-2

Below is my code for a PHP echo delete that contains a delete button. When pressed I want that entry to be deleted from the database

$result = mysql_query("SELECT * ,CONCAT (HomeScore,'-',AwayScore) AS Score, CONCAT(Against) AS Game FROM Fixture WHERE TeamID='9' ORDER BY Date DESC");
echo "<table id='customers' border='1'>;

<tr>
<th>FixtureID</th>
<th>Competition</th>
<th>Match</th>
<th>Date</th>
<th>Time</th>
<th>Score</th>
<th>test</th>
</tr>";

while($row = mysql_fetch_array($result))
{

echo "<tr>";
echo "<td>" . $row['FixtureID'] . "</td>";
echo "<td>" . $row['Competition'] . "</td>";
echo "<td>" . $row["Against"] . "</td>";
echo "<td>" . $row['Date'] . "</td>";
echo "<td>" . $row['Time'] . "</td>";
echo "<td>" . $row['Score'] . "</td>";
echo "<td><form method=post>
                    <input name=id type=hidden value='".$row['FixtureID']."';>
                    <input type=submit name=submit value=Delete>
                    </form></td>";
                    echo "</tr>";
echo "</tr>";  
}
}
echo "</table>";

// delete record
if($_SERVER['REQUEST_METHOD'] == "POST")
{
if(isset($_POST['FixtureID']))
{
$id = FixtureID;
$sql = mysql_query("DELETE FROM Fixture WHERE FixtureID =$id");
if(!$sql)
{
    echo ("Could not delete rows" .mysql_error());
}
}
}

How do I get this to work? Also FixtureID is stored as an integer in the database.

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user3535330
  • 39
  • 2
  • 9
  • i think your not mention the result – jmail Apr 15 '14 at 12:15
  • 1
    Your looking at the variable `$_POST['FixtureID']`, shouldn't it be `$_POST['id']`? Might be worth that putting the `//delete record` block before the display code, that way you don't need to refresh the page once you have clicked the delete button. – Dom Apr 15 '14 at 12:15
  • Use action in the form where you want to post your data and rather creating form in each row you can use anchor link. pass id in query string or using ajax. – Trimantra Software Solution Apr 15 '14 at 12:16
  • You are also creating form in a loop which means you are creating a button with a same name "id". this results in to array of the elements of same name. – Trimantra Software Solution Apr 15 '14 at 12:18
  • `$id=$_POST['FixtureID'];` – Amol Apr 15 '14 at 12:18
  • Also, Google `PHP SQL Injection` – Lee Taylor Apr 15 '14 at 12:19
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Apr 15 '14 at 12:20
  • @TrimantraSoftwareSolution — Don't use a link. Links make GET requests. Deleting things should be done with a POST request (or a DELETE request in a RESTful API). – Quentin Apr 15 '14 at 12:21
  • @TrimantraSoftwareSolution — For the purposes of submitting a form, only form controls in that form count. So only the input that is in the current form matters. There is no array. – Quentin Apr 15 '14 at 12:21

3 Answers3

0

Try with these changes :

// delete record
if(isset($_POST['submit']) && isset($_POST['id']) && !empty($_POST['id'])) {
  $id = $_POST['id'];
  $sql = mysql_query("DELETE FROM Fixture WHERE FixtureID =$id");
  if(!$sql) {
    echo ("Could not delete rows" .mysql_error());
  }
}

Edit :

// Delete record if ID submitted
if(isset($_POST['submit']) && isset($_POST['id']) && !empty($_POST['id'])) {
  $id = $_POST['id'];
  $sql = mysql_query("DELETE FROM Fixture WHERE FixtureID =$id");
  if(!$sql) {
    echo ("Could not delete rows" .mysql_error());
  }
}

// Get datas from BDD
$result = mysql_query("SELECT * ,CONCAT (HomeScore,'-',AwayScore) AS Score, CONCAT(Against) AS Game FROM Fixture WHERE TeamID='9' ORDER BY Date DESC");

// Display data
echo "
<table id='customers' border='1'>
<tr>
<th>FixtureID</th>
<th>Competition</th>
<th>Match</th>
<th>Date</th>
<th>Time</th>
<th>Score</th>
<th>test</th>
</tr>";

// For each result
while($row = mysql_fetch_array($result)) {

    echo "<tr>";
    echo "<td>" . $row['FixtureID'] . "</td>";
    echo "<td>" . $row['Competition'] . "</td>";
    echo "<td>" . $row["Against"] . "</td>";
    echo "<td>" . $row['Date'] . "</td>";
    echo "<td>" . $row['Time'] . "</td>";
    echo "<td>" . $row['Score'] . "</td>";
    echo "<td><form method=post>
                    <input name=id type=hidden value='".$row['FixtureID']."';>
                    <input type=submit name=submit value=Delete>
                    </form></td>";
                    echo "</tr>";
    echo "</tr>";
}
echo "</table>";
David
  • 453
  • 3
  • 14
  • @Aliasse Thank you cant accept the answer yet as not enough time has gone by but i will. How do i get it to refresh after the click so it disappears automatically? – user3535330 Apr 15 '14 at 12:24
  • @user3535330 — Move the code that deletes the row so it runs before the code that lists all the rows. – Quentin Apr 15 '14 at 12:27
  • @Quentin is right. Move this code before your data table and before your data query. – David Apr 15 '14 at 12:36
  • @Aliassse and I've updated my code to show everything sorry where exactly does it go im having no luck – user3535330 Apr 15 '14 at 12:43
  • @Quentin I've updated my code to show everything sorry where exactly does it go im having no luck – user3535330 Apr 15 '14 at 12:44
  • @user3535330 Put your delete code before your query. This way, you'll delete before you get datas. – David Apr 15 '14 at 13:36
0

$id value is not properly set 

$id = $_POST['FixtureID'];
Jeff B
  • 8,572
  • 17
  • 61
  • 140
Om Prakash
  • 54
  • 1
  • 1
  • 5
0

just try this

if(isset($_POST['submit']))
{

$id = $_POST['id']; //  here you should use form post value
$sql = mysql_query("DELETE FROM Fixture WHERE FixtureID =$id");
if(!$sql)
{
    echo ("Could not delete rows" .mysql_error());
}
}
}
Dinesh
  • 4,066
  • 5
  • 21
  • 35