I am trying a trivial PHP assignement. I am running my own SQL server locally and I have created a DB on it called student. This database contains many tables. One of them is called announcement. The fields of this table are id, date, subject, text.
I am asked to display those announcements to a user that has the authority to delete and/or modify those entries of the DB. Each entry needs to be seperated from the next one and each entry has to have it's own Delete and Edit button. New entries can also be added to the database so the # of entries currently on the DB is not known.
So far I have done something like this:
<?php
$db = mysql_connect("localhost", "root", "");
mysql_select_db("student",$db);
mysql_set_charset('utf8',$db);
$result = mysql_query("SELECT * FROM announcement",$db);
$announcementID = 1;
WHILE($myrow = mysql_fetch_array($result))
{
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\"><input type=\"submit\" name=\"Edit\" value=\"Edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
$announcementID=$announcementID+1;
echo '<br><hr />';
}
?>
This is a part of a larger php file that displays a webpage with the entries properly formatted.
Although I do create the separate buttons needed for each distinct announcement I do not think this can work out since I can't create an ActionListener (forgive me but I do not know how this is called in PHP) for those buttons and I am not even sure it is possible considering that all of those buttons will have the same name. Any workaround?
For PHP to be able to indetify that the user has clicked the button, you would need to surround the each row of inputs. I've improved your code a little, as we need to pass over the ID of the announcement to the delete-record.php script for it to be able to identify which record to delete from the table.
$db = mysql_connect("localhost", "root", "");
mysql_select_db("student",$db);
mysql_set_charset('utf8',$db);
$result = mysql_query("SELECT * FROM announcement",$db);
while($myrow = mysql_fetch_array($result))
{
echo '<form action="delete-record.php" method="POST">';
echo '<input type="hidden" name="id" value="' . $myrow["id"] . '">';
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"delete\" value=\"delete\"><input type=\"submit\" name=\"edit\" value=\"edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
echo '<br><hr />';
echo "</form>";
}
And then in the delete-record.php you can go with this:
if(isset($_POST['id'], $_POST['delete'])) {
$announcementid = $_POST['id'];
mysql_query("DELETE FROM announcement WHERE id = $announcementid");
}
For future reference, instead of using $announcementID = $announcementID+1; you can simply use the post-incremental operator $announcementID++;
I also suggest you to read up on MySQLi or PDO's prepared statements to secure yourself against SQL Injections and other SQL vulnerabilities.
Create a form around each row with a Delete button
WHILE($myrow = mysql_fetch_array($result))
{
echo "<form method='post' action='delete-record.php'>";
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\"><input type=\"submit\" name=\"Edit\" value=\"Edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
echo "<input type='hidden' name='formID' value='$announcementID' />";
echo "<input type='submit' value='Delete row'/>";
echo "</form>";
echo '<br><hr>';
$announcementID=$announcementID+1;
}
Then in delete-record.php:
<?php
if(isset($_POST['formID'])){
// Delete record query here
}
...
Make javascript redirection to delete script.
WHILE($myrow = mysql_fetch_array($result))
{
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\" onClick=\"window.location='delete_announcement.php?announcemenID=".$announcementID."';\">"
echo "<input type=\"submit\" name=\"Edit\" value=\"Edit\" onClick=\"window.location='edit_announcement.php?announcemenID=".$announcementID."';\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
$announcementID=$announcementID+1;
echo '<br><hr />';
}
And delete_announcement.php connect to the DB and do
mysql_query("DELETE FROM announcement WHERE announcemenID=" . $_REQUEST["announcemenID"],$db);
Don't forget to make sure that $_REQUEST["announcemenID"] only hold integers.
For edit you will need to create separate page edit_announcement.php with all the fields editable.