<?php
$query= mysqli_query($link, "SELECT * FROM Messages");
while ($row=mysqli_fetch_assoc($query)){
$MID= $row['mesgID'];
?>
<br><br><br><center><caption><?php echo "The <strong>".$row['type']."</strong> ID: ".$row['mesgID']; ?></caption></center>
<center><table border='4'; style="border-color:darkblue;">
<tr>
<td style="width:70%; text-align:left;"><?php echo "<strong>From: </strong>".$row['email']."<br><strong>About: </strong>".$row['areaCode']; ?></td>
</tr>
<tr>
<td style="width:70%; text-align:center;"><?php echo "<strong>Message content</strong><br><br>".$row['message']."<br>"; ?></td>
</tr>
</table></center>
<form action="ContactCleanersManagementStaffSide.php" method="post">
<center>
<input class="button button3" type="submit" name="<?php echo $MID; ?>"value="DELETE" id="submit"/></center>
</form>
<br><br>
<?php
}
if(isset($_POST[$MID])){
$query = mysqli_query($link, "DELETE FROM Messages WHERE mesgID='$MID'");
}
?>
I create "delete" button with unique name for each button, but when i clicks any button -except the last button- it's not deleting, but when i click the lats button, it's deleted seccessfully.
Instead of using id as name attriute of button, i will ask you to create a hidden filed with name="mesgID" and value="<?php echo $row['mesgID']; ?>" like below:
<?php
$query= mysqli_query($link, "SELECT * FROM Messages");
while ($row=mysqli_fetch_assoc($query)){
?>
<br>
<br>
<br>
<center>
<caption><?php echo "The <strong>".$row['type']."</strong> ID: ".$row['mesgID']; ?></caption>
</center>
<center>
<table border='4'; style="border-color:darkblue;">
<tr>
<td style="width:70%; text-align:left;">
<?php echo "<strong>From: </strong>".$row['email']."<br><strong>About: </strong>".$row['areaCode']; ?>
</td>
</tr>
<tr>
<td style="width:70%; text-align:center;">
<?php echo "<strong>Message content</strong><br><br>".$row['message']."<br>"; ?>
</td>
</tr>
</table>
</center>
<form method="post">
<input type="hidden" name="mesgID" value="<?php echo $row['mesgID']; ?>">
<center>
<input class="button button3" type="submit" name="Delete" value="DELETE" id="submit"/>
</center>
</form>
<br>
<br>
<?php }
if(isset($_POST['mesgID'])){
$query=mysqli_query($link, "DELETE FROM Messages WHERE mesgID=".$_POST['mesgID']);
}
?>
Note:- Current code is wide-open for SQL INJECTION so use prepared statements
Additional Note: A 'quick' fix [only] for SQL Injection is to force type casting to integer for numeric id values.
$query=mysqli_query($link, "DELETE FROM Messages WHERE mesgID=".(int)$_POST['mesgID']);
The above is NOT a replacement for leveling up to parameterised Queries.
References:-
It's a bad idea to directly insert the received id from POST in the statement (creates SQL injection vulnerability, you can read about SQLi's here https://www.acunetix.com/websitesecurity/sql-injection/)
I would check whether id was passed and perform the delete query before selecting and echo'ing all messages, as you would always include the message even though it was deleted (because it is being deleted afterwards).
You should add a hidden input field with name 'messageId' and pass the id as a value, then add the submit button afterwards to submit the form with the hidden value -
<form method="post">
<input type="hidden" name="messageId" value="<?= $row['mesgID']; ?>">
<center>
<input class="button button3" type="submit" value="DELETE" id="submit"/>
</center>
</form>
And in the beginning of code receive the POSTed 'messageId' variable by
if (isset($_POST['messageId'])){
$stmt = $conn->prepare("DELETE FROM Messages WHERE mesgID = ?");
$stmt->bind_param("i", $_POST['messageId']);
$stmt->execute();
}