Page 1 of 1

Problems deleting mutiple records

Posted: Thu May 17, 2007 7:29 am
by ghadacr
I'm trying to delete mutiple records upon a selection of check boxes, but the scipt does not delete records if i select more than one, but insteads deletes only one record.

Here is the code:

updateuser. php

Code: Select all

<?PHP include 'opendb.php'; ?>


<?PHP include 'header.php'; ?>
<?PHP
//$checkbox;
$sql="SELECT * FROM Users";
$result=mssql_query($sql);

$count=mssql_num_rows($result);

?>
<table width="400" border="0" cellspacing="1" cellpadding="0"> 
<tr>
<td><form name="form1" method="post" action="Userdelete.php">
        <table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
          <tr> 
            <td bgcolor="#FFFFFF">&nbsp;</td>
            <td colspan="3" bgcolor="#FFFFFF"><strong>Delete Users</strong> </td>
          </tr>
          <tr> 
            <td align="center" bgcolor="#FFFFFF">#</td>
            <td align="center" bgcolor="#FFFFFF"><strong>UserID</strong></td>
            <td align="center" bgcolor="#FFFFFF"><strong>UserName</strong></td>
            <td align="center" bgcolor="#FFFFFF"><strong>UserInitials</strong></td>
          </tr>
          <?php
while($rows=mssql_fetch_array($result)){
?>
          <tr> 
            <td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $rows['UserID']; ?>"></td>
            <td bgcolor="#FFFFFF"><?php echo $rows['UserID']; ?></td>
            <td bgcolor="#FFFFFF"><?php echo $rows['UserName']; ?></td>
            <td bgcolor="#FFFFFF"><?php echo $rows['UserInitials']; ?></td>
          </tr>
          <?php
}
?>
          <tr> 
            <td colspan="4" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="delete"></td>
          </tr>
          <?php
// Check if delete button active, start this 
$checkbox="checkbox[]";
if($delete = 'delete'){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i]; 
$sqld = "DELETE FROM Users WHERE UserID='$del_id'"; 
//$result3 = mssql_query($sqld);
}

// if successful redirect to delete_multiple.php 
if($result3 = mssql_query($sqld) ){
echo "<meta http-equiv= content=\"0;URL=Userdelete.php\">"; 
}
else echo"Problem deleting";
}
mssql_close();
?>
        </table>
</form>
</td>
</tr>
</table>
Userdelete.php

Code: Select all

<?PHP include 'opendb.php'; ?>


<?PHP include 'header.php'; ?>

<?php

$UserName = 'UserName'
$UserInitials = $_GET['UserInitials'];
$UserID = $_GET['UserID'];

$query="UPDATE Users SET UserName='$UserName', UserInitials='$UserInitials' WHERE UserID='$UserID'";

mssql_query($query);
echo "Record Updated";
mssql_close();
?>

<?PHP include 'footer.php'; ?>

Posted: Thu May 17, 2007 9:10 am
by volka
Image Your form has action="Userdelete.php" set. But Userdelete.php doesn't perform a DELETE query but an UPDATE. On the other hand updateuser. php doesn't perform an UPDATE but a DELETE query...

Posted: Thu May 17, 2007 9:38 am
by ghadacr
Posted wrong code

here is the real version, sorry

Code: Select all

<?PHP include 'opendb.php'; ?>


<?PHP include 'header.php'; ?>

<?php

//$UserName = $_GET['UserName'];
//$UserInitials = $_GET['UserInitials'];
$UserID = $_POST['UserID'];

$query="DELETE Users WHERE UserID='$UserID'";

mssql_query($query);
echo "Records Updated";
mssql_close();
?>

<?PHP include 'footer.php'; ?>

Posted: Thu May 17, 2007 9:44 am
by Kadanis
If you are using checkboxes to select multiple items, you will be returning an array from the POST variables. In your delete code you do not iterate over the array you just attempt to use it in the SQL statement as a single value variable.

You also need to call the name of your check box array from the form. You've called it "checkbox[]" but do not access this variable in your delete code.

Usually I would expect something like

Code: Select all

$user_ids = $_POST['checkbox'];

foreach ( $user_ids as $user_id ) {
   $query = "DELETE FROM Users WHERE UserID = '$user_id';";
   mysql_query( $query );
}

Posted: Thu May 17, 2007 9:59 am
by ghadacr
That didnt work, sorry

Posted: Thu May 17, 2007 10:36 am
by volka
try

Code: Select all

echo '<pre>'; var_export($_POST); echo '</pre>';

$user_ids = $_POST['checkbox'];
what does it print?

btw there's still no error handling in your script and the statement is still prone to sql injections. see viewtopic.php?p=381748#381748