-2

Echo 'Hello Programmers';

I'm working on record delete functionality. However, I'm a bit lost on a reoccurring undefined index issue right now.

Here is the front end code.

<form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Select member to <b> DELETE! </b>: <select name="mid">
<?php
while($row = mysqli_fetch_assoc($result))
echo "<option value='{$row['mid']}'>{$row['mid']} </option>";
?>
</select>
<input type="submit" value=">!DELETE!<" />
</form>

<?php
}

else
{
$mid = $_POST['mid'];
$name = $_POST['name'];
$address = $_POST['address'];
$postcode = $_POST['postcode'];
$photo = $_POST['photo'];
$db1 = new dbmember();
$db1->openDB();
$numofrows = $db1->delete_member($mid, $name, $address, $postcode, $photo);
echo "Success. Number of rows affected:
<strong>{$numofrows}<strong>";


$db1->closeDB();
}

So what's going on is we are selecting an ID from a drop down menu. We are then passing this ID when the delete button is pressed on to the class method to execute the delete.

function delete_member($mid, $name, $address, $postcode, $photo) {
        $esc_name = mysqli_real_escape_string($this->conn, $name);
        $esc_address = mysqli_real_escape_string($this->conn, $address);
        $esc_postcode = mysqli_real_escape_string($this->conn,$photo);
        $esc_photo = mysql_reali_escape_string($this->conn, $photo);

        $sql = "DELETE FROM member WHERE mid = $mid";
        $result = mysqli_query($this->conn, $sql);

       if ($result) {
             $numofrows = mysqli_affected_rows($this->conn);
            return $numofrows;
            }
            else
                $this->error_msg = "could not connect for some wierd reason";
                        return false ;
     }

Notice: Undefined index: name in C:\xampp\htdocs\dbm\deletemember.php on line 120

Maybe I need to replace the 'Else' operator, or get rid of it all together? Thank you.

Lemonsface
  • 9
  • 4
  • your form has only `mid` – DevZer0 Jul 14 '13 at 10:48
  • Why do you even need other arguments when you are using only `mid` to delete user? – dev-null-dweller Jul 14 '13 at 10:54
  • Can you elaborate....? Bare in mind this all worked fine prior to switching over to mysqli. And thanks for the downvote, whoever that was. – Lemonsface Jul 14 '13 at 10:54
  • Because I want to delete not only the primary key (mid) but the rest of the rows. – Lemonsface Jul 14 '13 at 10:55
  • @Lemonsface by using only mid as reference if mid is the primary key it will automatically erase any rows with that primary key so you don't actually need all the variables. – Prix Jul 14 '13 at 10:58
  • **Possible XSS Injection with the first line of the front-end script**, see this thread: http://stackoverflow.com/questions/6080022/php-self-and-xss – Thew Jul 14 '13 at 11:03

1 Answers1

0

Change:

$db1->delete_member($mid, $name, $address, $postcode, $photo);

To:

$db1->delete_member($mid);

And change:

function delete_member($mid, $name, $address, $postcode, $photo) {

To:

function delete_member($mid) {

And remove lines 1 to 4 in your delete_member function

Prix
  • 19,417
  • 15
  • 73
  • 132
Allen Chak
  • 1,802
  • 1
  • 10
  • 21