0

I will have to mention first that I have searched for a Google and stackoverflow and anywhere else, as well as tried to use scripts given in forums and write my own ones, but nothing worked for me. I am completely stuck.

So, all I try to do is to write a script that will delete checked rows from MySQL table. Here is my HTML written inside of a PHP file: 

<tr class="noP">
  <td class="check"><input class="checkbox" name="checkbox[]" type="checkbox" value="'.$row["PID"].'"/></td>
  <td class="id">'.$row['PID'].'</th>
  <td>'.$row["name"].'</th>
  <td>'.$row["surname"].'</th>
  <td>'.$row["pcode"].'</th>
  <td class="address">'.$row["address"].'</th>
  <td class="email">'.$row["email"].'</th>
  <td>'.$row["phone"].'</th>
  <td class="education">'.$row["education"].'</th>
  <td class="remarks">'.$row["remarks"].'</th>
</tr>

for here $row = mysql_fetch_assoc($qParts);, so this array is just a collector of field values from MySQL DB.

Basically, all I try to do is just a table with all the participants listed with ability to delete selected ones.

I would highly appreciate any help provided. Thank you!

Improve this question
5
  • 1
    Can you check what will happen with my super awesome remark: $row["remarks"] = '<script>alert("xss yo");</script>'; Commented Sep 16, 2013 at 22:25
  • If I did not have something like mysql_real_escape_string() and similar, it would gave me the simple alert message. Very funny Commented Sep 16, 2013 at 22:29
  • @ArtemUshakov - you want htmlspecialchars() for that. Commented Sep 16, 2013 at 22:31
  • uhhhm yeah. don't use mres for that.... Commented Sep 16, 2013 at 22:31
  • Yes, I guess I have specialchars(). It all is in my function in another file, so I don't really remember :) Commented Sep 16, 2013 at 22:33

2 Answers 2

Reset to default
2

This should help you:

foreach($_REQUEST['checkbox'] as $val)
    $delIds = intval($val);

$delSql = implode($delIds, ",");

mysql_query("DELETE FROM table WHERE PID IN ($delSql)");

So, that takes your input array from $_GET/$_POST, sanitises it (a little), then implodes it to get a list of IDs (e.g. 5, 7, 9, 13). It then feeds that into an SQL statement, matching on those IDs using the IN operator.

Note that you should do this using prepared statements or similar. It's been a while though, so I can't write them off-hand, but this should give you the gist of it.

To do this using PDO, have a look here. It's a bit more complex, since you need to dynamically create the placeholders, but it should then work the same.

Reference - frequently asked questions about PDO

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I think I can help you out. I had the same issue during my semester project. The problem can be solved using HTML and PHP alone.

I am assuming that PID is the primary key in your table. The trick here is to put the entire table in a form so that it looks like this:

      <form action="/*NAME OF THIS PAGE HERE*/.php" method="POST">

                       <?php

     if(isset($_POST['delete']))   //THE NAME OF THE BUTTON IS delete. 
    {
       foreach ($_POST["checkbox"] as $id){
       $de1 = "DELETE FROM //table-name WHERE PID='$id'";
       if(mysqli_query($conn, $de1))
       echo "<b>Deletion Successful. </b>";
       else
       echo "ERROR: Could not execute";
       }
    }
        if(isset($_POST['delete'])){
            echo"<b>Please make a selection to complete this operation.</b>";
        }

    ?>
    </br>


<!-- below you will see that I had placed an image as the delete button and stated its styles -->

                              <button type="submit" name="delete" value="delete" style="float:right;border:none; background:none;">
                              <img style="width:55px; height:55px;margin-left:10px; margin-bottom:6px; float:left;" src="images/del.png">
                              </button>


                                    <table>
                                <thead>
                                    <tr>
                                        <th>#</th>
                                        <th>PID</th>
                                        <th>NAME</th>
                                        <th>SURNAME</th>
                                        <!--REST OF THE TABLE HEADINGS HERE -->
                                    </tr>
                                    <?php $fqn="SELECT * FROM //table-name here;
                                    $fqn_run=mysqli_query($conn,$fqn);
                                    while($row=mysqli_fetch_array($fqn_run)):?>
                                </thead>
                                <tbody>
                                    <tr class="noP">
  <td class="check"><input class="checkbox" name="checkbox[]" type="checkbox" value="<?php echo $row["PID"];?>"></td>
  <td><?php echo $row['PID'];?></td>
  <td><?php echo $row["name"];?></td>
  <td><?php echo $row["surname"];?></td>
  <!-- REST OF THE ROWS HERE -->
</tr><?php endwhile;?>
                                </tbody>
                            </table>
    </div>
    </div>      

    </form>

Hope this helps you.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.