0

I have a table that generates a number of rows according to how many rows are in the database, but the submit button is only taking the last row in the table and not the one I selected. Any ideas of what I am doing wrong?

<?php
                $result = mysql_query("SELECT * FROM booking");

                while($row = mysql_fetch_array($result))
                {

                ?>

<form class='table-form' id='form' method='post'>

                    <tr>

                    <input id="bookid" type="hidden" name="bookid" value="<?php echo ($row['booking_id']); ?>" />

                    <td>

                    <input id="bookingid"<?php echo ($row['booking_id']);?>

                    </td>
                    <td>
                        <?php echo ($row['user_id']); ?>
                    </td>
                    <td>
                        <?php echo ($row['event_id']); ?>
                    </td>
                    <td>
                        <?php echo ($row['payment_type']); ?>
                    </td>
                    <td>
                        <?php echo ($row['booking_date']); ?>
                    </td>
                    <td>
                        <button id="cancel" name="cancel" type="submit">Cancel</button>
                    </td>
                </tr>




                <?php
                }
                ?>


                </form>

            </table>
        </div>

        <?php

                if (isset($_POST['bookid'])){

                $bookid = ($_POST['bookid']);

                $result = mysql_query("DELETE FROM booking
                WHERE booking_id = '$bookid'");
                }
?>
Improve this question
8
  • 2
    Deprecated functions are the least of your problems. You are wide open to SQL injection attacks, as your code makes no attempt to escape the data being used in your query. Use prepared/parameterized queries with PDO or similar to avoid this problem entirely. Commented Jan 19, 2014 at 19:12
  • This doesn't really show/explain too much. Could you please tidy your code a bit and add anything else relevant to the question Commented Jan 19, 2014 at 19:12
  • so how are you looping through the sql results? while? foreach? where is the rest of your code? Commented Jan 19, 2014 at 19:15
  • @andrew apologies, added the while in. Commented Jan 19, 2014 at 19:17
  • @user3191346 what will you do when someone enters asdf'; DROP TABLE booking --' as the value for the bookid field using a hijacked version of your form? Commented Jan 19, 2014 at 19:21

2 Answers 2

Reset to default
1

All your inputs have the same name and that name does not end in the characters []. PHP will therefore only accept the last value.

Rename them to include [] at the end of the name if you want them to all be available.

Additionally, you are generating invalid HTML. Browsers may move elements placed in invalid parts of tables so they are outside the table when they try to recover from this type of error. This could cause you more problems. Use a validator to identify the errors, and fix them.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

+1 also my ide is suggesting that forms may not be embedded in tables
@andrew — That's not the only error of that nature, hence the third paragraph of the answer.
Like so? input id="bookid" type="hidden" name="bookid[]" value="<?php echo ($row['booking_id']); ?>" />
Yes. (Although ids must be unique in a document, so you can't use a fixed value for them in a loop).
0

When you have multiple elements with the 'same name' you need to have their names defined in an array like this:

 <input type="hidden" name="bookid[]" value="<?php echo ($row['booking_id']); ?>" />

When you process the form you can read them like this, and treat them like an array:

$bookids = $_POST['bookid'];

foreach($bookids as $eachBookId)
{ do some processing ... }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.