Below is the code.But my messages are not being deleted.kindly help me and tell me what is wrong
---messages.php-----
<?
session_start();
$connection = mysql_connect("localhost","root","");
mysql_select_db("mailer",$connection);
if(isset($_SESSION['userid']))
{
$msg_to = trim($_SESSION['userid']);
}
$userid=$_SESSION['userid'];
$sql="SELECT * FROM msg WHERE msg_to='".$_SESSION['userid']."' ORDER BY date DESC" ;
$ex=mysql_query($sql);
//$fetch=mysql_fetch_assoc($ex);
include('header1.php');
?>
<script language="javascript">
document.title="Inbox";
</script>
<script language="javascript">
function subform(checkval)
{
var dele="";
var frm=document.frmmsg;
for (var i = 0; i < frm.elements.length; i++)
{
if (frm.elements.type == "checkbox")
{
if(frm.elements.checked && frm.elements.value!="checkbox")
{
if(dele!="")
{
dele=dele+","+frm.elements.value;
}
else
{
dele=frm.elements.value;
}
}
}
}
if(checkval=="del" && dele=="")
{
alert("Please check the messages to be deleted");
frm.checkbox4.focus();
return false;
}
else if(checkval=="del" && dele!="")
{
frm.action="delete.php";
frm.delkey.value = "delete";
frm.submit();
return true;
}
}
/*function removeAll()
{
totElements=document.forms.myForm.selection.length;
countRemovedElements = 0;
for (i=0; i< totElements;i++)
{
thisElement=document.forms.myForm.selection;
if (thisElement.checked == true)
{
countRemovedElements++;
document.getElementById('del'+i).style.display='none';
}
}
document.getElementById('msg').innerHTML = '<strong>' +countRemovedElements+' </strong> elements removed.';
}*/
function checkAll(ref)
{
var chkAll = document.getElementById('checkall');
var checks = document.getElementsByName('sender[]');
var removeButton = document.getElementById('removeChecked');
var boxLength = checks.length;
var allChecked = false;
var totalChecked = 0;
if ( ref == 1 )
{
if (chkAll.checked)
{
for ( i=0; i < boxLength; i++ )
{
checks.checked = true;
}
}
else
{
for ( i=0; i < boxLength; i++ )
{
checks.checked = false;
}
}
}
else
{
for ( i=0; i < boxLength; i++ )
{
if ( checks.checked == true )
{
allChecked = true;
continue;
}
else
{
allChecked = false;
break;
}
}
if ( allChecked == true )
{
chkAll.checked = true;
}
else
{
chkAll.checked = false;
}
}
/* for ( j=0; j < boxLength; j++ )
{
if ( checks[j].checked == true )
{
totalChecked++;
}
}
removeButton.value = "Remove ["+totalChecked+"] Selected";*/
}
</script>
<html>
<body leftmargin="0" topmargin="0">
<table width="1003" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="100" height="12" align="left" valign="top"> <? include('leftmenu.php'); ?> </td>
<td width="573" align="center" valign="top" style="padding:5px; padding-top:0px;">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="21" style="padding:0px;">
<table width="100%" border="1" cellspacing="0" cellpadding="0">
<tr>
<td width="67" align="center" valign="middle"><a href="sent.php"><strong>Sent</strong></a></td>
<td width="67" align="center" valign="middle"><a href="trash.php"><strong>Trash</strong></a></td>
<td width="75" align="center" valign="middle"><a href="compose.php"><strong>Compose</strong></a></td>
<td width="75" align="center" valign="middle"><a href="call.php"><strong>Calendar</strong></a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td><blockquote> </blockquote>
<table cellpadding="0" cellspacing="0" width="100%" align="center">
<tr>
<td height="5px;" align="left" valign="top" ></td>
</tr>
<form name="frmmsg" method="post" action="delete.php">
<tr>
<td align="left" valign="top" style="padding:0px;">
<table width="98%" border="0" cellspacing="0" cellpadding="0" align="center" >
<tr>
<td width="5%" align="left" valign="middle"><a href="#" >
<input type="checkbox" name="checkbox4[]" id="checkbox4" value="<? echo $fetch['msgid']; ?>" onClick="removeAll();"/>
</a></td>
<td width="95%" colspan="5" align="left" bgcolor="#FFFFFF"><input name="delete" type="submit" id="del" value="delete"></td>
</tr>
</table> </td>
</tr>
<tr>
<td height="5px;" align="left" valign="top" ></td>
</tr>
<tr>
<td height="21" style="padding:0px;">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="6%" height="19" align="center" valign="middle" bgcolor="#99CCFF"><input type="checkbox" name="checkall" id="checkall" value="1" onClick="checkAll(1)"/></td>
<td bgcolor="#99CCFF" width="21%" align="left" valign="middle"><font color="#0000FF">Sender</font></td>
<td bgcolor="#99CCFF" width="43%" align="left" valign="middle"><font color="#0000FF">Message</font></td>
<td bgcolor="#99CCFF" width="30%" align="center" valign="middle"><font color="#0000FF">Date</font></td>
</tr>
</table> </td>
</tr>
<?
