php not picking up selected items to be removed

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
doug76
Forum Commoner
Posts: 26
Joined: Tue Aug 24, 2010 7:44 am

php not picking up selected items to be removed

Post by doug76 »

I have been trying to solve this problem for a week and cannot see what I have done wrong (I am fairly new to PHP)
I am trying to make a php program that can remove items from a MySQL database. I have the form and the options. But when I click ion remove it always says:
Sorry, no high score was specified for removal.
I'm using 'localhost'.
I'm sure it is something obvious! I include both programs below:

Admin.php
<?php

require_once('appvars.php');
require_once('connectvars.php');

// Connect to the database
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

// Retrieve the score data from MySQL
$query = "SELECT * FROM gwdb ORDER by score DESC";
$data = mysqli_query($dbc, $query);

//LOOP through the array of score data, formatting as HTML


echo '<table>';

while ($row = mysqli_fetch_array($data)) {

//display score data

echo '<tr class="scorerow"><td><strong>' . $row['first_name'] . '</strong></td>';
echo '<td>' . $row['last_name'] . '</td>';
echo '<td>' . $row['score'] . '</td>';

echo '<td><a href="removescore.php?first_name= ' .$row['first_name'] . '&last_name=' . $row['last_name'] . '&score=' . $row['score'] .
' &screenshot=' . $row['screenshot'] . '">Remove</a></td></tr>';

}

echo '</table>';

mysqli_close($dbc);

?>

removescore.php
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title> Guitar wars -Remove High Socre</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Guitar Wars - Remove High Score</h2>

<?php
require_once('appvars.php');
require_once('connectvars.php');

if (isset($_GET['first_name']) && isset($_GET['last_name']) && isset($_GET['score']) && isset($_GET['screeenshot'])) {

//Grab the score data from the GET
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$score = $_GET['score'];
$screenshot = $_GET['screenshot'];
}

else if (isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['score'])) {

// Grab the score data from the post
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$score = $_POST['score'];
$screenshot = $_POST['screenshot'];

}

else {

echo '<P class="error">Sorry, no high score was specified for removal. </p>';
}

if (isset($_POST['submit'])) {
if ($_POST['confrim'] == 'YES' ) {

//Delete the screen shot image from the server
@unlink(GW_UPLOADPATH. $screenshot);

//Connect to the database
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

//Delete the score data from the database
$query ="DELETE_FROM gwdb WHERE first_name = $first_name LIMIT 1";

mysqli_query($dbc, $query);
mysqli_close($dbc);

//Confirm success with the user
echo '<p class="error">The high score was not removed.</p>';
}
}

else if (isset($first_name) && isset ($last_name) && isset($score) && isset($screenshot)) {

echo '<p>Are you sure you want to delete the following high score?</p>';
echo '<p><strong>First Name: </strong>' . $first_name . '<br /><strong>Last Name: </strong>' . $last_name .'<br />
<strong>Score: </strong>'. $score . '</p>';
echo '<form method="post" action ="removescore.php">';
echo '<input type="radio" name="confirm" value="yes" /> YES ';
echo '<input type="radio" name="confirm" value="no" checked ="checked" />NO <br />';
echo '<input type-"submit" value="submit" name="submit" />';

echo '<input type="hidden" name="first_name" value =' . $firstname . '" />';
echo '<input type="hidden" name="last_name" value = '. $last_name . '" />';
echo '<input type="hidden" name="score" value = '. $score . '" />';
echo '<input type="hidden" name="screenshot" value = '. $screenshot . '">';
echo '</form>';

}

echo '<p><a href="admin.php"><< Back to admin page</a><p>';
JakeJ
Forum Regular
Posts: 675
Joined: Thu Dec 10, 2009 6:27 pm

Re: php not picking up selected items to be removed

Post by JakeJ »

It looks to me like you're not even using a form.

