-1

I'm trying to add a php button on to my site, however it doesn't seem to be working.

The delete php script is; 

if(isset($_POST["delete"])) { 

   $delquery = "DELETE FROM emails WHERE ID=$_POST["delete"]"; 
   mysqli_query($connection, $delquery);

}

And the form looks like which is on the same file;

<form action="email-response.php" method="post">
  <input type="hidden" name="hidden" value="<?php echo $row['ID']; ?>">
  <input type="submit" name="delete" value="delete">
</form>

However whenever I clicked the delete button nothing is happening.

In relation to the reply saying that my $connection function is wrong, here is the function however its working as it is fetching my information for my posts.

define("DB_SERVER", "myservername");
define("DB_USER", "myusername"); //username
define("DB_PASS", "mypassword"); //password
define("DB_NAME", "mydbname"); // database name

$connection = mysqli_connect(DB_SERVER, DB_USER, DB_PASS, DB_NAME);

if(mysqli_connect_errno()) {
    die("Database connection failed: " .
        mysqli_connect_error() .
        " (" . mysqli_connect_errno() . ")"
    );
} else {
    echo "connected";
}
Matt Hammond
  • 372
  • 2
  • 11
  • WOW, enough code to solve your problem. – divy3993 May 14 '15 at 03:35
  • $connection is wrong i guess – Pratik Joshi May 14 '15 at 03:35
  • 1
    Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner May 14 '15 at 03:39
  • What's the point of having the `$row['ID'];` when you hard code the delete to `18` ? – Darren May 14 '15 at 03:43
  • @Darren's right. Try changing `value=""` to `value="18"` if that works, you'll know what to go for. Meaning, you'll need to add another POST array for it. – Funk Forty Niner May 14 '15 at 03:45
  • The 18 is there to test if the delete function was working not the $row['ID'] – Matt Hammond May 14 '15 at 03:46
  • 1
    `WHERE ID=$_POST["delete"]";` try `WHERE ID=$_POST['hidden']";` pretty sure that'll work. Would be much easier pre-assigning a variable though. Since your element is named `hidden` and not `delete`. – Funk Forty Niner May 14 '15 at 03:47
  • 1
    @Darren they've deleted their answer. For anyone else reading this, somebody else copied my answer and thinking to make it their own and feed off it. Thanks for having my back Darren, cheers ;-) – Funk Forty Niner May 14 '15 at 05:12
  • 1
    @Fred-ii- He seems to be doing it a lot with a few other answers and also simple code-only ones... How can someone be that incompetent... anyways, great answer ;-) (*as always*) – Darren May 14 '15 at 05:16
  • 1
    @Darren People aren't stupid, they'll get wind of him, real fast; snakes can't hide forever. And thanks Darren, I appreciate it. – Funk Forty Niner May 14 '15 at 05:17
  • Also see [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/q/60174) – jww May 14 '15 at 10:14

2 Answers2

2

The element you wish to delete is named hidden and not delete.

  • That is what your submit button is named as (delete).

Change your query to this:

if(isset($_POST["delete"]) && !empty($_POST["hidden"])){
   $id = mysqli_real_escape_string($connection, $_POST["hidden"]);
}

$delquery = "DELETE FROM emails WHERE ID='$id'"; 
mysqli_query($connection, $delquery) or die(mysqli_error($connection));

if(mysqli_affected_rows($connection)){
  echo "It was really successful.";
}

  • isset($_POST["delete"]) is to check if the submit button was clicked.

  • Using mysqli_affected_rows() will show you if your query was truly successful.
    This is a function I've grown to use more often.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Sidenote: Using your present method, leaves you open to SQL injection.

Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • I have made all the changes apart from the SQL injection which I didn't know about will fix that in the future thanks. However now I'm getting an error - Notice: Undefined variable: id in /home/u998846608/public_html/email-response.php on line 97 (line 97 is the link of the $delquery code) – Matt Hammond May 14 '15 at 04:05
  • @MatthewHammond Your query failed then. You'll need to show us the rest of your code where you're fetching `echo $row['ID']` from. `if(isset($_POST["delete"]) && !empty($_POST["hidden"])){` in my answer tests if it is set/not empty. – Funk Forty Niner May 14 '15 at 04:08
  • Is the a site which allows you to show more code than the 500 characters? – Matt Hammond May 14 '15 at 04:09
  • @MatthewHammond well, you can show the relevant part of the query. Plus, try changing `$id = mysqli_real_escape_string($connect, $_POST["hidden"]);` to `$id = mysqli_real_escape_string($connect, $_GET["hidden"]);` I've a feeling that you'll need to use that, since I don't know what the rest of your code looks like. But am next to certain your query failed. – Funk Forty Niner May 14 '15 at 04:11
  • My fetch query looks like with a while loop and then I create divs which I echo out the information. – Matt Hammond May 14 '15 at 04:13
  • @MatthewHammond silly me, I had `$connect` instead of `$connection`. I edited my answer with `$id = mysqli_real_escape_string($connection, $_POST["hidden"]);` try that now. – Funk Forty Niner May 14 '15 at 04:14
  • I have already noticed that and fixed it, however I still get them same error message, – Matt Hammond May 14 '15 at 04:16
  • @MatthewHammond but your query, that isn't right though. That's why it's failing. After seeing that in your comment. `$_POST = "SELECT ID` and `$result = mysqli_query($connection, $_POST);` can't do that. It's invalid syntax. – Funk Forty Niner May 14 '15 at 04:16
  • wow im an idiot been trying to work this out for the past 5 hours and didn't see that simple mistake, thank you so much for helping spot the noob error!!!! Its working perfectly now thanks once again! – Matt Hammond May 14 '15 at 04:22
  • plus either as I said earlier or `id = mysqli_real_escape_string($connection, $_GET["hidden"]);` since it's being populated from a SELECT query. Have a look at this Q&A http://stackoverflow.com/q/21245186/ and a few of the answers in there. – Funk Forty Niner May 14 '15 at 04:23
  • @MatthewHammond In not accepting the answer and ticking the checkmark till it turns green near the up/down arrow next to my answer on the left, your question will remain in the unanswered category, where people will think the question is unsolved and still open. That's how the Stack system runs, in case you may not know. – Funk Forty Niner May 14 '15 at 04:34
1

Your connection is good.

Here is the solution which will work and is simple:

Your form:

<form action="#" method="post">
<input type="hidden" name="to_delete" value="<?php echo $row['ID']; ?>">
<input type="submit" name="delete" value="delete">
</form>

Your delete script:

 if(isset($_POST["delete"]))
{ 
 $delquery = "DELETE FROM user WHERE ID=".$_POST['to_delete'].""; 
 mysqli_query($connection, $delquery);
}
Ravi Singh
  • 76
  • 3