0

This is not a new problem I think. But as a learner I want to know the answer for my code directly from the experts. The following code generates a record of students which was obtained from a page from a insertion form. The code for record is:

<?php
include('connection.php');

$sql = "select * from people_info";

$result = mysqli_query($conn,$sql);

if ($result->num_rows > 0) { ?>

<form action="delete.php" method="post">
    <table border="1">
        <tr>
            <th>Roll</th> 
            <th>Name</th> 
            <th>City</th>
            <th>Action</th>
        </tr>

    <?php
    while($row = $result->fetch_assoc()) { ?>
        <tr>

                <td><?php echo $row["roll"]; ?></td>
                <td><?php echo $row["name"]; ?></td>
                <td><?php echo $row["city"]; ?></td> 
                <td> 
                    <input type="submit" name="delete" value="delete"/>
                </td>

        </tr>

    <?php
    } ?>
    </table>
</form>
    <a href="entryform.php">Go to form</a>
<?php }
?>

And the "delete.php" file contains the following code:

<?php
include('connection.php');

$roll=$_POST['roll'];
$name=$_POST['name'];
$city=$_POST['city'];

$sql = "delete from people_info (roll,name,city) values('$roll','$name','$city')";
?>

<a href="record.php">view record</a>

The problem is when I click the delete button in the first page it takes me to the delete page but the values are not posted in this page and gives an error message "Notice: Undefined index: roll". I have tested with echo $roll=$_POST['roll']; I want to know how shall I post the values from the first page to the second one. I have not given the query execution portion here.

codelearner
  • 45
  • 1
  • 8
  • 1
    Your DELETE clause is incorrect. It should be `"DELETE FROM people_info WHERE someval='$someval'"` – GrumpyCrouton Jul 13 '17 at 18:34
  • you need to add `name` attributes to your `td` – Alive to die - Anant Jul 13 '17 at 18:34
  • Also, do your rows have some unique value? Like a unique ID or an auto increment field? – GrumpyCrouton Jul 13 '17 at 18:34
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 13 '17 at 18:35
  • Thanks. These suggestions will also help for further coding. But now the values are not being posted in the second page. How to solve it? – codelearner Jul 13 '17 at 18:36
  • You don't actually have a form in which you have named inputs which could then be used to generate a request to your delete script. – Jay Blanchard Jul 13 '17 at 18:36
  • There are no form fields with name=roll, name, city so trying to retrieve those values from $_POST will fail. – James Jul 13 '17 at 18:37
  • Forms need inputs, like ... input type="text" name="roll" value="" – Duane Lortie Jul 13 '17 at 18:48

0 Answers0