0

I am trying to generate a delete button in my PHP which will delete a row from the database on click. I would also like to throw a confirmation message via Javascript within this link but can't seem to figure out how to structure the code.

Here is what I have so far:

echo "<td class='delete'><a href='?page=db&amp;delete=".$row->id."' onclick='return confirm('are you sure?')'>Delete</a></td>";

I am guessing the reason this isn't working is due to the double/single quotes. Can anyone tell me how I would format this properly? Thank you.

Improve this question
4
  • 6
    Are you sure you want to delete things with a link? Commented Aug 28, 2014 at 15:26
  • 1
    Tip: Check the source code of the page that is generated by PHP so you can narrow down your problem (both now and with future problems). If the string is being mangled by PHP, then you need to adjust your PHP code - if not then the javascript/html itself isn't running as expected, and you can take PHP out of the equation entirely. Commented Aug 28, 2014 at 15:26
  • 1
    @Don'tPanic, Don't panic, deleting is fun! Commented Aug 28, 2014 at 15:27
  • 2
    REALLY look into CSRF protection Commented Aug 28, 2014 at 15:27

2 Answers 2

Reset to default
5

You can either use:

  • Double quotes (which would have to be escaped for PHP)
  • Character references for single quotes
  • Character references for double quotes

Such

onclick='return confirm(\"are you sure?\")'>

That said, I'd rewrite this to not have JavaScript nested inside HTML inside PHP inside HTML since that just becomes horrible to try to track.

<td class='delete'>
   <a href="?page=db&amp;delete=<?php echo $row->id; ?>" 
      class="delete">Delete</a>
</td>

and then, using jQuery because it is convenient for this kind of event binding: 

<script>
    jQuery("a.delete").on('click', function (evt) {
        if (! confirm('are you sure?')) {
            evt.preventDefault();
        }
    });
</script>

Since you shouldn't do unsafe operations using a GET request, I'd even go a step further and use a form.

<td class='delete'>
   <form method="post">
       <input type="hidden" name="page" value="db">
       <button name="delete" value="<?php echo $row->id; ?>">
           Delete
       </button>
   </form>
</td>

<script>
    jQuery("td.delete > form").on('submit', function (evt) {
        if (! confirm('are you sure?')) {
            evt.preventDefault();
        }
    });
</script>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Perfect, thank you for the detailed explanation and alternate method.
1

You can try this

echo '<td class="delete"><a href="?page=db&amp;delete='.$row->id.'" onclick="return confirm(\'are you sure?\')">Delete</a> </td>';
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.