How to add a delete button to a PHP form that will delete a row from a MySQL table

Question

I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.

This is my code for the results page:

<?php
                    
    $contacts = mysql_query("
        SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
    
    // If results
    if( mysql_num_rows( $contacts ) > 0 )
    ?>
    
    <table id="contact-list">
        <thead>
            <tr>
                <th>Name</th>
                <th>Email</th>
                <th>Telephone</th>
                <th>Address</th>
  <th>Delete</th>
            </tr>
        </thead>
        <tbody>
        
        <?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
        
        

            <tr>
                <td class="contact-name"><?php echo $contact['name']; ?></td>
                <td class="contact-email"><?php echo $contact['email']; ?></td>
                <td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
                <td class="contact-address"><?php echo $contact['address']; ?></td>
                <td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>                
            </tr>
            
        <?php endwhile; ?>
        
        </tbody>
    </table>

and, this is my delete.php script

<?php

//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

//sends the query to delete the entry
mysql_query ($query);

if (mysql_affected_rows() == 1) { 
//if it updated
?>

            <strong>Contact Has Been Deleted</strong><br /><br />
    
<?php
 } else { 
//if it failed
?>
    
            <strong>Deletion Failed</strong><br /><br />
    

<?php
} 
?>

I cannot figure out why this is not working.

[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). — h2ooooooo, Jun 17 '13 at 10:07

score 8 · Accepted Answer · edited Apr 08 '22 at 15:51

8

You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:

Replace

<td class="contact-delete">
      <form action='delete.php' method="post">
      <input type="hidden" name="name" value="">
      <input type="submit" name="submit" value="Delete">
      </form>
</td>

With

<td class="contact-delete">
    <form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
        <input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
        <input type="submit" name="submit" value="Delete">
    </form>
</td>

edited Apr 08 '22 at 15:51

TylerH

20,799
66
75
101

answered Jun 17 '13 at 10:11

Devang Rathod

6,650
2
23
32

Oh, but I took on board the other comments and changed 'name' to 'id' :) – Lucero79 Jun 17 '13 at 10:21
Why is the form action changed? Won't adding a hidden input tag suffice? (I used this when the PHP was on the same page). Are things different when sending it to another page? @devang-rathod – Parth Kapadia Jul 04 '21 at 16:28

score 2 · Answer 2 · answered Jun 17 '13 at 10:04

2

USe javascript

<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="&laquo; Back" />

and in delet.php

$id=$_GET['id'];

and put $id in your sql statement.

answered Jun 17 '13 at 10:04

Ammar Hayder Khan

1,287
4
22
49

score 0 · Answer 3 · answered Jun 17 '13 at 10:04

0

You are missing to pass name in this line:

<input type="hidden" name="name" value="">

You need to have something (<?php echo $contact['name']; ?>) in the value attribute.

BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.

answered Jun 17 '13 at 10:04

Voitcus

4,463
4
24
40

score 0 · Answer 4 · answered Jun 17 '13 at 10:10

<input type="hidden" name="name" value="">

You are missing a value which wil be picked up by this line in your delete file.

$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

Right now it isn't receiving anything, which is why it will not work.

So add a value to it and it will work. Example:

<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">

score 0 · Answer 5 · edited Apr 08 '22 at 15:52

First, you should not write the code in that way; the code has no protection against SQL injection.

1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).

So, you can create a hidden field to know which 'person' you are dealing with.

<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">

2. Sanitize variables to avoid attacks:

<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;

// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";

}

// redirect to the main table with header("location: main.php");

?>

How to add a delete button to a PHP form that will delete a row from a MySQL table

5 Answers5

Linked

Related