed");
}
?>
You are using $_GET['id'] as identifier, but as far as I can see in the code, you are not actually sending any GET information apart from the submit button itself. So your query is currently actually updating the row WHERE id=''. That's why you don't get errors, but you don't get your desired result either.
Change the action parameter of your form to status1.php?id=$id, or add something like <input type="hidden" name="id" value="$id"/> inside the form.
Well, are you getting any errors? Comment out the header("location: applications.php"); line so you will see if it throws any. Also try adding something like echo $qry so you can visually verify that the query is correct.
Also, you should read up on SQL injection and how to protect against it. Directly sticking user input into the query like that can open the door to nastiness. Also, you aren't checking user input for apostrophes which can break your query. I personally use PDO, which makes it a lot easier and a bit safer.
Another suggestion, rather than having to maintain two separate submission PHP files, just put your two submit buttons like this:
<input type="submit" name="status" value=" + ">
<input type="submit" name="status" value=" - ">
Then change the form action to the name of the consolidated php file and in that file, just evaluate the value of the status like:
$status = 0;
if ($_GET["status" == " + ") $status = 1;
If you install PDO, you'd do the meat of the DB update like this:
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_DATABASE, DB_USER, DB_PASSWORD);
$sql = $pdo->prepare("UPDATE applications SET status=? WHERE id=?");
$sql->execute(array($status, $_GET["id"]));
..which would be a little safer than what you're doing now.
Disclaimer: I'm just a hobbyist PHP programmer, so there may be better ways than I've mentioned :)
use this instead of ur form tag
for form 1
<from method="get" action="status1.php">
<input type="hidden" name="id" value="1"/>
<input type="submit" name="approve" value=" + "/>
</form>
for form2
<from method="get" action="status2.php">
<input type="hidden" name="id" value="2"/>
<input type="submit" name="refuse" value=" - "/>
</form>