PHP SEARCH and DELETE

Question

I've changed the code following people advices but my delete button doesn't work. The empID is a VARCHAR, not an INT The way i wanted it to be done when i search a string of letters i would get a list of employees containing that string, then choose some checkboxes and when button is pressed they'd get deleted from the DB and the list of not chosen would still stay on that page. Thanks in advance for any help!!!

<!DOCTYPE html>
    <html>
    <head>
    <meta charset="utf-8">
    <title>Delete Record</title>
    <link rel="stylesheet" href="style1.css" />
    <style>dialog{margin-left:100px}
    select { font-size:24px;}</style>
    </head>
    <body>
        <div class="header">
            <h2>List of the employees with the name entered</h2>
        </div>
        <form name="action_form" action="" method="post" />
        <div class="input-group">
            <input type="text" name="name" placeholder="Employee name" />
        </div>
        <button type="submit" class="btn" name="submit">SEARCH</button>
        <?php
        require('db.php');
        $errors = array(); 
        if(isset($_POST["name"])&&!empty($_POST["name"]))
            {
        $name=$_POST['name'];
        $sqlResult=mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");
        if (mysqli_num_rows($sqlResult) > 0) 
            {
            echo "<table>";
            while($row=mysqli_fetch_assoc($sqlResult))
                {
                echo "<tr>";
                echo "<td>"; ?><input type= 'checkbox' name='num[]' value='<?php echo $row['empID'] ?>'/><?php echo "</td>";
                echo "<td>".$row['empID']."</td>";
                echo "<td>".$row['empName']."</td>";
                echo "<td>".$row['deptNo']."</td>";
                echo "<td>".$row['addCounty']."</td>";
                echo "<td>".$row['salary']."</td>";
                echo "</tr>";
                }
            echo "</table>";     
            }
        if(isset($_POST['delete'])&&(!empty($_POST['num'])))
            {
            $list = array();  
            $list = $_REQUEST['num'];
            foreach($list as $delID)
                {
                $sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID LIKE '$delID'");
                }
            }
        }
    ?>
        <div class="input-group">
        <label>Please choose the person from the list below</label>
    </div>
        <div class="input-group">
            <button type="submit" class="btn" name="delete">FIRE SELECTED</button><br><br>
            <button type="reset" class="btn" name="reset">RESET</button><br><br>
            <a href = "index.php">Back to the Menu</a>
            </div>
        </form>
    </body>
    </html>

When SEARCH button pressed it works as it should but pressing DELETE button makes a mess — Peter Zubal, Mar 24 '18 at 23:49

score 1 · Answer 1 · answered Mar 25 '18 at 00:05

1

Try this :

 if(isset($_POST["name"])&&!empty($_POST["name"]))
{
$name=$_POST['name'];
$sqlResult=mysqli_query($con, "SELECT * FROM Employee WHERE empName 
LIKE '%$name%'")
}

answered Mar 25 '18 at 00:05

hamid keyhani

451
3
12

score 0 · Answer 2 · answered Mar 24 '18 at 23:55

Looks like you should wrap the $delId in "%"

So your delete query should look like this:

$sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID LIKE '%$delID%'")

Also bear in mind that the like statement will delete any row where the id is like any other id. You might consider changing this to:

$sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID = '$delID' ")

Another thing to keep in mind is that you should consider using parameterized queries to prevent sql injection. Read thise for more details:

What is parameterized query?

Andrew Chart · Accepted Answer · 2018-03-25T00:08:25.437

0

The reason for the error (Undefined variable $name) is because you are only setting $name in your "if" statement when $_POST['name'] is set, but you are running the line:

$sqlResult = mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");

every time the page is loaded. Because you have used $name in the SQL string, but it isn't always declared, you get the error.

I'm finding your code a little hard to read, but I think you probably just want to put the mysqli_query() line inside the "if" statement.

if(isset($_POST['name'] && !empty($_POST['name'])) {
  $name = $_POST['name'];
  $sqlResult = mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");
}

edited Mar 25 '18 at 00:08

answered Mar 25 '18 at 00:01

Andrew Chart

623
6
10

Thanks, Not getting error anymore but my delete button still don't work – Peter Zubal Mar 25 '18 at 09:08
A few things to point out. (1) when you are echoing your table,it should be `` at the end of each column. Not ``. (2) The `value` of your checkboxes is blank because you're echoing `$row['']`. I think that should probably be `$row['empID'];`. (3) As other answers have said, you'd be better off using `empID = $delID` in your query (not `LIKE`). Also, the $delID probably doesn't need to be in quotes (it's probably an integer, not a string). (4) If it's still not working you can troubleshoot using https://www.w3schools.com/php/func_mysqli_error.asp to echo out the mysql error. – Andrew Chart Mar 25 '18 at 09:30
Hi @PeterZubal - looking better. Try changing `LIKE` in the delete query to `=`. Because the value of the checkboxes is the empID you should be deleting the row which exactly matches that empID. Also, within your `foreach($list as $delID) { ... }` block add `if(!$sqlResult) { echo mysqli_error($con); }`. If the error is in your query, this will print an error message. – Andrew Chart Mar 25 '18 at 13:17
Did that, thanks. I think it's the button that doesn't work as i created a separate files that display all the data from DB and deletes the selected ones and it works fine. I think those two submit buttons on one form are not placed correctly – Peter Zubal Mar 25 '18 at 14:11

PHP SEARCH and DELETE

3 Answers3