1

Messages I want to delete a receiver name and our messages or the entire receiver row in the database in the display page.I have 2 codes to show, 1st is the displaying page, next is the delete page. When I press the x image, it will not delete any receiver name and our messages. I wonder if the request id in the index.php I made is effective or not. Consider my codes below:

main page / index.php

$q = 'SELECT DISTINCT `receiver_name`,`sender_name`,`id`
    FROM `messages` WHERE
    `sender_name`="' . $_SESSION['username'] . '" OR
    `receiver_name`="' . $_SESSION['username'] . '"
    ORDER BY `date_time` DESC';
$r = mysqli_query($con, $q);
if ($r) {
    if (mysqli_num_rows($r) > 0) {
        $counter = 0;
        $added_user = array();
        while ($row = mysqli_fetch_assoc($r)) {
            $sender_name = $row['sender_name'];
            $receiver_name = $row['receiver_name'];
            $id = $row['id'];

            if ($_SESSION['username'] == $sender_name) {
                //add the receiver_name but only once
                //so to do that check the user in array
                if (in_array($receiver_name, $added_user)) {
                    //dont add receiver_name because
                    //he is already added
                } else {
                    //add the receiver_name
                    ?>
                        <div class="grey-back">
                        <img src="images/profile_user.jpg" class="image"/>
                        <?php echo '<a href="?user=' . $receiver_name . '" style="font-size:15.3px; text-decoration: none; ">' . $receiver_name . '</a>';
                              echo '<a href="delete.php?id="$id"><img src="x.png" style="width:12px; height:12px; float:right;"></a>';
                        ?>
                        </div>
                        <?php
                    //as receiver_name added so
                    ///add it to the array as well
                    $added_user = array($counter => $receiver_name);
                    //increment the counter
                    $counter++;
                }
            } elseif ($_SESSION['username'] == $receiver_name) {
                //add the sender_name but only once
                //so to do that check the user in array
                if (in_array($sender_name, $added_user)) {
                    //dont add sender_name because
                    //he is already added
                } else {
                    //add the sender_name
                    ?>
                        <div class="grey-back">
                        <img src="images/profile_user.jpg" class="image"/>
                        <?php echo '<a href="?user=' . $sender_name . '" style="font-size:15.3px; text-decoration: none;">' . $sender_name . '</a>'; ?>
                        </div>
                        <?php
                    //as sender_name added so
                    ///add it to the array as well
                    $added_user = array($counter => $sender_name);
                    //increment the counter
                    $counter++;
                }
            }
        }
    } else {
        //no message sent
        echo '<div style="float:left; padding: 70px 0 0 150px;">';
        echo 'no user';
        echo '</div>';
    }
} else {
    //query problem
    echo $q;
}

delete page

require_once "connection.php";
$id = $_REQUEST['id'];

mysqli_query($con, "DELETE FROM messages WHERE id=$id");
header("location: index.php");
Machavity
  • 30,841
  • 27
  • 92
  • 100
Patrick Esguerra
  • 17
  • 7
  • I would recommend using parameterized queries, to avoid the risk of SQL Injections. Your $_SESSION variables may be secure, but even if they are it's better to paramaterize. The `$_REQUEST['id']` definitely needs to be paramaterized to be safe. See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Reed Jul 15 '19 at 15:30

1 Answers1

0

I see one problem:

echo '<a href="delete.php?id="$id"><img src="x.png" style="width:12px; height:12px; float:right;"></a>';

will output

<a href="delete.php?id="$id"><img src="x.png" style="width:12px; height:12px; float:right;"></a>

but if $id=76, I'd guess you want it to be:

<a href="delete.php?id=76><img src="x.png" style="width:12px; height:12px; float:right;"></a>

To do that try:

echo '<a href="delete.php?id='.$id.'><img src="x.png" style="width:12px; height:12px; float:right;"></a>';

And if $id is something more complex, with symbols & whatnot, then id='.$id.' becomes id='.urlencode($id).'.

That might be your problem. If it still doesn't work, let me know what output & error messages you are getting

Reed
  • 14,703
  • 8
  • 66
  • 110