Regarding deleting of multiple checkbox

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
anushal
Forum Newbie
Posts: 6
Joined: Thu Sep 11, 2008 6:28 am

Regarding deleting of multiple checkbox

Post by anushal »

Below is the code.But my messages are not being deleted.kindly help me and tell me what is wrong
---messages.php-----
<?
session_start();
$connection = mysql_connect("localhost","root","");
mysql_select_db("mailer",$connection);
if(isset($_SESSION['userid']))
{
$msg_to = trim($_SESSION['userid']);
}
$userid=$_SESSION['userid'];
$sql="SELECT * FROM msg WHERE msg_to='".$_SESSION['userid']."' ORDER BY date DESC" ;
$ex=mysql_query($sql);
//$fetch=mysql_fetch_assoc($ex);
include('header1.php');
?>
<script language="javascript">
document.title="Inbox";
</script>
<script language="javascript">
function subform(checkval)
{
var dele="";
var frm=document.frmmsg;
for (var i = 0; i < frm.elements.length; i++)
{
if (frm.elements.type == "checkbox")
{
if(frm.elements.checked && frm.elements.value!="checkbox")
{
if(dele!="")
{
dele=dele+","+frm.elements.value;
}
else
{
dele=frm.elements.value;
}
}
}
}
if(checkval=="del" && dele=="")
{
alert("Please check the messages to be deleted");
frm.checkbox4.focus();
return false;
}
else if(checkval=="del" && dele!="")
{
frm.action="delete.php";
frm.delkey.value = "delete";
frm.submit();
return true;
}
}
/*function removeAll()
{
totElements=document.forms.myForm.selection.length;
countRemovedElements = 0;
for (i=0; i< totElements;i++)
{
thisElement=document.forms.myForm.selection;
if (thisElement.checked == true)
{
countRemovedElements++;
document.getElementById('del'+i).style.display='none';
}
}
document.getElementById('msg').innerHTML = '<strong>' +countRemovedElements+' </strong> elements removed.';
}*/
function checkAll(ref)
{
var chkAll = document.getElementById('checkall');
var checks = document.getElementsByName('sender[]');
var removeButton = document.getElementById('removeChecked');
var boxLength = checks.length;
var allChecked = false;
var totalChecked = 0;
if ( ref == 1 )
{
if (chkAll.checked)
{
for ( i=0; i < boxLength; i++ )
{
checks.checked = true;
}
}
else
{
for ( i=0; i < boxLength; i++ )
{
checks.checked = false;
}
}
}
else
{
for ( i=0; i < boxLength; i++ )
{
if ( checks.checked == true )
{
allChecked = true;
continue;
}
else
{
allChecked = false;
break;
}
}
if ( allChecked == true )
{
chkAll.checked = true;
}
else
{
chkAll.checked = false;
}
}
/* for ( j=0; j < boxLength; j++ )
{
if ( checks[j].checked == true )
{
totalChecked++;
}
}
removeButton.value = "Remove ["+totalChecked+"] Selected";*/
}
</script>
<html>
<body leftmargin="0" topmargin="0">
<table width="1003" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="100" height="12" align="left" valign="top"> <? include('leftmenu.php'); ?> </td>
<td width="573" align="center" valign="top" style="padding:5px; padding-top:0px;">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td height="21" style="padding:0px;">
<table width="100%" border="1" cellspacing="0" cellpadding="0">
<tr>
<td width="67" align="center" valign="middle"><a href="sent.php"><strong>Sent</strong></a></td>
<td width="67" align="center" valign="middle"><a href="trash.php"><strong>Trash</strong></a></td>
<td width="75" align="center" valign="middle"><a href="compose.php"><strong>Compose</strong></a></td>
<td width="75" align="center" valign="middle"><a href="call.php"><strong>Calendar</strong></a></td>
</tr>
</table>
</td>
</tr>
<tr>
<td><blockquote>&nbsp;</blockquote>
<table cellpadding="0" cellspacing="0" width="100%" align="center">
<tr>
<td height="5px;" align="left" valign="top" ></td>
</tr>
<form name="frmmsg" method="post" action="delete.php">
<tr>
<td align="left" valign="top" style="padding:0px;">
<table width="98%" border="0" cellspacing="0" cellpadding="0" align="center" >
<tr>
<td width="5%" align="left" valign="middle"><a href="#" >
<input type="checkbox" name="checkbox4[]" id="checkbox4" value="<? echo $fetch['msgid']; ?>" onClick="removeAll();"/>
</a></td>
<td width="95%" colspan="5" align="left" bgcolor="#FFFFFF"><input name="delete" type="submit" id="del" value="delete"></td>
</tr>
</table> </td>
</tr>
<tr>
<td height="5px;" align="left" valign="top" ></td>
</tr>
<tr>
<td height="21" style="padding:0px;">
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="6%" height="19" align="center" valign="middle" bgcolor="#99CCFF"><input type="checkbox" name="checkall" id="checkall" value="1" onClick="checkAll(1)"/></td>
<td bgcolor="#99CCFF" width="21%" align="left" valign="middle"><font color="#0000FF">Sender</font></td>
<td bgcolor="#99CCFF" width="43%" align="left" valign="middle"><font color="#0000FF">Message</font></td>
<td bgcolor="#99CCFF" width="30%" align="center" valign="middle"><font color="#0000FF">Date</font></td>
</tr>
</table> </td>
</tr>
<?
while($fetch=mysql_fetch_assoc($ex))
{
//var_dump($fetch);
$sql3="SELECT * FROM mail WHERE userid=".$fetch['msg_from']."";
$details=mysql_query($sql3);
$fetch1=mysql_fetch_assoc($details);
$status=$fetch['status'];
?>
<tr>
<td height="21" style="padding:0px;">
<table width="98%" border="0" align="center" cellpadding="5" cellspacing="0">
<tr>
<td width="5%" align="left" valign="middle"><input type="checkbox" name="sender[]" id="sender" value="<?=$fetch['msgid'];?>"/></td>
<td width="21%" align="left" valign="middle"><a href="profile1.php?userid=<? echo $fetch['msg_from']; ?>"><? echo $fetch1['email']; ?> </a></td>

