I have a database with some rows of data that display on a webpage. Now, I am looking for a way to link each 'ID' field in mysql to a button so that when the button is clicked, a php script will run that deletes the row of mysql information associated with that ID.
I know this is incorrect but I think its close. Just don't know about the php portion inside the id tag. Help?
<form action="remove.php" method="post">
<input type="submit" value="Remove Entry" id="<?php $row['id'] ?>" />
</form>
Am I even on the right path? Would remove.php look like...
<?php
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if($conn === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "DELETE from newcars (stock, year, make, model, trim)
WHERE ('$_POST[id] = $row[id]');
if(mysqli_query($conn, $sql)){
echo "Records deleted successfully.";
}
else {
echo "ERROR: Could not execute $sql. " . mysqli_error($link);
}
mysql_close($conn)
?>
Any help would be greatly appreciated. Thank you!
HTML:
<form action="remove.php" method="post">
<input type="hidden" name="id" value="<?php echo (int)$row['id']; ?>">
<input type="submit" value="Remove Entry" />
</form>
You want to pass the ID in a form element, NOT with the submit button.
The PHP would look like this - and this is more secure than your original code as it uses prepared statements.
<?php
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if($conn === false) {
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$stmt = $conn->prepare("DELETE FROM newcars WHERE id = ?");
// prepare() can fail because of syntax errors, missing privileges, ....
if(false === $stmt) {
// and since all the following operations need a valid/ready statement object
// it doesn't make sense to go on
// you might want to use a more sophisticated mechanism than die()
// but's it's only an example
die('prepare() failed: ' . htmlspecialchars($mysqli->error));
}
$rc = $stmt->bind_param('i', $_POST['id']);
// bind_param() can fail because the number of parameter doesn't match the placeholders in the statement
// or there's a type conflict(?), or ....
if(false === $rc) {
// again execute() is useless if you can't bind the parameters. Bail out somehow.
die('bind_param() failed: ' . htmlspecialchars($stmt->error));
}
$rc = $stmt->execute();
// execute() can fail for various reasons. And may it be as stupid as someone tripping over the network cable
// 2006 "server gone away" is always an option
if(false === $rc) {
die('execute() failed: ' . htmlspecialchars($stmt->error));
}
$stmt->close();
//redirect page back to view page
?>
If you want your Id be posted, it should be like this:
<form action="remove.php" method="post">
<input type="hidden" name="id" value="<?php echo (int)$row['id']; ?>">
<input type="submit" value="Remove Entry" />
</form>
Post a hidden field with the name id and the value $row['id'].
And you should take care of the comments above to avoid mysql-injection in your php.