0

I have multiple text boxes within a table on my web page which is populated from a form on my website users fill out. I have the feature of being able to delete each row as well as edit each row of data displayed on my website. The problem I'm having with it is only the last row of the table can be edited/deleted. For example, When I click the delete button on the first row of the table, it deletes the last row for some reason and not the first row. Also, it's the same with the update/edit button, only the last row can be modified and not anything above the last row of the table on my website.

More information: form_id is the primary key within my database.

My code:

 <?php
  $con = @mysql_connect("localhost","root","");
  if (!$con){
  die("Can not connect: " . mysql_error());
  }
  mysql_select_db("formsystem", $con);

  if(isset($_POST['update'])){
    $UpdateQuery = "UPDATE form SET form_name='$_POST[name]', form_description='$_POST[description]' WHERE form_id='$_POST[hidden]'";               
    mysql_query($UpdateQuery, $con);
};

if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='$_POST[hidden]'";          
mysql_query($DeleteQuery, $con);
};

  $sql = "SELECT * FROM form";

  $myData = mysql_query($sql,$con);

   echo "<table>
   <tr>
   <th>Title</th>
   <th>Description</th>
   <th></th>
   <th></th>
   <th></th>
   </tr>";
   while($record = mysql_fetch_array($myData)){
   echo "<form action=findGroup.php method=post>";
   echo "<tr>";
   echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
   echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
   echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
   echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
   echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
   echo "</tr>";
  }
  echo "</table>";

?>
I Need Help
  • 87
  • 10

2 Answers2

1

First off, check these potential issues:

  1. You are connecting as root. Not recommended. You should connect as a MySQL user with M.A.D rights on that table (modify, add, delete).

  2. Have you checked the MySQL & system/PHP logs to see if any errors are being reported? Then you can adjust your code based on those errors.

  3. Have you attempted to run the delete statement manually to confirm that it deletes the desired row?

  4. In your code, have you tried using the $sql = DELETE... syntax on your delete statement?

Mika Wolf
  • 102
  • 4
  • Thanks for the help, can't seem to find anything useful within the logs and yes deleting manually does work. I'm still a beginner with SQL/PHP, maybe the SQL query/php code can be improved possibly, would you by any chance have any recommendations on that? help is much appreciated! – I Need Help Apr 02 '18 at 13:21
1

Update

Enclose the form element properly:

<?php
  $con = @mysql_connect("localhost","root","");
  if (!$con){
    die("Can not connect: " . mysql_error());
  }
    mysql_select_db("formsystem", $con);

    if(isset($_POST['update'])){
      $UpdateQuery = "UPDATE form SET form_name='".$_POST['name']."', form_description='".$_POST['description']."' WHERE form_id='".$_POST['hidden']."';";               
    mysql_query($UpdateQuery, $con);
  };

  if(isset($_POST['delete'])){
    $DeleteQuery = "DELETE FROM form WHERE form_id='".$_POST['hidden']."';";          
    mysql_query($DeleteQuery, $con);
  };

  $sql = "SELECT * FROM form";

  $myData = mysql_query($sql,$con);

  echo "<table>
   <tr>
   <th>Title</th>
   <th>Description</th>
   <th></th>
   <th></th>
   <th></th>
   </tr>";
   while($record = mysql_fetch_array($myData)){
     echo "<form action=findGroup.php method=post>";
     echo "<tr>";
     echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
     echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
     echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
     echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
     echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
     echo "</tr>"
     echo "</form>";
   }
  echo "</table>";

?>

And for security issue, it's better to wrap variable using mysqli_real_escape_string, for example:

"DELETE FROM form WHERE form_id='".mysqli_real_escape_string($_POST['hidden'])."';";

But this is another question, here is the thread.

Carr
  • 2,691
  • 1
  • 19
  • 27
  • Thanks for the input, concatenating the query string seemed to break my code though – I Need Help Apr 02 '18 at 13:15
  • @Hasan, any details? – Carr Apr 02 '18 at 13:18
  • With your new adjustments the delete button is still acting the same as before and always deleting the last row of the text boxes even when another row was selected for deletion. Also, now the update button does not work entirely with the adjustments. – I Need Help Apr 02 '18 at 13:26
  • 1
    @Hasan, sorry that I'm missing single quote which should wrap the variable in query string. I've updated it. – Carr Apr 02 '18 at 13:36
  • Thank you, I've updated it. Still can't manage to fix the main issue I'm having though :D – I Need Help Apr 02 '18 at 13:45
  • @Hasan, it seems your `form` is not enclosed properly, maybe this cause that you could not get the proper value of `$_POST['hidden']`? Maybe you could echo that value to observe, I've added `echo "";` to the answer. – Carr Apr 02 '18 at 14:35
  • Yes! That was the main cause of the issue. Thanks for all the input dude! :) – I Need Help Apr 02 '18 at 15:00