How to add a delete button to a PHP form that will delete a row from a MySQL table

Question

I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.

This is my code for the results page:

<?php
                    
    $contacts = mysql_query("
        SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
    
    // If results
    if( mysql_num_rows( $contacts ) > 0 )
    ?>
    
    <table id="contact-list">
        <thead>
            <tr>
                <th>Name</th>
                <th>Email</th>
                <th>Telephone</th>
                <th>Address</th>
  <th>Delete</th>
            </tr>
        </thead>
        <tbody>
        
        <?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
        
        

            <tr>
                <td class="contact-name"><?php echo $contact['name']; ?></td>
                <td class="contact-email"><?php echo $contact['email']; ?></td>
                <td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
                <td class="contact-address"><?php echo $contact['address']; ?></td>
                <td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>                
            </tr>
            
        <?php endwhile; ?>
        
        </tbody>
    </table>

and, this is my delete.php script

<?php

//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

//sends the query to delete the entry
mysql_query ($query);

if (mysql_affected_rows() == 1) { 
//if it updated
?>

            <strong>Contact Has Been Deleted</strong><br /><br />
    
<?php
 } else { 
//if it failed
?>
    
            <strong>Deletion Failed</strong><br /><br />
    

<?php
} 
?>

I cannot figure out why this is not working.

Answer 1

First, you should not write the code in that way; the code has no protection against SQL injection.

1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).

So, you can create a hidden field to know which 'person' you are dealing with.

<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">

2. Sanitize variables to avoid attacks:

<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;

// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";

}

// redirect to the main table with header("location: main.php");

?>

Answer 2

You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:

Replace

<td class="contact-delete">
      <form action='delete.php' method="post">
      <input type="hidden" name="name" value="">
      <input type="submit" name="submit" value="Delete">
      </form>
</td>

With

<td class="contact-delete">
    <form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
        <input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
        <input type="submit" name="submit" value="Delete">
    </form>
</td>

Answer 3

<input type="hidden" name="name" value="">

You are missing a value which wil be picked up by this line in your delete file.

$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

Right now it isn't receiving anything, which is why it will not work.

So add a value to it and it will work. Example:

<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">

Answer 4

USe javascript

<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="&laquo; Back" />

and in delet.php

$id=$_GET['id'];

and put $id in your sql statement.

Answer 5

You are missing to pass name in this line:

<input type="hidden" name="name" value="">

You need to have something (<?php echo $contact['name']; ?>) in the value attribute.

BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.