I have a simple MS Access database to insert a single-column row. Here is the page:
<!DOCTYPE html>
<html>
<head>
<title>Bell Sistemas - Site de Atividades Teste em PHP</title>
</head>
<?php
include "session.php";
include "header.php";
include "connectSQL.php";
echo "<br><form action='' method='POST'><table align='center'>
<tr><th align='left'>Atividade: <br><input type='text' name='activity'></th></tr>
<tr><th align='left'><input type='submit' name='Cadastrar2' value='Cadastrar'></th></tr></table></form>";
$activity = $_POST['activity'];
if(isset($_POST['Cadastrar2'])) {
if($activity==''){
echo "O campo está vazio.";
}
else{
$sql = "Insert Into Atividades(Atividade) VALUES('$activity')";
$result = $db->query($sql);
echo "Atividade inserida.";
//header("Location: ./menu.php"); /* Redirect browser */
//exit();
}}
?>
<?php
$sql = "SELECT CdAtividade, Atividade FROM Atividades ORDER BY Atividade";
$result = $db->query($sql);
echo "
<hr>";
echo "<table align='center'><tr><th align='left'>Atividade</th></tr>";
while ($row = $result->fetch()) {
echo "<tr><td align='left' width='250'>".$row['Atividade']."</td><td width='75'>Editar</td><td><a href='delete_atividade.php?CdAtividade=".$row['CdAtividade']."'>Excluir</a></td></tr>";
}
echo "</table>";
?>
<?php
include "footer.php";
include "tableConfig.php";
?>
</body>
</html>
And I configured the delete_atividade.php like this:
<?php
// connect to the database
include "session.php";
include "connectSQL.php";
// get id value
$cdatividade = $row['CdAtividade'];
// delete the entry
$sql = "DELETE FROM Atividades WHERE CdAtividade='$cdatividade'";
$result = $db->query($sql);
// redirect back to the view page
if($result){
header("Location: atividades.php");
}
else
// if id isn't set, or isn't valid, redirect back to view page
{
header("Location: atividades.php");
}
?>
However, when I click to delete a row, it does not delete it. Have I forgot something?
I appreciate anyone who can help me.
I'm not sure that this will be the final solution, but for starters:
$cdatividade = $row['CdAtividade'];
The $row variable doesn't exist in this file. You're passing on the query string, so it should be:
$cdatividade = $_GET['CdAtividade'];
Also, generally speaking for numeric values it's not necessary to surround in quotes, so your current delete statement:
$sql = "DELETE FROM Atividades WHERE CdAtividade='$cdatividade'";
...could be rewritten as:
$sql = "DELETE FROM Atividades WHERE CdAtividade=$cdatividade";
Finally, it's worth noting as Marc B did that your current query is susceptible to SQL Injection attacks like the following:
http://yourdomain.com/delete_atividade.php?CdAtividade=0;DROP TABLE Atividade;
Will result in your SQL looking like this:
DELETE FROM Atividades WHERE CdAtividade=0;DROP TABLE Atividades;
When executed, your table will be dropped, and that's no fun.