0

I currently have an upload button that saves all types of files to a MySQL table. I have an exit button that I want to delete the currently uploaded files if clicked. NOTE: all files uploaded on current page has same referenceID so the query is as easy as saying delete all from table where id=id..

Here is the button:

<button type="submit" name="submit" value="exit" style="float:left;
   class="buttonLW" href="https://BACK-LINK">exit
</button>

Here is the PHP delete query (psuedo code):

if ($submitButton === "delete-new") { 

    $query15 ="DELETE * FROM table WHERE id='{$id}'";

}

my question, is the button allowed to use this sort of format? am I allowed to say if ($submitButton === "delete-new") without using a form?

How can I go about deleting the currently saved files with same id after clicking my exit button.

Improve this question
13
  • Sidenote: ID's must be unique, as opposed to a class where elements can each contain the same. Commented Jun 9, 2014 at 14:59
  • all ids are unique, I have 1 table for uploads that corresponds to the main table which is connected through its id. Commented Jun 9, 2014 at 15:02
  • so you can have 1 report with a unique id, but many uploads with that correspond to that id Commented Jun 9, 2014 at 15:03
  • "NOTE: all files uploaded on current page has same ID" why is that? Commented Jun 9, 2014 at 15:04
  • yes, the uploads do indeed have same id, but its more of a referenceid Commented Jun 9, 2014 at 15:05

1 Answer 1

Reset to default
0

Upfront, the style value isn't terminated, you're missing the closing quote ".

If you get $submitButton with

$submitButton = $_POST['submit'];

you can compare it that way, but the value will be exit and not delete-new. So you must rather say

if ($submitButton === 'exit') {
    // ...
}

or change value="exit" to value="delete-new".

Which leads to the next point, the delete statement. The delete statement must look like

delete from mytable WHERE id = '$id'

But don't do it this way, because this is unsafe and invites all sorts of SQL injection. Better use prepared statments, e.g.

delete from mytable WHERE id = ?

and bind $id when you execute the prepared statement.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.