<td width="44%" align="left" valign="middle">
<a href="readmessage.php?msgid=<?=$fetch['msgid']; ?>">
<?
if($status==0)
{
echo "<font size='4'>".$fetch['sub']."</font>";
}
else
{
echo $fetch['sub'];
}
?>
</a></td>
<td width="30%" align="center" valign="middle"><? echo $fetch['date']; ?></td>
<!--<td width="5%" align="left" valign="middle"><a href="delete.php?userid=<?= $fetch['msgid']?>">Delete</a> </td>
<td width="5%" align="left" valign="middle"><input type="checkbox" name="del[]" value="<?=$fetch['msgid'];?>" onClick="javascript: subform('del');"/></td>--> </tr>
</table> </td>
</tr>
<?
}
?>
</form>
</table> </td>
</tr>
</table></td>
</tr>
</table><!--</td>
</tr>-->
<?
include('footer.php');
?>
<!--</table>
--></body>
</html>

------delete.php ------------
<?php
session_start();
$connection = mysql_connect("localhost","root","");
mysql_select_db("mailer",$connection);
include('header1.php');
if(isset($_REQUEST['userid']))
{
$msgid = $_REQUEST['userid'];
// echo $sql="DELETE * FROM msg where msgid='".$_REQUEST['msgid']."' LIMIT 1";
$sql="DELETE msg FROM msg where msgid=$msgid";
$result=mysql_query( $sql);
}
?>
<script language="javascript">
document.title="Delete message";
alert('Do you want to delete this message?');
</script>
<table width="1003" align="center" border="1" cellpadding="0" cellspacing="0">
<tr>
<td align="center">Your message has been deleted successfully.
<input name="Back" type="submit" id="Back" value="Back" onclick="javascript:window.location='messages.php';">
</td> </tr>
<?
include('footer.php');
?>
</table>
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Regarding deleting of multiple checkbox