while($fetch=mysql_fetch_assoc($ex))
{
//var_dump($fetch);
$sql3="SELECT * FROM mail WHERE userid=".$fetch['msg_from']."";
$details=mysql_query($sql3);
$fetch1=mysql_fetch_assoc($details);
$status=$fetch['status'];
?>
<tr>
<td height="21" style="padding:0px;">
<table width="98%" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td width="5%" align="left" valign="middle"><input type="checkbox" name="sender[]" id="sender" value="<?=$fetch['msgid'];?>"/></td>
<td width="21%" align="left" valign="middle"><a href="profile1.php?userid=<? echo $fetch['msg_from']; ?>"><? echo $fetch1['email']; ?> </a></td>
<td width="44%" align="left" valign="middle">
<a href="readmessage.php?msgid=<?=$fetch['msgid']; ?>">
<?
if($status==0)
{
echo "<font size='4'>".$fetch['sub']."</font>";
}
else
{
echo $fetch['sub'];
}
?>
</a></td>
<td width="30%" align="center" valign="middle"><? echo $fetch['date']; ?></td>
<!--<td width="5%" align="left" valign="middle"><a href="delete.php?userid=<?= $fetch['msgid']?>">Delete</a> </td>
<td width="5%" align="left" valign="middle"><input type="checkbox" name="del[]" value="<?=$fetch['msgid'];?>" onClick="javascript: subform('del');"/></td>--> </tr>
</table> </td>
</tr>
<?
}
?>
</form>
</table> </td>
</tr>
</table></td>
</tr>
</table><!--</td>
</tr>-->
<?
include('footer.php');
?>
<!--</table>
--></body>
</html>
------delete.php ------------
<?php
session_start();
$connection = mysql_connect("localhost","root","");
mysql_select_db("mailer",$connection);
include('header1.php');
if(isset($_REQUEST['userid']))
{
$msgid = $_REQUEST['userid'];
// echo $sql="DELETE * FROM msg where msgid='".$_REQUEST['msgid']."' LIMIT 1";
$sql="DELETE msg FROM msg where msgid=$msgid";
$result=mysql_query( $sql);
}
?>
<script language="javascript">
document.title="Delete message";
alert('Do you want to delete this message?');
</script>
<table width="1003" align="center" border="1" cellpadding="0" cellspacing="0">
<tr>
<td align="center">Your message has been deleted successfully.
<input name="Back" type="submit" id="Back" value="Back" onclick="javascript:window.location='messages.php';">
</td> </tr>
<?
include('footer.php');
?>
</table>
Regarding deleting of multiple checkbox
Moderator: General Moderators
Re: Regarding deleting of multiple checkbox
What is wrong is you didn't attempt to debug, try outputting the queries before they are executed and see if you get what's expected, try manually running the queries, do they return the correct data? are yuo getting an error message?
Re: Regarding deleting of multiple checkbox
thanku for reply...i have run the query ...m nt getting any error messages.but messages are not being deleted....i dont know what is wrong..and where it is wrong?
Re: Regarding deleting of multiple checkbox
Then you need to double check your queries logic, since the syntax is ok.
