delete a row from my sql table

Question

I'm still new to php and working my way around it but i'm stuck at the following piece:

code for deleting a row in my table

i have a link directing towards this piece of my script. i run through the first half just fine but when i press on submit and try to execute my delete query it won't go to my second if statement let alone get to the delete query.

$pgd is the page id

my hunch is there is problem with the action in the form i'm building after my while statement

forgive me for the wierd formatting of my msg but its 2am and very tired, i promise to format my questions in the future better! any help is appreciated

edit: ok other then the obvious mistake of missing method=post @.@;

edit:

hey everyone, first of all, i'd like to thank everyone for their response. i just started coding in php last weekend so forgive my messy codes. the code is still running locally and my main goal was to finish the functions and then work on securing my code.

now back to the issue, i'm sorry if i was vague about my problem. i'll try to reiterate it.

my issue isn´t selecting an item i want to delete, the issue is that it won´t get to the 2nd if statement.

Re-edit: this time with my current code:

if($_GET['delete'] == "y")
{
//content hier verwijderen
$sqlcont1="SELECT * FROM content where id ='".$_GET['id']."'";
echo $sqlcont1;
$resultcont1 = mysql_query($sqlcont1) or die (include 'oops.php');
while($rowcont1= mysql_fetch_array($resultcont1)){
echo '<form class="niceforms" action="?pg='.$pgd.'&delete=y&remove=y&id='.$_GET['id'].'" method="post">';
echo '<h1>'.$rowcont1['Titel'].'</h1>';
echo '<p>'.$rowcont1['Content'].'</p>';
echo '<input type="submit" value="Delete article">';
echo '</form>';
}
if($_GET['remove']=="y"){
echo 'rararara';
    $id=$_GET['id'];
    $sqlrem="DELETE FROM content WHERE id="$id;
    echo $sqlrem;
    mysql_query($sqlrem);
}   
}

echoing $sqlrem gives me the following now: DELETE FROM content WHERE id=8 that being my current code, i get in to the second IF statement but now to get it to delete!

@everyone: ok maybe thinking out loud or following my steps worked but the code works, i know its very messy and it needs fine tuning. i'd like to thank everyone for their help and feedback. i'm liking this and you'll probably see me alot more often with nubby questions and messy codes with no escapes :(

Answer 1

I also noticed that your DELETE SQL query might have an issue. If your $pgd' id is a integer, you shouldn't include the ' single quote, that is for string only.

**Correction**
$sqlrem = "DELETE FROM content WHERE id = " . controw1['id'];

EDIT

Anyway, just to help out everyone, I typed out his code for easier viewing.

I think his error is $rowcont1['Tilel'] --> that might caused PHP to have an error because that column doesn't exist. I assumed, it should be `Title' causing an typo error.

if(_$GET['delete'] == "y") {
   $sqlcont1 = "SELECT * FROM content where id ='" . $_GET['id'] . "'";
   $resultcont1 = mysql_query($sqlcont1) or die (include 'oops.php');
   while ($rowcont1 = mysql_fetch_array($resultcont1)) {
      echo '<form class = "niceforms" action = "?pg=' .$pgd . '&delete=y&remove=y">';
      echo '<h1>' . $rowcont1['Title'] . '<h1>'; // <-- error here
      echo '<p>' . $rowcont1['Content'] . '</p>';
      echo '<input type = "submit" value = "Delete article">';
      echo '</form>';
   }
   if ($_GET['remove'] == "y"){
      $sqlrem = "DELETE FROM content WHERE id = " . $rowcont1['id'];
      mysql_query ($sqlrem);
   }
}

Answer 2

You have a lot of problems in that script alone, so just to make things easier (considering you uploaded a pic), put an

echo $sqlrem;

in your second if statement, see if the query is displayed. If not, it means it doesn't even get to that part of code, if it gets displayed, copy it and run it in phpmyadmin. That should output a more coherent error message. Tell us what that is and we'll work it through.

Answer 3

It looks to me like you're mixing two forms together here: you're wanting to see if you went to the delete row form (the first few lines), and you're trying to present the delete row form (the while loop.) I would break these two things apart. Have a page that simply displays your forms for row deletes, and another page that processes those requests. And another page that brings you to the delete rows page.

For now, just echo all the values you're expecting to receive in $_GET[] and see if they are what you expect them to be.

Answer 4

First of all, you have SQL injection vulnerability in your script. Anyone can add some string that will be attached to your query, possibly altering it in a way that can make almost anything with the data from your database.

Escape your values with one of anti-SQL-injection methods. Read more for example on php.net/manual/en/function.mysql-query.php

To the point...

Your deletion code will be executed only if you invoke URL with two params (remove and delete set to y. That means your URL should look similar to something.php?delete=y&remove=y. Maybe you just did not spot it.

Please give details about any errors that occured and tell me whether the above mentioned solution helped.

Answer 5

mysql_fetch_array() returns an array

your while statement acts as an if, and does not iterate thru the array returned as you think it does

you need something like

$all_rows = mysql_fetch_array($result);
foreach ($all_rows as $row) {
    $sql = "delete from table where id = " . $row['id'];
}