Post by josh »

What is wrong is you didn't attempt to debug, try outputting the queries before they are executed and see if you get what's expected, try manually running the queries, do they return the correct data? are yuo getting an error message?
anushal
Forum Newbie
Posts: 6
Joined: Thu Sep 11, 2008 6:28 am

Re: Regarding deleting of multiple checkbox

Post by anushal »

thanku for reply...i have run the query ...m nt getting any error messages.but messages are not being deleted....i dont know what is wrong..and where it is wrong?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Regarding deleting of multiple checkbox

Post by josh »

Then you need to double check your queries logic, since the syntax is ok.
anushal
Forum Newbie
Posts: 6
Joined: Thu Sep 11, 2008 6:28 am

Re: Regarding deleting of multiple checkbox

Post by anushal »

thanku once again.....m nt able to understand whats wrong in tat query...i think in the place of msgid i should submit the delid or the name of the checkbox..
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: Regarding deleting of multiple checkbox

Post by Stryks »

Wow ... that is one of the most confusing pieces of scripting that I've seen on here.

Have you given any thought to the fact that anyone could just enter the URL delete.php?userid=1 into their browser. If they got cute they could code up a nice little routine to recursively send userid=1 through to say ... userid=1000000. Or even just use userid=% a million times. Luckily you have LIMIT 1, otherwise we could use it once and walk away.

I'd recommend against using $_REQUEST to check the id. You don't know if it's from POST or GET. I'd really recommend using only POST for delete calls. It's still pretty much totally insecure, but it'll take more than the 2 seconds for your average noobie to adjust your URL.

Oh, and assuming that the user id is being carried with sessions, I would amend the delete query to delete where msgid = x AND userid = y. This way a person can only delete anything that belongs to them.

What is the purpose of using javascript here anyway? You could scrap all the javacript, and still have the form work with a single page load (which it appears the javascript is supposed to be doing). I could be wrong on the javascript though ... I only gave it a cursory glance.

Anyhow .. back to the root of the problem. It would appear that you are submitting the form either way, so you'll need to pull the item id's from $_POST (or $_REQUEST if you *really* must). Only problem there is that in delete.php you are getting your delete list from 'userid'. You don't *have* a field in your form called userid. This would only catch the GET parameters you used and now have commented out. I imagine you are wanting to check $_POST['del'] to get the checked boxes, although you'll want to keep in mind that $_POST['del'] is going to be an array. Though, having said that, I'm not confused about the whole LIMIT 1 deal.

Anyhow ... I may be way off base here, as I said at the start, I'm finding this code confusing reading. Using the forums

Code: Select all

 tags could help there.

I hope there is something helpful in here somewhere.  :P 

Cheers
anushal
Forum Newbie
Posts: 6
Joined: Thu Sep 11, 2008 6:28 am

Re: Regarding deleting of multiple checkbox

Post by anushal »

k..plz dnt mind can u please give me the code how to delete the multiple checkboxes.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Re: Regarding deleting of multiple checkbox

Post by Stryks »

Code: Select all

if(isset($_POST['del']) && is_array($_POST['del']))
{
   foreach($_POST['del'] as $unsafe) $escaped[] = mysql_real_escape_string($unsafe);
   $sql="DELETE msg FROM msg WHERE msgid IN ('" . implode("','", $escaped) . "')";
   $result=mysql_query( $sql);
}
Or something like that. But it's still wide open in terms of users being able to delete any item, not just the ones the user owns.

I'd personally also want to run a few more validation checks on those POST values. They should all be numbers, shouldn't they? Seems like a good place to start.

Cheers
Post Reply