Here's an example for you:

Code: Select all

//index.html
<form id="form" name="form" method="post" action="process.php">
<input type="text" id="input" name="input" value="">
<input type="submit" value="submit">
</form>

//process.php
$action = $_POST['input'];
mysql_query("SELECT * FROM table WHERE data = '$action'");
Hopefully you can adapt your code from there.
doug76
Forum Commoner
Posts: 26
Joined: Tue Aug 24, 2010 7:44 am

Re: php not picking up selected items to be removed

Post by doug76 »

Thanks Jake, but the data is already there.I can successfully add data from another php programme i ahve done. A form, I don't think, is needed.

The problem as far as I can see from results I the data present is not being picked up and passed to the removescore.php
Bind
Forum Contributor
Posts: 102
Joined: Wed Feb 03, 2010 1:22 am

Re: php not picking up selected items to be removed

Post by Bind »

you have a typo.

in the following line your $_POST arguement variable is 'confrim':

Code: Select all

if ($_POST['confrim'] == 'YES' ) {
but in your html output your $_POST delete variable name is 'confirm':

Code: Select all

echo '<input type="radio" name="confirm" value="yes" /> YES ';
echo '<input type="radio" name="confirm" value="no" checked ="checked" />NO 
';
so change one or the other to match, which will trigger the arguements enclosed code.
doug76
Forum Commoner
Posts: 26
Joined: Tue Aug 24, 2010 7:44 am

Re: php not picking up selected items to be removed

Post by doug76 »

Hi Bind,

Thanks for that...but it still doesn't work!
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: php not picking up selected items to be removed

Post by McInfo »

1. Here, there are three Es in "screenshot":

Code: Select all

isset($_GET['screeenshot']) // eee
2. By the way, isset() will accept multiple variables:

Code: Select all

isset ($_GET['first_name'], $_GET['last_name'], $_GET['score'], $_GET['screenshot'])
3. When the script performs isset() on $_POST, it doesn't check $_POST['screenshot'].

4. There are two extra spaces here (after "first_name=" and before "&screenshot"):

Code: Select all

echo '<td><a href="removescore.php?first_name= ' .$row['first_name'] . '&last_name=' . $row['last_name'] . '&score=' . $row['score'] .
' &screenshot=' . $row['screenshot'] . '">Remove</a></td></tr>';
5. The title is troubled (notice "oc" vs. "co"):

Code: Select all

<title> Guitar wars -Remove High Socre</title><!-- is -->
<title>Guitar Wars - Remove High Score</title><!-- should be -->
6. Lines like this are missing double-quotes (see the value attribute):

Code: Select all

echo '<input type="hidden" name="first_name" value =' . $firstname . '" />'; // is
echo '<input type="hidden" name="first_name" value="' . $firstname . '" />'; // should be
7. Here, "<P" should be "<p":

Code: Select all

echo '<P class="error">
There could be more...
doug76
Forum Commoner
Posts: 26
Joined: Tue Aug 24, 2010 7:44 am

Re: php not picking up selected items to be removed

Post by doug76 »

Thank you very much McInfo. The programme is so close to working now! but not quite. I now get a success message to say the score has been deleted but it hasn't. It is stil there.
I have added a column "id" to the database to help identify data more clearly and I have inlcuded this in all the code. I feel the error must be in the line " $query = "DELETE FROM gwdb WHERE id = $id LIMIT 1"; but I'm sure that line is correct but is not actioning for some reason.

The new code is below:
admin.php
<html>
<head>
<meta http-equiv="COntent-type" content="text/html; charset=utf-8" />
<title>Guitar wars - High scores administration</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Guitar Wars - High Score Administration</h2>
<p>Below is a list of all Guitar High Scores. Use this page to delete scores as needed</p>

<hr />

<?php

require_once('appvars.php');
require_once('connectvars.php');

// Connect to the database
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

// Retrieve the score data from MySQL
$query = "SELECT * FROM gwdb ORDER by score DESC";
$data = mysqli_query($dbc, $query);

