1

I need to delete a record, in this case a categories from my forum, from the database based on its id.

<?php
    if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
    {
?>
    <td>
        <form method="post">
            <input type="hidden" value="<?= ['cat_id']; ?>">
            <input type="submit" name="submit" value="Remover" />
        </form>
    <?php
        if(isset($_POST['submit']))
        {
            mysql_query("DELETE FROM categories where cat_id = 'cat_id'");
        }
    ?>
    </td>
<?php
}
?>

i cant get a "good" way to do it... :(

EDIT: This is for a programming lesson not a real forum!!

Improve this question
3
  • cat_id should be a PHP variable. Commented Mar 20, 2014 at 12:17
  • whats the value in input type hidden, m sure its not a variable. Commented Mar 20, 2014 at 12:18
  • you might want to describe your problem in more detail. i.e. "It does not delete" or "an error message is shown" and so on ... Commented Mar 20, 2014 at 12:18

2 Answers 2

Reset to default
1

Your HTML Input Field needs a name so it can be identified by your PHP. Then, in your Code Block where you attempt to delete the category, you need to acces the category id using the $_POST array.

Another thig you want to do is read up onj the dangers of SQL injections. If you're just playing around with PHP and MySQL at the moment: Go Ahead. But if you actually want to develop, maybe you should read up on a few other things as well, even if it seems like overkill at first: PHP The Right Way.

Nontheless, try this:

    <?php
        if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
        {
    ?>
        <td>
            <form method="post">
                <input type="hidden" name="hid_catid" id="hid_catid" value="<?php  echo $cat_id; ?>">
                <input type="submit" name="submit" value="Remover" />
            </form>
        <?php
            if(isset($_POST['submit']))
            {
                
$query = "DELETE FROM categories where cat_id = '".(int)$_POST['hid_catid']."'";
mysql_query($query);
            }
        ?>
        </td>
    <?php
    }
    ?>

--> hidden field should have name and id to use

-- Thanks

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

What about injection? Deprecated functions?
Rather unlikely that value="<?= ['cat_id']; ?>" will work. a) using <?= is not recommended and b) what's ['cat_id']. And even worse: this code is prone to sql injections.
sorry, still prone to sql injections. see php.net/manual/en/security.database.sql-injection.php
And you should be telling the OP to stop using deprecated functions, just use (int)$_POST['hid_catid'] this will protect from SQL injection in this case
i did echo the query the only thing that it showed my was "1", thats all, still dont know why the record isnt deleted...
|
0

Your hidden input field needs a name to be accessable after the post. Also I am not sure if ['cat_id'] is the correcty way to reference this variable. Where does it come from?

<form method="post">
    <input type="hidden" name="cat_id" value="<?= $cat_id ?>">
    <input type="submit" name="submit" value="Remover" />
</form>

Then your query has to look like this to correctly grab the id from the post.

mysql_query("DELETE FROM categories where cat_id = " . mysql_real_escape_string($_POST['cat_id']));
Improve this answer

1 Comment

where cat_id = " . $_POST['cat_id']: prone to sql injections.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.