2

I am pulling a list of products from my MYSQL database and using a delete button against each product in case the operator wants to delete the product.

The problem is that every time I hit the delete button on any product in the list, the first element gets deleted.

What's wrong with my code below ?

Products page:

<?php
$link=mysqli_connect("localhost","root","","smartcart");
$prod="select * from products";
$rw=mysqli_query($link,$prod) or die(mysqli_errno()."in query $prod");
$count=1;

while($row=mysqli_fetch_assoc($rw))
{
    echo "<tr>";
    echo "<td>".$count."</td>";
    echo "<td>".$row['prod_id']."</td>";
    echo "<td>".$row['prod_name']."</td>";
    echo "<td>".$row['prod_price']."</td>";
    echo "<td><form action='delete_prod.php' id='delete' method='get'>";
    echo "<input type='hidden' name='prod_id' value='".$row['prod_id']."' />";
    echo "<button type='submit' form = 'delete' class='btn btn-default' name='delete'>Delete</button>";
    echo "</form></td>";
    $count=$count+1;                        
}

mysqli_free_result($rw);
?>

delete_prod.php:

<?php
if(isset($_GET['delete']))
{
    include "connection.php";
    $prod_id=$_REQUEST['prod_id'];
        $del="delete from products where prod_id=$prod_id";
    if (mysqli_query($link,$del))
    {
        echo "Successfully deleted";
        unset($_POST['delete']);
    }
    else
    {
        echo "Delete operation Failed";
    }
    header('location:show_db.php');
}
?>

I think I am terribly missing some simple point, but am unable to get what is it.

Improve this question
5
  • I really hope this is not code on the internet - it's a security incident waiting to happen! NEVER use input from $_GET, $_POST or $_REQUEST directly! Clean it first, even if you're sure it's ok! Commented Oct 31, 2014 at 9:02
  • are you getting $_REQUEST['prod_id'] on delete_prod.php? and have you any error? Commented Oct 31, 2014 at 9:03
  • It's supposed to be used on a local machine. Never on internet. Commented Oct 31, 2014 at 9:04
  • Yes, I am getting $_REQUEST['prod_id'], but it is the ID of the first product, not of the one which I want to delete. No, no error. Commented Oct 31, 2014 at 9:05
  • There are several products listed on the page, and each one will have a delete button against it, with a hidden input field that carries the prod_id of the product. When I hit the delete button, this particular prod_id is supposed to be carried to the delete_prod.php page. But instead, the prod_id of the first product listed is carried. Commented Oct 31, 2014 at 9:08

3 Answers 3

Reset to default
5

Most likely because you setup the id="delete". Usually id attribute values are not duplicated.

echo "<td><form action='delete_prod.php' id='delete' method='get'>";
echo "<button type='submit' form = 'delete' class='btn btn-default' name='delete'>Delete</button>";

The submit button gets the first ID and thus getting the first hidden input.

Alternatively, you could devise your button like this and serve as your marker:

No need to print each form!. Just wrap it with the table:

echo "<form action='delete_prod.php' id='delete' method='get'>";

echo '<table>';
while($row = mysqli_fetch_assoc($result)) {
    $prod_id = $row['prod_id'];
    echo "<tr>";
        echo "<td>".$count."</td>";
        echo "<td>".$row['prod_id']."</td>";
        echo "<td>".$row['prod_name']."</td>";
        echo "<td>".$row['prod_price']."</td>";
        echo "<td>";
        // each id is assigned to each button, so that when its submitted you get the designated id, the one that you clicked
        echo "<button type='submit' value='$prod_id' class='btn btn-default' name='delete'>Delete</button>";
        echo "</td>";
    echo '</tr>';
}

echo '</table>';
echo '</form>';

Then in PHP processing:

if(isset($_GET['delete'])) // as usual
{
    include "connection.php";
    $prod_id = $_GET['delete']; // get the id
    // USE PREPARED STATEMENTS!!!
    $del="DELETE FROM products WHERE prod_id = ?";
    $delete = $link->prepare($del);
    $delete->bind_param('i', $prod_id);
    $delete->execute();
    // don't echo anything else, because you're going to use header
    if($delete->affected_rows > 0) {
        header('location:show_db.php');
    } else {
        echo 'Sorry delete did not push thru!';
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I haven't tried wrapping the table in the form yet. Removing form='id' from the button worked. Also, I am not yet adept with the object oriented form that you suggested, but I'll definitely try it out. Can you please explain why form='id' was causing the error?
And shouldn't $_GET['prod_id'] should now be $_GET['delete'], since you have ow assigned the value to the button, whose name is delete?
@user3736335 yes that a typo sorry about that, i revised the wrong indexing
@user3736335 yes, thats the problem, the problem is with that id, what happens is that your button is designated to work with the form with an id of id="delete". and your markup, as you loop, will be duplicated obviously. then what happens is that when you click the delete button, it gets the first form which has an id delete, then it gets the first, thus only pointing to that first hidden input
@user3736335 i also suggest adapting to that object oriented interface of mysqli, so that you won't need to also feed that $link to those functions that needed it. and never never directly inject user input variables in the query string. also use prepared statements
-1

Check prod_id is auto incrementing properly or not in your table. Another thing is as your form is in loop the id for all forms will be duplicated. So each time it is submitting first form, thats why only first product is deleted from your record.

Improve this answer

3 Comments

It will submit the form whose button is clicked, not the first form.
Use 'View Page Source' you will find each form have same id. Though you are clicking on last form but it will call to form whose id matches first.
You can try this code - echo "<td><form action='delete_prod.php' id='delete-".$row['prod_id']."' method='get'>"; echo "<input type='hidden' name='prod_id' value='".$row['prod_id']."' />"; echo "<button type='submit' form = 'delete-".$row['prod_id']."' class='btn btn-default' name='delete'>Delete</button>"; echo "</form></td>";
-1 
$link=mysqli_connect("localhost","root","","smartcart");
    $prod="select * from products";
    $rw=mysqli_query($link,$prod) or die(mysqli_errno()."in query $prod");
    $count=1;
    while($row=mysqli_fetch_assoc($rw))
    {
        echo "<tr>";
        echo "<td>".$count."</td>";
        echo "<td>".$row['prod_id']."</td>";
        echo "<td>".$row['prod_name']."</td>";
        echo "<td>".$row['prod_price']."</td>";
        echo "<td><form action='delete_prod.php'  method='get'>";
        echo "<input type='hidden' name='prod_id' value='".$row['prod_id']."' />";
        echo "<input type='submit' value='Delete' class='btn btn-default' name='delete'/>";
        echo "</form></td>";
        $count=$count+1;                        
    }

for delete action code in delete_prod.php

     if(isset($_GET['delete']))
{
    include "connection.php";
    $prod_id=$_REQUEST['prod_id'];
        $del="delete from products where prod_id=$prod_id";
    if (mysqli_query($link,$del))
    {
        echo "Successfully deleted";
        unset($_GET['delete']);
    }
    else
    {
        echo "Delete operation Failed";
    }
    header('location:show_db.php');
}

try this...

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.