Page 1 of 1

<input type="Button"> not deleting record properly

Posted: Fri Aug 06, 2010 8:23 am
by diseman
Hello Experts,

I'm a beginner trying to learn PHP and have run into a problem that I can't seem to figure out. I've spent countless hours Google'ing, but haven't found any examples that help. Any help pointing me in the right direction would be greatly appreciated.

My code below is the second part of a webpage where I'm uploading a .pdf document to a MySQL db table. The first part of the webpage, which is not shown - is the browse for file and upload buttons. It works as expected by uploading file and assigning an 'id' and 'name'.

The code below works properly, by retrieving a list of file names in the 'documents' table and displaying the filenames in ASCending order by URL with "=$id". The problem I'm having is when I attempt to put a DELETE button next to each record. Once I put the code, that I think should work, all sorts of weird things start happening; like all records being deleted when I click the refresh button. The strange part is that I've assigned a matching $id number to the button, but I don't even have to click it before it deletes all the records.

Here it is WITHOUT the offending DELETE button:

Code: Select all


<?php

include ("dbconnect.php");

$query = "SELECT id, name FROM documents ORDER BY name ASC";

$result = mysql_query($query,$con) or die('Error, query failed');

echo "<form name=\"doc_view\" action=\"\" method=\"post\">" ;
echo "<table width=\"400\" cellspacing=\"2\">" ;

while(list($id, $name) = mysql_fetch_array($result))
{

?>
<tr>
<td width="336"><a href="../modules/mydocuments.php?id=<? echo $id; ?>"><? echo $name; ?></a><br></td>
<td width="52"><input name="Delete" type="button" value="Delete"/></td>
</tr>
<?
}
echo "</table>" ;
echo "</form>" ;

mysql_close($con);

?>

...and the code I'm using directly after the VALUE="Delete"/> that is causing all the problems.

Code: Select all

onSubmit="<?php mysql_query("DELETE FROM documents WHERE id='$id'") or die(mysql_error());?>"/>
I've also tried it with onClick, but that doesn't help either.

So, the WHILE statement creates a URL list of all the uploaded files with unique $id and a delete button next to each URL with the same corresponding $id. It seems, to me, that it should only delete the matching $id, but that's not the case.

I did a test to see if the $id is being seen and it is, so why is the Delete button code deleting everything instead of just the corresponding record?

Thank you in advance for your help...

Re: <input type="Button"> not deleting record properly

Posted: Fri Aug 06, 2010 4:50 pm
by cpetercarter
You can't use "onsubmit" in this way. "onsubmit" and "onclick" are used to indicate a Javascript procedure which the browser should run when the button is clicked. You cannot use them to trigger something in php, which runs on the server and not in the browser.

Instead, for each file listed on your page, create a form, like this:

Code: Select all

<form action="mypage.php?do=delete&id=234" method="post">
<input type="submit"  value="Delete this file!" />
</form>
Then in mypage.php:

Code: Select all

if (isset($_GET['do']) && $_GET['do'] == "delete") {
// whatever you need to do to delete the file with id = $_GET['id']
}

Re: <input type="Button"> not deleting record properly

Posted: Fri Aug 06, 2010 10:08 pm
by diseman
Thank you for the simple and exampled explanation.

I've been trying for hours to learn how to make this work, but I simply can't find the problem. I've done what you've suggested and then tried 100 variations to make it work, but I keep getting a:

Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\wamp\www\_includes\doc_view_delete.php on line 7

I just don't have the experience or resources to figure it out. If you could take a look again, I would be grateful as my head is really starting to hurt from this stuff. : )

Here's the form code:

Code: Select all

<?php

include ("dbconnect.php");

$query = "SELECT id, name FROM documents ORDER BY name ASC";

$result = mysql_query($query,$con) or die('Error, query failed');

while(list($id, $name) = mysql_fetch_array($result))
{
?>
<form action="<?php echo "/_includes/doc_view_delete.php?do=delete&id=$id" ; ?> " method="post">
<table>
<tr>
<td><a href="../modules/mydocuments.php?id=<? echo $id; ?>"><? echo $id; ?></a></td>
<td><input type="submit" value="delete"	/></td>
</tr>
</table>
</form>
<?
}

mysql_close($con);

?>
I used a <?php echo in the <Form ACTION=""> above because when I didn't do that the URL at the top wasn't showing an actual id like 166; instead, it was showing "$id" . I did do it your way as well with several variations, but no luck.

Here's the php code in a separate page as you suggested:

Code: Select all

<?php

include ("dbconnect.php");

if (isset($_GET['do']) && $_GET['do'] == "delete") {

$sql = "DELETE FROM documents WHERE id = $_GET['id']";      // THIS IS LINE 7 that I keep getting the PARSE error
mysql_query($sql,$con) or die("query: $query<br>" . mysql_error());
}

?>
I'm really VERY new to learning PHP, so if you could continue to keep any replies simple that would help a lot. Examples are always welcome too. : )

Thank you in advance for any help...

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 1:39 am
by cpetercarter
Yes, the problem is this line:

Code: Select all

$sql = "DELETE FROM documents WHERE id = $_GET['id']";
You can put a simple variable (like $name or $id) into a (double quoted) string and php will replace it with the value that the variable currently has. So :

Code: Select all

$name = "George";
echo "My name is $name";
will give the output "My name is George".

