2

So i've been looking at a few resources on using multiple checkboxes as input. I'm building a PM system and want the user to be able to check off any message and then delete them with a button.

The problem is that whenever I check off any message(s):

A: You have to click the delete button twice.

B: Only the first message ever in the list ever gets deleted.

The button group:

<form method="post"
    <div class="button-group">
        <button type="submit" name="delete" class="delete button inbox">Delete</button>
        <button type="submit" name="mark" class="mark button inbox">Mark as Read</button>
    </div>

Later on the table rows:

<?php
    while ($row = mysqli_fetch_array($result)){?>
        <tr>
            <td><?php echo $row['PM_User1ID'];?></td>
            <td><?php echo $row['PM_User2ID'];?></td>
            <td><?php echo $row['PM_Subject'];?></td>
            <td><?php echo $row['PM_Timestamp'];?></td>
            <td>
                <label>
                    <input type="checkbox" name="check_list[]" value="<?php echo $row['PMID'];?>"><?php echo $row['PMID'];?>
                </label>
                </form>
            </td>
            <?php echo '<td><a name="'.$row['PMID'].'"href = "?link='.$row['PMID'].'">Reply</a></td>'; ?>
        </tr>
    <?php } ?>

And finally the Submit Post:

<?php
        if (isset ($_POST['delete'])){

            if(!empty($_POST['check_list'])){

                foreach($_POST['check_list'] as $selected){

                    $pmDelete = "DELETE FROM pm WHERE PMID = $selected"; 
                    $deletePM = $con->query($pmDelete);

                }
            }   
        }
    ?>

PM Page

GIF of issue

Ethan Guillotte
  • 37
  • 7
  • 2
    `
    ` for it.
     – Funk Forty Niner Jul 27 '16 at 19:29
  • 1
    You are vulnerable to [sql injection attacks](http://bobby-tables.com). Consider what happens if someone passes `PMID` as the value to delete - boom goes your entire table. – Marc B Jul 27 '16 at 19:38
  • @MarcB I realize that, and i'm looking into it. – Ethan Guillotte Jul 27 '16 at 19:47
  • @Fred-ii- Sorry I misread what you said. I just closed it off, but the problem still persists. – Ethan Guillotte Jul 27 '16 at 19:53
  • Do you have one opening form tag and multiple closing ones? – Progrock Jul 27 '16 at 20:03
  • @Progrock No. Only the one shown. – Ethan Guillotte Jul 27 '16 at 20:07
  • Few things. For checkboxes, don't use `empty()` use `isset()`. Then, `
    ` cannot be child of ``. See this Q&A also http://stackoverflow.com/q/14475096/ it's mysql_ but you can easily convert that. I've used that script before and still use the same logic today. Check for errors also on your query. There could be errors you don't know about. http://php.net/manual/en/mysqli.error.php
     – Funk Forty Niner Jul 27 '16 at 20:44
  • That fixed the multiple deletion issue, but I still have to click delete twice. – Ethan Guillotte Jul 27 '16 at 20:47
  • That is probably because you didn't redirect it upon successful deletion and you're relying on your SELECT to re-query. If you use a header to redirect to the same page, you will see that it may very well work. However, make sure you're not outputting before header though. – Funk Forty Niner Jul 27 '16 at 20:49
  • ping me @EthanGuillotte when you get results (or not) I won't be keeping this tab open for much longer. Plus, supper's coming up and I'm doing the cooking *lol* – Funk Forty Niner Jul 27 '16 at 20:57
  • @Fred-ii- Thank you so much! Fixed the Form tags and moved my code to my header and it works like a charm. How do I make this the answer, should I post the answer myself, or let you do it and vote it? – Ethan Guillotte Jul 27 '16 at 21:16
  • I can post an answer @EthanGuillotte give me a few minutes :-) and you're welcome. – Funk Forty Niner Jul 27 '16 at 21:17
  • @EthanGuillotte It has been done, *cheers*. Now on to supper ;-) – Funk Forty Niner Jul 27 '16 at 21:24

1 Answers1

3

As it turns out (from conversing with the OP in comments), is that the empty() function for the checkboxes needed to be isset().

Then a (header) redirection was needed (upon successful deletion) in order to show the (new) results.

References:

You should also look into using a prepared statement:

Footnotes:

As I also mentioned, <form> cannot be child of <table> and the missing > for <form method="post" which would cause havoc.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141