PHP - Button to delete Item from MySQL

Question

I am coding some video upload script and I am with the admin panel right now. There I have a List with all Videos. And each video has one delete button on the right side. When I click the button then this video should be deleted from database but its not working after I click the button nothing happens.

    <?php

    $query = mysql_query("SELECT * FROM `videos`");
    while($row = mysql_fetch_assoc($query))
    {
    $id = $row['id'];
    $name = $row['name'];

    echo "<a href='watch.php?id=$id'>$name</a><br /> 
    <input type='submit' name='remove' value='Delete'<br />";
 }

     if (isset($_POST['remove']))
 {
      foreach ($_POST['id'] as $the_id)
      {
           if (!mysql_query("DELETE FROM videos WHERE id = '$the_id'"))
           {
                echo mysql_error();
           }
      }
 }


 ?>

Of course on the header I have the mysql connect query. This is just the php code for listing all videos and try to delete.

Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide. — Jay Blanchard, Oct 08 '14 at 15:31
Are you using a form? You need to have a form for each video. — Jay Blanchard, Oct 08 '14 at 15:33
Define "nothing happens." Does the page not post to the server at all? If that's the case then the problem isn't in the server-side code, it's client-side. If the page does post to the server, are the expected form values present? How does the server-side code behave? Where *specifically* does this fail? — David, Oct 08 '14 at 15:33
There is no relationship between your link - `echo "$name
` and your button - `` — Sean, Oct 08 '14 at 15:34
@JayBlanchard Thanks... Well I am learning PHP and on most tutorials they are still using MySQL... But thanks.. will try to switch to mysqli :) — Jerome, Oct 08 '14 at 15:35
side note, your delete code should be before your display code, as when you successfully delete a video it will still be shown in the list until you refresh. — Sean, Oct 08 '14 at 15:36
@Sean true... Could you give me some kick help, how to link them together? — Jerome, Oct 08 '14 at 15:37
@Jerome If you're just learning PHP, you really should be learning a [development framework](http://codegeekz.com/best-php-frameworks-for-developers/) like [Laravel](http://laravel.com/). Writing low-level PHP is a lot more work to get anything useful done. Using a framework gives you easy access to a lot of community code that can quickly add significant functionality to your applications. — tadman, Oct 08 '14 at 15:56
@Jerome Did you debug to check that $_POST['id'] is getting the value. And why this foreach? — Ashish, Oct 08 '14 at 15:58
@tadman Other codes says, to start just with editor without any framework because it makes it all more complicated. — Jerome, Oct 08 '14 at 15:59
Anyone who tells you it's "more complicated" is missing the point. There's a bit of a learning curve, but it's not too bad, and the payoff is considerable. Slamming out code from a bare notepad gives you very quick gains up front, but it quickly degenerates into an unmaintainable mess of quirky code. A framework, if you follow their guidelines, stays orderly much, much longer. It also gives you a ton of features for free, like authentication, XSS protection, better ways of accessing the database, and more. — tadman, Oct 08 '14 at 16:04
@Jerome Where are you posting id (you are using $_POST['id'] not $_GET['id']). You are appending id into the link that you can get by using $_GET['id'] or $_REQUEST['id'] if you are passing the value correctly. As per your code clicking on Submit button will not post the id. Please check your code. — Ashish, Oct 08 '14 at 16:06
Most development frameworks are too bloated and do not serve to teach new devs the basics. — Jay Blanchard, Oct 08 '14 at 16:09

iag · Answer 1 · 2014-10-08T15:40:11.557

0

Maybe the problem is in the html, each delete button must be in and independent form, with a hidden input with the id too.

echo "<a href='watch.php?id=$id'>$name</a><br /> 
    <form method='post'><input type='hidden' value='$id'><input type='submit' name='remove' value='Delete'<br /></form>";

edited Oct 08 '14 at 15:40

answered Oct 08 '14 at 15:34

iag

166
4

Thanks! I try it, but its not working... It load the page for 1 second and nothing happens.. and entry are still in MySQL – Jerome Oct 08 '14 at 15:43
The hidden input needs a name -> `` – Sean Oct 08 '14 at 15:45
Even when I give the input a name like you say, it dosent work. :( – Jerome Oct 08 '14 at 15:47

score 0 · Accepted Answer · edited May 23 '17 at 11:49

0

Here is an example of doing this with MySQLi, including binding parameters to avoid SQL injection -

if (isset($_POST['remove'])) {
   $remove = $mysqli->prepare("DELETE FROM `videos` WHERE `id` = ?");