//LOOP through the array of score data, formatting as HTML


echo '<table>';

while ($row = mysqli_fetch_array($data)) {

//display score data

echo '<tr class="scorerow"><td><strong>' . $row['first_name'] . '</strong></td>';
echo '<td>' . $row['last_name'] . '</td>';
echo '<td>' . $row['score'] . '</td>';

echo '<td><a href="removescore.php?id=' . $row['id'] . '&first_name=' . $row['first_name'] . '&last_name=' . $row['last_name'] . '&score=' . $row['score'] .
'&screenshot=' . $row['screenshot'] . '">Remove</a></td></tr>';



}

echo '</table>';

mysqli_close($dbc);

?>

removescore.php

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Guitar wars - Remove High Score</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<h2>Guitar Wars - Remove High Score</h2>

<?php
require_once('appvars.php');
require_once('connectvars.php');

if (isset($_GET['id']) && isset($_GET['first_name']) && isset($_GET['last_name']) && isset($_GET['score']) && isset($_GET['screenshot'])) {



//Grab the score data from the GET
$id = $_GET['id'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$score = $_GET['score'];
$screenshot = $_GET['screenshot'];
}

else if (isset($_POST['id']) && isset($_POST['first_name']) && isset($_POST['last_name']) && isset($_POST['score']) && isset($_POST['screenshot'])) {

// Grab the score data from the post
$id = $_POST['id'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$score = $_POST['score'];
$screenshot = $_POST['screenshot'];

}

else {

echo '<p class="error">Sorry, no high score was specified for removal. </p>';
}

if (isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes' ) {

//Delete the screen shot image from the server
@unlink(GW_UPLOADPATH . $screenshot);

//Connect to the database
$dbc = mysqli_connect(DB_Host, DB_User, DB_Password, DB_Name);

//Delete the score data from the database
$query ="DELETE_FROM gwdb WHERE id = $id LIMTI 1";

mysqli_query($dbc, $query);
mysqli_close($dbc);

//Confirm success with the user

echo '<p>The high score of '.$score.' for '.$first_name. ' was successfully removed.';
}

else {

echo '<p class="error">The high score was not removed.</p>';
}
}

else if (isset($id) && isset ($first_name) && isset ($last_name) && isset($score) && isset($screenshot)) {

echo '<p>Are you sure you want to delete the following high score?</p>';
echo '<p><strong>First Name: </strong>' . $first_name . '<br /><strong>Last Name: </strong>' . $last_name .'<br />
<strong>Score: </strong>'. $score . '</p>';
echo '<form method="post" action ="removescore.php">';
echo '<input type="radio" name="confirm" value="Yes" /> Yes ';
echo '<input type="radio" name="confirm" value="No" checked ="checked" />No <br />';
echo '<input type="submit" value="submit" name="submit" />';

echo '<input type="hidden" name="id" value="'. $id .'" />';
echo '<input type="hidden" name="first_name" value ="' . $first_name . '" />';
echo '<input type="hidden" name="last_name" value = "'. $last_name . '" />';
echo '<input type="hidden" name="score" value = "'. $score . '" />';
echo '<input type="hidden" name="screenshot" value = "'. $screenshot . '">';
echo '</form>';

}

echo '<p><a href="admin.php"><< Back to admin page</a><p>';

?>

</body>
</html>
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: php not picking up selected items to be removed

Post by McInfo »

1. In the DELETE query, there is a rogue underscore and "LIMIT" is misspelled. Correct:

Code: Select all

$query = "DELETE FROM gwdb WHERE id = $id LIMIT 1";
2. This script is vulnerable to SQL injection. Sanitize the inputs.

3. Test mysqli_affected_rows() before displaying a deletion confirmation message.
doug76
Forum Commoner
Posts: 26
Joined: Tue Aug 24, 2010 7:44 am

Re: php not picking up selected items to be removed

Post by doug76 »

Thank you so much McInfo, it is working! One thing is clear: I need to check my code more carefully as I repeatedly missed the underscore but was obvious when pointed out.

I will take heed of your comments and thank you once again.
Post Reply