1

I am trying to delete multiple values from my form (its a car rental system, where I want to give the staff the ability to delete a car from the record). I am new to PHP but this is what I have right now.

<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");

    $query = "SELECT * from car";
    $result = mysql_query ($query);
    echo ("<form action=\"deleting2.php\" method=\"GET\">");
    echo "<table id = 'table-3'>";
    echo "<thead>";
    echo "<th>Car ID</th>
    <th>Car Name</th>
    <th>Fuel Type</th>
    <th>Transmission</th>
    <th>Engine Size</th>
    <th>Doors</th>
    <th>Total</th>
    <th>Available</th>
    <th>Date Added</th>
    <th>Delete</th> ";
    echo "</thead>";
    for ($i = 0; $i < mysql_num_rows ($result); $i ++)
      {        
       $row = mysql_fetch_object ($result);
       echo "<tbody>";
       echo "<tr>";
       echo "<td>$row->ID</td>";
       echo "<td>$row->CARNAME</td>";
       echo "<td>$row->FUELTYPE</td>";
       echo "<td>$row->TRANSMISSION</td>";
       echo "<td>$row->ENGINE_SIZE</td>";
       echo "<td>$row->DOORS</td>";
       echo "<td>$row->TOTAL</td>";
       echo "<td>$row->AVAILABLE</td>";
       echo "<td>$row->DATEADDED</td>";
       echo "<td><input type='checkbox' name='delete[]' value='$row->ID' /></td>";
       echo "</tr>";
       echo "</tbody>";
      }
      echo ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Delete  \"></td> </tr></table></form>");
      echo  "</table>";
      mysql_close ($link);
      ?>

Now,when I do press the delete button, it goes to my php page called 'deleting2.php' as mentioned in the form action, which has the following code:

<?php
$link = mysql_connect ("xxxx", "xxxx", "xxxx");
mysql_select_db ("xxxx");

$ID='$_GET[ID]';

// DELETE ANY RECORDS IN DATABASE
for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
   $query=("DELETE FROM car WHERE ID='$_POST[ID]'");
    $result1 = mysql_query($query);
}
}
mysql_close ($link);

?>

The problem is, it is NOT deleting anything from the my database. The URL in the address bar when the deleting2.php is being processed, is:

http://www.computing.northampton.ac.uk/~11430900/a1/webpages/deleting2.php?delete[]=6

Which according to my knowledge, selects the values that were ticket. Here, I had checked the box, which had a corresponding ID value of 6. So, check-box DOES work, it just does not do anything to the database, does not delete the value. I have tried many tutorials but I can't delete it using check-boxes. Any help would be much appreciated.

Improve this question
2
  • 1
    $ID='$_GET[ID]'; and DELETE FROM car WHERE ID='$_POST[ID]'; use GET or POST not both Commented Dec 10, 2012 at 13:36
  • Please have a look at some articles about mysql injection en.wikipedia.org/wiki/SQL_injection Commented Dec 10, 2012 at 13:38

3 Answers 3

Reset to default
1

You don't need to itrate through following loop as mentioned in your question

for ($i = 0; $i < @mysql_num_rows ($result); $i ++)
{
if(isset($_GET['delete[]']) && $_GET['delete[]']=='$row->ID');
{
   $query=("DELETE FROM car WHERE ID='$_POST[ID]'");
    $result1 = mysql_query($query);
}
}
mysql_close ($link);

just to the following.

change your form method to POST.

use the following code. implode is necessary as $_POST['delete'] will be an array

if(isset($_POST['delete']) && count($_POST['delete']) > 0) {
    $query=("DELETE FROM car WHERE ID in ('".implode(',',$_POST['delete'])."')");
    $result1 = mysql_query($query);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Your data needs sanitizing but this should be Ok if you expect the ID to be a number:

$id = (int)$_GET['ID'];    
$query=("DELETE FROM car WHERE ID=$id");

You really need to look at the rest of your code for SQL injection attacks.

Improve this answer

1 Comment

will look into sql injection. As I said I am new to this, gonna try it out. Thank you :)
0

First of all, be very carefull when implementing a database entries deletion as You could end up with empty database.

Secondly, always sanitize Your input to prevent SQL Injection.

Thirdly, learn PDO or at least mysqli_* functions instead of mysql_ as they are deprecated now and could be removed with any next PHP release.

Now, to Your problem, You are setting the ID values into a delete[] array value, that means You should do this:

// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
    $result = mysql_query("DELETE FROM car WHERE ID = '" . mysql_real_escape_string($id) . "'");
    // do something with the $result here ...
}

Other option could be to expect only integers:

// DELETE THE DESIRED RECORDS IN DATABASE
foreach($_GET['delete'] as $id) {
    $result = mysql_query("DELETE FROM car WHERE ID = '" . (int)$id . "'");
    // do something with the $result here ...
}
Improve this answer

3 Comments

i AM trying all suggestion, but its still not deleting.
ok it WORKED! the working script is this: <?php $link = mysql_connect ("xxxx", "xxxx", "xxxx"); mysql_select_db ("xxxx"); $ID='$_GET[ID]'; // DELETE ANY RECORDS IN DATABASE foreach($_GET['delete'] as $id) { $result = mysql_query("DELETE FROM car WHERE ID = '" . mysql_real_escape_string($id) . "'"); } mysql_close ($link); header("location: list_logged.php"); ?>
@GauravRavindra Glad I could help. Now accept the answer if Your problem is solved, please.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.