But php won't do the same with an element in an array, like $name['first_name'] or $_GET['id']. You either need to read the array element into a simple variable first ($first_name = $name['first_name']) or build the string by concatenation eg:

Code: Select all

echo "My name is " . $name['first_name'];
So, replace the problem line with:

Code: Select all

$sql = "DELETE FROM documents WHERE id = " . $_GET['id'];

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 1:45 am
by internet-solution
Try this in line 7

Code: Select all

$sql = "DELETE FROM documents WHERE id =".$_GET['id'];  
The above will work if your id field is numeric (e.g.int)

If your id field is text (eg. varchar) then you have to use single quotes in sql:

Code: Select all

$sql = "DELETE FROM documents WHERE id ='".$_GET['id']."'";  

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 8:47 am
by diseman
Thank you cpetercarter for another plain-English explanation with example. While reading your replies, I find myself thinking you should consider e-publishing a PHP book. You have a nack for making complex problems (for beginners anyway) easier to understand with your step-by-step instruction and examples.

Thank you too internet-solution for jumping in AND providing not only the correct answer as well, but for that nice little tid-bid about the field being INT vs. VARCHAR. That's the kind of stuff that will drive a person insane and I'm very thankful to know in advance.

Both of these answers are so good, I'm glad to have them in my list of posts to refer to again later if/when I need them.

So this worked wonderfully and I'm a little mad with myself because after several hours of really trying to figure it out on my own and Google'ing examples and explanations, I DID run across ONE posting that was VERY, VERY similar to mine. In his code, I DID see him concatenating, BUT at that point I was so tired from this, my head was hurting, and his code was so much more complex, I didn't have it in me to try a whole new set of attempts to make this work.

Thank you both for being on the board and responding. PHP is fun and your help is keeping it exciting.

diseman.

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 9:20 am
by mianmajidali
dear, have u solved problem or not yet ??

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 3:41 pm
by diseman
OK, so now I appear to have a part II issue. :)

Since I only had one button during my original post, it seemed pretty easy to pass the value of the delete button to the php script and delete the file. But, my intent was to add two more buttons; VIEW and RENAME.

Now things become a little more complicated since right now I have hardcoded a url for delete. Don't know what do do for view and rename.

Here's what I have so far. Form is at the bottom and php code is at the top:

Code: Select all

<?php


// ----------------------------------------------------------------------------------------------------------
// Connect to server then db and return error if not connected.
// ----------------------------------------------------------------------------------------------------------

include ("dbconnect.php");

// ----------------------------------------------------------------------------------------------------------
// DELETE Button code:
// When DELETE button is presses, let's delete the record it's associated with. Code being placed on top of
// 'display record' code, so we don't have to refresh the page on DELETE with a 'HEADER' command. HEADER 
// command left in place for future example.
// ----------------------------------------------------------------------------------------------------------

if (isset($_GET['submit']) && $_GET['submit'] == "delete") {

$sql = "DELETE FROM documents WHERE id = " . $_GET['id'];

mysql_query($sql,$con) or die("query: $query<br>" . mysql_error());

// header("Location: ".$_SERVER["PHP_SELF"]);    // See comment above

}

else 

if (isset($_GET['submit']) && $_GET['submit'] == "view") {

echo " <a href=\"../modules/documents.php?id=" .  $_GET['id'] . '   " \" \>test</a>   ' ;

}

// ----------------------------------------------------------------------------------------------------------
// Pull all pdf document records by 'id' and sort ascending
// Display all documents in <input type="text"> 
// Display all documents in URL fashion
// Provide buttons to view, rename, and delete
// ----------------------------------------------------------------------------------------------------------

$query = "SELECT id, name FROM documents ORDER BY name ASC";

$result = mysql_query($query,$con) or die('Error, query failed');

while(list($id, $name) = mysql_fetch_array($result))
{
?>
<form action="<?php echo "?submit=delete&id=$id" ; ?> " method="post">
<table>
<tr>
<td><input name="test" type="text" id="test" class="box275" value="<?php echo $name ; ?>" />
<td><a href="../modules/documents.php?id=<? echo $id; ?>"><? echo $id; ?></a></td>
<td><input type="submit" value="View"	/></td>
<td><input type="submit" value="Rename"	/></td>
<td><input type="submit" value="Delete"	/></td>
</tr>
</table>
</form>
<?
}

// ----------------------------------------------------------------------------------------------------------
// Close database connection
// ----------------------------------------------------------------------------------------------------------

mysql_close($con);

?>
Sorry about the extreme commenting, but I'm trying to learn and use them to help me later if I forget..

Thanks in advance for any help you're able to provide

P.S.. One thing I noticed and this can be another discussion another time, but the URL being passed around for viewing and deleting is being shown plainly. I could simply go in and change the $id and something else happens. That can't be good. : ) Is this what the term SQL injection means?

Re: <input type="Button"> not deleting record properly

Posted: Sat Aug 07, 2010 10:09 pm
by diseman
Update: I figured it out.

Will post for others to see when I get it all working 100%