   $vid_id = $_POST['vid_id'];
   $remove->bind_param('s', $vid_id);

   if(!$remove->execute() === true) {
       echo $mysqli->error;               
   }
}

$query = "SELECT * FROM `videos`";

if ($result = $mysqli->query($query)) {
   while($row = $result->fetch_object()){
       $id = $row->id;
       $name = $row->name;
       echo "<a href='watch.php?id=$id'>$name</a><br />"; 
       echo "<form name='delete_vid' method='post'>";
       echo "<input type='hidden' name='vid_id' value='$id'>";
       echo "<input type='submit' name='remove' value='Delete'<br />";
       echo "</form>";
    }
} else {
    echo mysqli_error($connection);
}
$result->close();

Of course you will have to provide a $connection` to the database, but thsi should get you started not only with MySQLi but with adding a form for each video.

More on SQL Injection

edited May 23 '17 at 11:49

Community

1
1

answered Oct 08 '14 at 15:45

Jay Blanchard

34,243
16
77
119

I just try your code. But now its not showing any video... Its because I use MySQL on the beginning to connect to the database and your code is MySQLi? – Jerome Oct 08 '14 at 15:55
Agreed @tadman, just want to get the OP started. And yes Jerome, you'll have to modify everything to use the [MySQLi Functions](http://php.net/manual/en/book.mysqli.php) – Jay Blanchard Oct 08 '14 at 15:56
Leaving a loaded gun in the middle of the code is a bad idea, especially without any sort of warning. – tadman Oct 08 '14 at 15:58
I change it now to: $mysqli = new mysqli("example.com", "user", "password", "database"); but still not showing videos at all. – Jerome Oct 08 '14 at 15:58
@Jerome please read the docs and follow along. Did you select a database after you connected? Are you getting any errors? – Jay Blanchard Oct 08 '14 at 16:00
Forgot to choose the database... Its showing the links now... But delete button still dosent work... after clicking it, it loads 1 second and nothing... no errors etc.. – Jerome Oct 08 '14 at 16:06
I made some changes but you'll want to make sure that I didn't include any typos. – Jay Blanchard Oct 08 '14 at 16:07
Thanks... but your code is still to complicated for me, to find it out :( ... since I was learing all time with MySQL and now MySQLi and so much new stuff – Jerome Oct 08 '14 at 16:15
Did you print out the POST array? What does it have in it? – Jay Blanchard Oct 08 '14 at 16:38
I was not sure how to use the print_r($_POST), so I added it just under all the code and it says only: Array ( ) – Jerome Oct 08 '14 at 16:39
That means that the POST array is empty, which explains why the video is not deleted because we never get into the if statement. I'll modify my code a little and we can check. I've added a method for the form. – Jay Blanchard Oct 08 '14 at 16:43
Now we are getting errors: Notice: Undefined variable: id in /home/videostx/public_html/admin.php on line 54 Warning: mysqli_stmt::bind_param() [mysqli-stmt.bind-param]: Number of variables doesn't match number of parameters in prepared statement in /home/videostx/public_html/admin.php on line 55 and in the array: Array ( [vid_id] => 11 [remove] => Delete ) – Jerome Oct 08 '14 at 16:47
Cool, the array is now being populated! I removed the `'s'` from the parameter binding in my code above, let's see if that works. It looks like all of my typos wiill be fixed by working through this with you. – Jay Blanchard Oct 08 '14 at 16:49
1