Re: Regarding deleting of multiple checkbox
thanku once again.....m nt able to understand whats wrong in tat query...i think in the place of msgid i should submit the delid or the name of the checkbox..
Re: Regarding deleting of multiple checkbox
Wow ... that is one of the most confusing pieces of scripting that I've seen on here.
Have you given any thought to the fact that anyone could just enter the URL delete.php?userid=1 into their browser. If they got cute they could code up a nice little routine to recursively send userid=1 through to say ... userid=1000000. Or even just use userid=% a million times. Luckily you have LIMIT 1, otherwise we could use it once and walk away.
I'd recommend against using $_REQUEST to check the id. You don't know if it's from POST or GET. I'd really recommend using only POST for delete calls. It's still pretty much totally insecure, but it'll take more than the 2 seconds for your average noobie to adjust your URL.
Oh, and assuming that the user id is being carried with sessions, I would amend the delete query to delete where msgid = x AND userid = y. This way a person can only delete anything that belongs to them.
What is the purpose of using javascript here anyway? You could scrap all the javacript, and still have the form work with a single page load (which it appears the javascript is supposed to be doing). I could be wrong on the javascript though ... I only gave it a cursory glance.
Anyhow .. back to the root of the problem. It would appear that you are submitting the form either way, so you'll need to pull the item id's from $_POST (or $_REQUEST if you *really* must). Only problem there is that in delete.php you are getting your delete list from 'userid'. You don't *have* a field in your form called userid. This would only catch the GET parameters you used and now have commented out. I imagine you are wanting to check $_POST['del'] to get the checked boxes, although you'll want to keep in mind that $_POST['del'] is going to be an array. Though, having said that, I'm not confused about the whole LIMIT 1 deal.
Anyhow ... I may be way off base here, as I said at the start, I'm finding this code confusing reading. Using the forums
Have you given any thought to the fact that anyone could just enter the URL delete.php?userid=1 into their browser. If they got cute they could code up a nice little routine to recursively send userid=1 through to say ... userid=1000000. Or even just use userid=% a million times. Luckily you have LIMIT 1, otherwise we could use it once and walk away.
I'd recommend against using $_REQUEST to check the id. You don't know if it's from POST or GET. I'd really recommend using only POST for delete calls. It's still pretty much totally insecure, but it'll take more than the 2 seconds for your average noobie to adjust your URL.
Oh, and assuming that the user id is being carried with sessions, I would amend the delete query to delete where msgid = x AND userid = y. This way a person can only delete anything that belongs to them.
What is the purpose of using javascript here anyway? You could scrap all the javacript, and still have the form work with a single page load (which it appears the javascript is supposed to be doing). I could be wrong on the javascript though ... I only gave it a cursory glance.
Anyhow .. back to the root of the problem. It would appear that you are submitting the form either way, so you'll need to pull the item id's from $_POST (or $_REQUEST if you *really* must). Only problem there is that in delete.php you are getting your delete list from 'userid'. You don't *have* a field in your form called userid. This would only catch the GET parameters you used and now have commented out. I imagine you are wanting to check $_POST['del'] to get the checked boxes, although you'll want to keep in mind that $_POST['del'] is going to be an array. Though, having said that, I'm not confused about the whole LIMIT 1 deal.
Anyhow ... I may be way off base here, as I said at the start, I'm finding this code confusing reading. Using the forums
Code: Select all
tags could help there.
I hope there is something helpful in here somewhere. :P
CheersRe: Regarding deleting of multiple checkbox
k..plz dnt mind can u please give me the code how to delete the multiple checkboxes.
Re: Regarding deleting of multiple checkbox
Code: Select all
if(isset($_POST['del']) && is_array($_POST['del']))
{
foreach($_POST['del'] as $unsafe) $escaped[] = mysql_real_escape_string($unsafe);
$sql="DELETE msg FROM msg WHERE msgid IN ('" . implode("','", $escaped) . "')";
$result=mysql_query( $sql);
}I'd personally also want to run a few more validation checks on those POST values. They should all be numbers, shouldn't they? Seems like a good place to start.
Cheers