2

I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.

This is my code for the results page:

<?php
                    
    $contacts = mysql_query("
        SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
    
    // If results
    if( mysql_num_rows( $contacts ) > 0 )
    ?>
    
    <table id="contact-list">
        <thead>
            <tr>
                <th>Name</th>
                <th>Email</th>
                <th>Telephone</th>
                <th>Address</th>
  <th>Delete</th>
            </tr>
        </thead>
        <tbody>
        
        <?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
        
        

            <tr>
                <td class="contact-name"><?php echo $contact['name']; ?></td>
                <td class="contact-email"><?php echo $contact['email']; ?></td>
                <td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
                <td class="contact-address"><?php echo $contact['address']; ?></td>
                <td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>                
            </tr>
            
        <?php endwhile; ?>
        
        </tbody>
    </table>

and, this is my delete.php script

<?php

//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

//sends the query to delete the entry
mysql_query ($query);

if (mysql_affected_rows() == 1) { 
//if it updated
?>

            <strong>Contact Has Been Deleted</strong><br /><br />
    
<?php
 } else { 
//if it failed
?>
    
            <strong>Deletion Failed</strong><br /><br />
    

<?php
} 
?>

I cannot figure out why this is not working.

Improve this question
1

5 Answers 5

Reset to default
8

You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:

Replace

<td class="contact-delete">
      <form action='delete.php' method="post">
      <input type="hidden" name="name" value="">
      <input type="submit" name="submit" value="Delete">
      </form>
</td>

With

<td class="contact-delete">
    <form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
        <input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
        <input type="submit" name="submit" value="Delete">
    </form>
</td>
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Oh, but I took on board the other comments and changed 'name' to 'id' :)
Why is the form action changed? Won't adding a hidden input tag suffice? (I used this when the PHP was on the same page). Are things different when sending it to another page? @devang-rathod
2

USe javascript 

<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="&laquo; Back" />

and in delet.php

$id=$_GET['id'];

and put $id in your sql statement.

Improve this answer

Comments

0

You are missing to pass name in this line:

<input type="hidden" name="name" value="">

You need to have something (<?php echo $contact['name']; ?>) in the value attribute.

BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.

Improve this answer

Comments

0 
<input type="hidden" name="name" value="">

You are missing a value which wil be picked up by this line in your delete file.

$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";

Right now it isn't receiving anything, which is why it will not work.

So add a value to it and it will work. Example:

<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
Improve this answer

Comments

0

First, you should not write the code in that way; the code has no protection against SQL injection.

1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).

So, you can create a hidden field to know which 'person' you are dealing with.

<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">

2. Sanitize variables to avoid attacks:

<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;

// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";

}

// redirect to the main table with header("location: main.php");

?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.