Inbox, Outbox delete error- Please help me

Question

I have an inbox code for deleting messages.

If I select one single message it deletes all of them.

How can I fix this ?

Here is my code for delete_message.php :

<?php
$inboxbtn = $_POST['deleteinbox'];
$outboxbtn = $_POST['deleteoutbox'];

if ($inboxbtn)
    {
    $selectall = $_POST['selectall'];
    if ($selectall)
        {
        $query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
        while ($row = mysql_fetch_assoc($query))
            {
            mysql_query("UPDATE messages SET to_delete='1' WHERE to_user='$user'");
            }

        echo "All messages have been deleted.";
        }
      else
        {
        $query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
        while ($row = mysql_fetch_assoc($query))
            {
            $msg_id = $row['id'];
            $value = "cb" . "$msg_id";
            $checkbox = $_POST[$value];
            if ($value)
                {
                mysql_query("UPDATE `messages` SET `to_delete`='1' WHERE `to_user`='$user' AND `id`='$msg_id'");
                }
            }

        echo "The selected messages have been deleted.";
        }
    }
elseif ($outboxbtn)
    {
    $selectall = $_POST['selectall'];
    if ($selectall)
        {
        $query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
        while ($row = mysql_fetch_assoc($query))
            {
            mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
            }

        echo "All messages have been deleted.";
        }
      else
        {
        $query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
        while ($row = mysql_fetch_assoc($query))
            {
            $msg_id = $row['id'];
            $value = "cb" . "$msg_id";
            $checkbox = $_POST[$value];
            if ($value)
                {
                mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
                }
            }

        echo "The selected messages have been deleted.";
        }
    }
  else echo "Choose a message to delete.";
?>

And here is the code in inbox.php that has the checkboxes

<?php
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user' AND from_delete='0' ORDER BY id DESC");
$numrows = mysql_num_rows($query);

if ($numrows != 0)
    {
    echo "<form action='delete_message.php' method='POST'>";
    echo "<div class='messages'>
        <div class='leftside'><input type='checkbox' name='selectall'><input type='submit' name='deleteoutbox' value='Delete' class'button'></div>
        <div class='rightside'>Date</div>
        Subject And Message
        <div class='clear'></div>
        <hr>
        </div>";
    while ($row = mysql_fetch_assoc($query))
        {
        $msg_id = $row['id'];
        $msg_to_user = $row['to_user'];
        $msg_to_id = $row['to_id'];
        $msg_from_user = $row['from_user'];
        $msg_from_id = $row['from_id'];
        $msg_subject = $row['subject'];
        $content = nl2br($row['content']);
        $msg_date = $row['date'];
        $msg_from_delete = $row['from_delete'];
        $msg_to_delete = $row['to_delete'];
        if (!$msg_from_delete)
            {
            echo "<div class='messages'>";
            echo "<div class='leftside'>
        <input type='checkbox' name='cb$msg_id' value='$msg_id'>
        <a href='profile.php?id=$msg_to_id' target='_blank'>$msg_to_user</a>
        </div>";
            echo "<div class='rightside'>$msg_date</div>";
            echo "<div id='center' style='margin-left:150px; margin-right:150px;'>

        <span class='toggle'><a href='#' onClick='return false'>$msg_subject</a></span>
        <div class='hiddenDiv'>
        <br /><hr>
        <b>$smiles </b>
        <br /><br />


        </div>
        </div>";
            echo "<div class='clear'>";
            echo "<br /><br /><hr>";
            echo "</div></div>";
            }
        }

    echo "</form>";
    }
  else echo "You Have No Messages In Your Outbox"
?>

Then for the inbox messages it is the same as the outbox but in the inbox form.

How can I fix this ?

Answer 1

The below code is for outbox.php since that's what you have pasted.

First, change your checkbox from:

<input type='checkbox' name='cb$msg_id' value='$msg_id'>

To something like:

<input type='checkbox' name='outbox_ids[]' value='$msg_id'>

And the elseif for the outbox will be:

elseif ($outboxbtn)
    {
    $selectall = $_POST['selectall'];
    if ($selectall)
        {
        $query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
        while ($row = mysql_fetch_assoc($query))
            {
            mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
            }

        echo "All messages have been deleted.";
        }
      else
        {
          if(isset($_POST['outbox_ids']){
            $outbox_msg_ids = array_map('mysql_real_escape_string', $_POST['outbox_ids']);
            //all the checked msg id are now stored in $outbox_msg_ids,
            //we will loop through the values and pass it to the update query
            foreach($outbox_msg_ids as $msg_id){
              mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
            }
            echo "The selected messages have been deleted.";
          } //isset if block ends
        }
    }

Note:

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.