This code is set up on a LAMP stack. I'm having trouble with the Delete page. The Delete function in PHP only works if the entry in the mysql table is a number. I need it to delete the row regardless of the entry. The email field is set up as "varchar(25)" in mysql. I don't define the variables in the code so I don't understand why it is limiting it to numbers.
Here's the page:
<!DOCTYPE HTML>
<html>
<head>
</head>
<body>
<div id="gradientbackground">
<table class="beachpictures" align="center" border="1">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Website</th>
<th>Gender</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php
require 'project_db.php';
mysql_connect("$servername", "$username", "$password")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");
//execute the SQL query and return records
if (!$result = mysql_query("SELECT * FROM $table"))
echo 'mysql error: ' .mysql_error();
//fetch tha data from the database
while ($row = mysql_fetch_array($result)) {
?>
<tr>
<td><?php echo $row['Name']; ?></td>
<td><?php echo $row['Email']; ?></td>
<td><?php echo $row['Website']; ?></td>
<td><?php echo $row['Gender']; ?></td>
<td class="record-delete">
<form action='delete.php?Email="<?php echo $row['Email']; ?>"' method="post">
<input type="hidden" name="Email" value="<?php echo $row['Email']; ?>">
<input type="submit" name="submit" value="Delete">
</form>
</td>
</tr>
<?php }
?>
</tbody>
</table>
<br>
</div>
</body>
</html>
And here's the delete.php File that performs the actual query:
<?php
require 'project_db.php';
mysql_connect("$servername", "$username", "$password")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");
//Define the query
$query = "DELETE FROM $table WHERE Email={$_POST['Email']} LIMIT 1";
//sends the query to delete the entry
mysql_query ($query);
if (mysql_affected_rows() > 0) {
//if it updated
?>
<strong>Record Has Been Deleted</strong><br /><br />
<?php
} else {
//if it failed
?>
<strong>Deletion Failed</strong><br /><br />
<?php
}
?>
You need to add quotes: otherwise, mysql will expect $_POST['email'] to be a number.
Plus, you should switch to PDO or MySQLi, as mysql_* functions are deprecated, and you're opened to SQL injection. So your code should be:
<?php
require 'project_db.php';
$connect = mysqli_connect($servername,$username,$password,$database)or die("cannot connect");
//Define the query
$query = "DELETE FROM $table WHERE Email='".mysqli_real_escape_string($connect,$_POST['Email'])."' LIMIT 1";
//sends the query to delete the entry
$execute = mysqli_query ($connect,$query);
if (mysqli_affected_rows($execute) > 0) {
//if it updated
?>
<strong>Record Has Been Deleted</strong><br /><br />
<?php
} else {
//if it failed
?>
<strong>Deletion Failed</strong><br /><br />
<?php
}
?>