php delete option is not working

Question

hi i m trying to create a delete conformation box using php in my website but im getting some issues . if i click cancel button also its deleting the row in my database. The index page is designed in jquery

this is the php code which i have used for delete option?

<?php

    echo "<script language='javascript' type='text/javascript'>var x=confirm('Successfully Deleted!')</script>";

    if(x==true)
    {
    echo"deleted";
    include ("dbconnection.php");
$pid=$_GET['pid'];
$sql="DELETE FROM voters where id=$pid";
$res = mysql_query($sql) or die(mysql_error()); 
echo "<script language='javascript'  type='text/javascript'>window.open('index.php','_self')</script>";
}
else
{
echo"cancelled";
}
   ?>

this is my jquery code...

$str.="<thead><tr><th>ID</th><th>Card No</th><th>Name</th><th>Mob_num</th><th>Email</th><th>Action</th></tr></thead><tbody>";
                    while($row = mysql_fetch_array($res)){
                        $str.="<tr><td><center>".$row['id']."</center></td>";
                        $str.="<td>".$row['vcardno']."</td>";
                        $str.="<td>".$row['vname']."</td>";
                        $str.="<td>".$row['mob_num']."</td>";
                        $str.="<td>".$row['email']."</td>";
                        $str.="<td><center><a class='fancybox fancybox.ajax' href='viewstudent.php?ppid=".$row['id']."' onclick='return update()'><img src = 'images/view.png' height='30' width='30' alt = 'view' title = 'view'/></a><a class='fancybox fancybox.ajax' href='updatestudent.php?ppid=".$row['id']."' onclick='return update()'><img src = 'images/edit-icon.png' height='30' width='30' alt = 'edit' title = 'edit'/></a><a href='delete1.php?pid=".$row['id']."' onclick='return deleteItem()' ><img src = 'images/edit_delete.png' height='30' width='30' alt = 'delete' title = 'delete'/></a></center></td></tr>";
                    }

thanks..

You cannot mix php and javascript code that way. PHP executes on the server, javascript on the browser. — Lorenz Meyer, Feb 15 '14 at 13:43
Your script is vulnerable to SQL injections; you should read on [how to prevent them in PHP](http://stackoverflow.com/q/60174/53114). — Gumbo, Feb 15 '14 at 13:55
On top of the client-server code mixup here, I think you should use an HTML `form` tag instead that is fully functioning without JavaScript. Your X variable would be the value of a posted checkbox form element. Only as an extension of a functioning form you should add some JavaScript to enhance responsiveness. That would also make your life a little easier. Another issue is the SQL injection vulnerability in your delete query string. Your unfiltered addition of the `pid` GET variable opens doors for any kind of abuse (consider `pid` being set to `'' OR 1=1` for example). — tiguchi, Feb 15 '14 at 13:55

score 1 · Answer 1 · answered Feb 15 '14 at 13:41

1

x is a variable of jquery. You can't access it in php code. You need to access it via ajax call (this is the one way).

answered Feb 15 '14 at 13:41

Lavneet

516
5
19

echo_Me · Answer 2 · 2014-02-15T13:50:24.707

why dont you use freely javascript then embedding it in php ?

and also you missing ; in your javascript code.

try this

<script language='javascript' type='text/javascript'>
   var x= confirm('Successfully Deleted!') ;
                                           ^^---//you missed this
</script>   
<?php

and also you cant mix PHP and javascript codes.

You can use this javascript in php in that why but its not advised.

 <script language='javascript' type='text/javascript'>
      var x= confirm('Successfully Deleted!') ;
      <?php $abc = "<script>document.write(x)</script>" ; ?> 
</script>   
    <?php
      if($abc==true)
 {   
   ..........

Semicolons are optional in JavaScript, unless two or more statements are on the same line. — tiguchi, Feb 15 '14 at 13:46

score 0 · Answer 3 · edited Jun 20 '20 at 09:12

 if(x==true)

Here you have maid two mistakes. One variables in PHP starts with '$' symbol and You can not acceess javascript variable in PHP scripts. I think you don't have much idea about 'Client Server architecture' . PHP script is a server side script which will be processed on Server. Whereas javaScript is Client side script which will be processed on client(Normally on browser).

In your case you can use AJAX technology. Make a confirmation dialog before making ajax request to server. And then check the status of the ajax request then make delete success dialog. Check this sample and tuto

[Update] Instead of mysql use mysqli or PDO for good security.

php delete option is not working

3 Answers3