How to delete a post in a page with multiple posts? [MySql]

Question

I want to make a query that deletes a post(thread) from a page but in that page I have multiple posts, I have in my database a field called id_thread is the unique id of every post but I'm listing multiple posts of the same user in the page, this is the code of the page where the posts are listed:

<?
session_start();

  if(isset($_SESSION['id']))
  {
    $servername = "(...)";
    $username = "(...)";
    $password = "(...)";
    $dbname = "(...)";

    $connect  = mysqli_connect($servername, $username, $password, $dbname);

    if (!$connect) {
        die("Connection failed: " . mysqli_connect_error());
    }

}
else
{
  header(" url=index.php");
}

?>


(... hidded non relative html code ....)


<?
      $id = (isset($_GET['id'])) ? $_GET['id'] : $_SESSION['id'];

        $query = mysqli_query($connect,"SELECT * FROM thread inner join category on thread.id_type=category.id_type WHERE username = '".$id."'");

      echo '<div class="container marg-t-100">'."All posts from User: ".$id.'</div>';
      echo '<div class="container-fluid marg-t-25">';
      while($row = mysqli_fetch_array($query))
      {
      echo '<div class="col-md-1"></div>';
      echo '<div class="col-md-11">';
      echo '<form role="form" action="delete.php" method="post"><a type="submit" class="btn btn-danger marg-t-10 pull-right">Delete Thread</a></form>';
      echo  $row['title'] ."<br><br>".$row['content']."<br><br>".'<div class="pull-right">'. "date: ".$row['data']."<br>"."author: ".$row['username']."<br>".$row['name'].'</div>' ."<br><br><br><hr><br>";
      echo '</div>';
      }
      echo '</div>';
      mysqli_close($connect);
?>
  (...)

this is an image of the page im talking about:

I want that when I click "Delete Thread" the respective post(thread) gets deleted from database.

If you see in the page code above you can see that the delete button takes action at delete.php, this is my code on that file:

<?php
session_start();

  if(isset($_SESSION['id']))
  {
    $servername = "(...)";
    $username = "(...)";
    $password = "(...)";
    $dbname = "(...)";

    $connect  = mysqli_connect($servername, $username, $password, $dbname);

    $id = (isset($_GET['id'])) ? $_GET['id'] : $_SESSION['id'];

      $query = mysqli_query($connect,"Delete FROM thread WHERE username = '".$id."' and id_thread ='".(I WANT THE RELATIVE ID HERE)."'");


    if (!$connect) {
        die("Connection failed: " . mysqli_connect_error());
    }

}
else
{
  header(" url=index.php");
}


 ?>

Clyde Scope · Accepted Answer · 2016-07-03T17:30:34.647

1

In your page that lists user's posts, inside the form add a hidden field with a value of the post ID and a name attribute in which you will use later in your POST variables.

echo '<form role="form" action="delete.php" method="post"><button type="submit" class="btn btn-danger marg-t-10 pull-right" value="Delete Thread"><input type="hidden" name="thread_id" value="'.$row['id'].'"></form>';

And in delete.php query part:

$query = mysqli_query($connect,"Delete FROM thread WHERE username = '".$id."' and id_thread ='.$_POST['thread_id']);

edited Jul 03 '16 at 17:30

answered Jul 03 '16 at 16:24

Clyde Scope

90
8

MySQL injection should be prevented here by casting the `$_POST['thread_id'] to an integer, or using built in sanitizing methods - http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – 1000Nettles Jul 03 '16 at 16:29
after changing the code it returns an error: "Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/a5461665/public_html/user.php on line 88" – kraven2g Jul 03 '16 at 16:48
@kraven2g what is on line 88? – Clyde Scope Jul 03 '16 at 16:48
`echo '
Delete Thread
';` – kraven2g Jul 03 '16 at 16:49
ok It doens't return the error anymore but when I click delete nothing happends, I have tried to refresh the page and the post is still there :C – kraven2g Jul 03 '16 at 17:00
what is the column name where the thread ID is stored? @kraven2g – Clyde Scope Jul 03 '16 at 17:07
then replace **$row['id']** with **$row['thread_id']** @kraven2g – Clyde Scope Jul 03 '16 at 17:13
I forgot to mention that I have noticed that and I have allready changed the id to thread_id when I saw it didnt work, but it is still not working. – kraven2g Jul 03 '16 at 17:16
OK , I got it to work !! I had to change the to – kraven2g Jul 03 '16 at 17:22
Answer update (delete.php) part. For us to best help you pls post a screenshot or the structure of your database. – Clyde Scope Jul 03 '16 at 17:22
@kraven2g Glad I've helped. Please select my answer :) – Clyde Scope Jul 03 '16 at 17:30

Pradeepan M · Answer 2 · 2016-07-03T16:58:49.207

<?
  echo '<form role="form" action="delete.php?id='.$row['thread_id'].'" method="post"><input type="submit" class="btn btn-danger marg-t-10 pull-right" value="Delete Thread"></form>';

delete.php

<?php
session_start();

if(isset($_SESSION['id']))
{
$servername = "(...)";
$username = "(...)";
$password = "(...)";
$dbname = "(...)";

$connect  = mysqli_connect($servername, $username, $password, $dbname);
$id=$_SESSION['id'];
$thread_id = $_GET['title'];

  $query = mysqli_query($connect,"Delete FROM thread WHERE username = '".$id."' and thread_id ='".$thread_id."'");


if (!$connect) {
    die("Connection failed: " . mysqli_connect_error());
}

}
else
{
header(" url=index.php");
}


?>

I hope this is what you asked for.

hi thank you for the time writing this, but after changing my code I click in the btn and nothing happends — kraven2g, Jul 03 '16 at 16:48

How to delete a post in a page with multiple posts? [MySql]

2 Answers2