Could the error be my var ? $remove = $mysqli->prepare("DELETE FROM `videos` WHERE id = '$id'"); I am really really thank you for going with me to it... learning new stuff is hard... and learning php is for me pretty complicated because you not only learn php, if not mysqli and mostly javascript to.. – Jerome Oct 08 '14 at 16:50
You're welcome, we'll get this done. :) Did you make the change that I made above on the bound parameter? – Jay Blanchard Oct 08 '14 at 16:53
New error is: Notice: Undefined variable: vid_id in /home/videostx/public_html/admin.php on line 55 Warning: Wrong parameter count for mysqli_stmt::bind_param() in /home/videostx/public_html/admin.php on line 55 – Jerome Oct 08 '14 at 16:54
Well still errors: Notice: Undefined variable: id in /home/videostx/public_html/admin.php on line 54 Notice: Undefined variable: vid_id in /home/videostx/public_html/admin.php on line 55 Warning: Wrong parameter count for mysqli_stmt::bind_param() in /home/videostx/public_html/admin.php on line 55 – Jerome Oct 08 '14 at 16:56
Look at the switch I made above - I tried to bind the param before it was set. My bad - typed it out too quickly. – Jay Blanchard Oct 08 '14 at 16:56
Getting this errors now: Notice: Undefined variable: id in /home/videostx/public_html/admin.php on line 54 Warning: Wrong parameter count for mysqli_stmt::bind_param() in /home/videostx/public_html/admin.php on line 57 – Jerome Oct 08 '14 at 16:58
Let's add the `'s'` back in. I also added backticks around ``id`` because it is a column. – Jay Blanchard Oct 08 '14 at 16:58
Makes sure to read the docs here http://php.net/manual/en/mysqli-stmt.bind-param.php. The `'s'` is for string type. Please accept the answer by clicking the check box next to it :) – Jay Blanchard Oct 08 '14 at 17:02
Thanks again! But how is the best way to learn php? I mean If I look at mysqli... its like a whole own language :D – Jerome Oct 08 '14 at 17:05
@JayBlanchard one small question... Do you know If I can combinate our code with example: $deleteftp = ftp_delete($ftp_conn, $id); ? Thanks! – Jerome Oct 08 '14 at 17:59
You should be able to combine the code easily, just make sure you have error checking on. Places like http://codecademy.com have lessons in PHP (free) but may only cover the basics. The best way is to learn by doing. There are also several good books on PHP on the market. – Jay Blanchard Oct 08 '14 at 18:04
1

@JayBlanchard I am learning by doing and its working pretty well.. most of time its logical errors... Now my array is showing: Array ( [vid_id] => 13 [file] => btc.mp4 [deleteftp] => Delete FTP ) , I added another button (Delete from FTP). – Jerome Oct 08 '14 at 18:11
You can comment that out if you need to, it was for test purposes. – Jay Blanchard Oct 08 '14 at 18:12
I know thats why I am still using it.. its shows all well the file etc... but its not deleting it :) – Jerome Oct 08 '14 at 18:13
Because you're not setting `$_POST['remove']` :) – Jay Blanchard Oct 08 '14 at 18:14
Ill have add it in the same $_POST... getting: Warning: ftp_delete() [function.ftp-delete]: Could not delete 14: No such file or directory in /home/videostx/public_html/admin.php on line 65 – Jerome Oct 08 '14 at 18:18
Trying with this code: $deleteftp = ftp_delete($ftp_conn, $name); – Jerome Oct 08 '14 at 18:20
You may want to start a new question. – Jay Blanchard Oct 08 '14 at 18:21
@JayBlanchard I cant open a new question thats the problem... with low rep you always need to wait and wait... – Jerome Oct 08 '14 at 18:40
I'd hate for you to edit this question with the new information, that wouldn't be quite right. There are many ways to gain rep, have you considered doing that? – Jay Blanchard Oct 08 '14 at 18:41

pranab · Answer 3 · 2014-10-08T16:10:38.133

-1

<form method="post" >
<?php

    $query = mysql_query("SELECT * FROM `videos`");
    while($row = mysql_fetch_assoc($query))
    {
    $id = $row['id'];
    $name = $row['name'];

    echo "<a href='watch.php?id=$id'>$name</a><br /> 
    <button name='id' value='".$id."' type='submit' >Delete</button>
    <br />";
 }


           if (!mysql_query("DELETE FROM videos WHERE id = '".$_POST['id']."'"))
           {
                echo mysql_error();
           } else {
               echo 'successfully deleted';
           }



 ?>
 </form>

edited Oct 08 '14 at 16:10

answered Oct 08 '14 at 15:45

pranab

125
1
5

**WARNING** This will cause EVERY video to be deleted! – Sean Oct 08 '14 at 15:47
1

If you're going to provide an answer please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). – Jay Blanchard Oct 08 '14 at 15:54
1

Using `$_GET` parameters for delete operations is **extremely bad**. Some browsers will pre-fetch these links, and then you'll have a very bad day. Additionally, without escaping, this is completely reckless. – tadman Oct 08 '14 at 15:54

PHP - Button to delete Item from MySQL

3 Answers3