0

I am working on a PHP file. I am trying to make a table that shows the list of products from database. There will be also a button for deleting any product. I have used javascript for deleting products from database. I have written the code and could not find anything wrong. When I click delete button, it shows me the confirmation box, but does not delete the product. Here is the code:

<?php

$con=mysql_connect("localhost","root","");
mysql_select_db("grocery_shop",$con);

error_reporting(E_ALL^E_NOTICE);
session_start();


    $sql = mysql_query("select * from products");


if($_GET['did']){
    mysql_query("delete from products where product_id='$_GET[did]'");
    header("Location: product.php");
}

?>
<table border="1px" style="width:100%">
    <tr>
    <th>Serial No</th>
    <th>Product Name</th>       
    <th>Product Type</th>
    <th>Quantity</th>
    <th>Price</th>
    <th>Delete Product</th>
  </tr>
    <tr>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
        <td></td>
    </tr>

    <?php
    $i=1;
    while ($u = mysql_fetch_array($sql)) {
        ?>
        <tr>
            <td><?php echo $i; ?></td>
            <td><?php echo $u['product_name'];?></td>
            <td><?php echo $u['product_type'];?></td>
            <td><?php echo $u['quantity'];?></td>
            <td><?php echo $u['price'];?></td>
            <td><?php echo "<a href=\"javascript:delproduct(id=$u[product_id])\">Delete</a>";?></td>

        </tr>
        <?php
    $i++;
    }
    ?>

    <script>
    function delproduct(id){
        var msg = confirm("Are you sure you want to delete this product?");

    if (msg) {
        window.location = "product.php?did="+product_id;
    }
    }
    </script>
</table>
Muminur Rahman
  • 575
  • 1
  • 8
  • 23
  • Are any errors being reported? – chris85 Nov 08 '15 at 18:38
  • Nope...everything is okay. just can not delete the data. – Muminur Rahman Nov 08 '15 at 18:39
  • Does it redirect to `product.php`? – chris85 Nov 08 '15 at 18:40
  • Yes...The page redirects to product.php. – Muminur Rahman Nov 08 '15 at 18:44
  • Off topic, but important: Please note that PHP's `mysql_query()` and related functions are obselete. They are deprecated in currently supported PHP versions, and will be removed entirely in new version due for release this month. You should strongly consider switching your code to use the more up-to-date `mysqli` or `PDO` libraries. See also [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). – Simba Nov 09 '15 at 15:18
  • Also, please note that by using a `$_GET` variable directly in your query like that, you are leaving your code wide open to SQL injection hacks. – Simba Nov 09 '15 at 15:20

4 Answers4

1

You forgot the '' around did in $_GET[did]:

mysql_query("delete from products where product_id='{$_GET['did']}'");

Also, as @chris85 noted, is not a good idea to use $_GET or $_POST directly, remember to sanitize these values before using it in a query. 

$did = filter_input(INPUT_GET, 'did', FILTER_SANITIZE_NUMBER_INT);
mysql_query("delete from products where product_id={$did}");
William J.
  • 1,574
  • 15
  • 26
1

The problem is in your javascript, the product_id doesn't exist

   if (msg) {
        window.location = "product.php?did="+id;
    }

For debugging purposes try to replace this with your code and let us know the error message you get.

if($_GET['did']){
    mysql_query("delete from products where product_id='".$_GET['did']."'");
    echo "delete from products where product_id='".$_GET['did']."'";
    echo mysql_errno() . ": " . mysql_error() ;    
    die();
    //header("Location: product.php");
}

additionally also try to run the query without the single quotes, i am assuming product_id is an integer.

so mysql_query("delete from products where product_id=".$_GET['did']);

Shujaat
  • 691
  • 4
  • 18
  • Thanks....I already solved th problem. but your solution is right. the problem was in my javascript. Thank you so much.. :) – Muminur Rahman Nov 12 '15 at 14:21
0

You should try: delproduct($u[product_id]) instead of delproduct(id=$u[product_id])

mysql_query("delete from products where product_id='".$_GET['did']."'");

while ($u = mysql_fetch_array($sql)) {
        ?>
        <tr>
            <td><?php echo $i; ?></td>
            <td><?php echo $u['product_name'];?></td>
            <td><?php echo $u['product_type'];?></td>
            <td><?php echo $u['quantity'];?></td>
            <td><?php echo $u['price'];?></td>
            <td><?php echo "<a href=\"javascript:delproduct($u[product_id])\">Delete</a>";?></td>

        </tr>
        <?php
    $i++;
    }
mischaZeng
  • 166
  • 6
0
  <?php

 $con=mysql_connect("localhost","root","");
 mysql_select_db("grocery_shop",$con);

 error_reporting(E_ALL^E_NOTICE);
session_start();


$sql = mysql_query("select * from products");


if($_GET['did']){
mysql_query("delete from products where product_id='$_GET[did]'");
header("Location: product.php");
}

?>
<table border="1px" style="width:100%">
<tr>
<th>Serial No</th>
<th>Product Name</th>       
<th>Product Type</th>
<th>Quantity</th>
<th>Price</th>
<th>Delete Product</th>
 </tr>
   <tr>
    <td></td>
    <td></td>
    <td></td>
    <td></td>
    <td></td>
    <td></td>
</tr>

<?php
$i=1;
while ($u = mysql_fetch_array($sql)) {
    ?>
    <tr>
        <td><?php echo $i; ?></td>
        <td><?php echo $u['product_name'];?></td>
        <td><?php echo $u['product_type'];?></td>
        <td><?php echo $u['quantity'];?></td>
        <td><?php echo $u['price'];?></td>
        <td><?php echo "<a href=\"javascript:delproduct(".$u[product_id].")\">Delete</a>";?></td>

    </tr>
    <?php
     $i++;
     }
    ?>

<script>
function delproduct(id){
     var product_id = id;
    var msg = confirm("Are you sure you want to delete this product?");

   if (msg) {
      window.location = "product.php?did="+product_id;
  }
  }
   </script>
</table>
Gulim Shah
  • 194
  • 7