开发者

PHP won't delete from MySQL

问答 作者:

The PHP code won't delete item from database u开发者_开发技巧sing "$noteid". If I put a number in it's place it will, but when I try using "$noteid". It won't do it. It does everything correct up to the point where it tries to delete.

Here's how I get the "$noteid":

//javascript
function viewnote(noteid) {

  window.location = "noteview.php?noteid="  + noteid;

}

//button in body
<input type="button" value="Edit" onclick="editnote('<?= $noteid ?>')" />

Here's the code on the linked to page:

<?php

$noteid = $_REQUEST['noteid'];

if (isset($_POST['delete'])){
 mysql_query("DELETE FROM notes WHERE noteid='$noteid'");
 header ('Location: index2.php');
}
?>

<body>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" style="margin:0px; pading:0px"><input type="submit" name="delete" value="Delete"></form>
</body>

** It's Working Now!!! ** What made it work was a hidden form field.

Here's the code:

<?php
if (isset($_POST['delete'])){
        $nid = $_REQUEST['notenum'];
    mysql_query("DELETE FROM notes WHERE noteid='$nid'");
    header ('Location: index2.php');
}
?>

//body cody
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" style="margin:0px; pading:0px"><input type="text" name="notenum" value="<?php echo $noteid; ?>" style="display:none" /><input type="submit" name="delete" value="Delete"></form>

Thanks to everyone for your help!!! This site is my favourite site now.

You're using a lot of bad practices:

<?= $noteid ?>

That is not supported on all PHP versions, use the following instead:

<?php echo $noteid; ?>

Secondly,

mysql_query("DELETE FROM notes WHERE noteid='$noteid'");

STOP RIGHT THERE. Go learn about SQL injection before coding. I'm not joking. The right code:

mysql_query('DELETE FROM notes WHERE noteid="'.mysql_real_escape_string($noteid).'"');

Also ensure that the PHP variable $noteid does exist prior to onclick="editnote(...)" />.

The problem you have is that $_REQUEST['noteid'] won't be set after the form has posted. In that scenario you could add a hidden form field to store the value from the query string. You also need to look at sanitising your variable with mysql_real_escape_string and using $_GET or $_POST rather than $_REQUEST

Please consider using Binds and Prepared statements. Almost all problems of the from "x from PHP doesn't work right in SQL" can be solved by using prepared statements.

继续阅读:databasephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9