[SOLVED] DELETE - CONFIRMATION DIALOG

sdasilva · April 8, 2009

Hi there,

I am trying to implement a confirmation dialog box before deleting a record in a table that

have.

I created a MYSQL table called manager with columns:

Table manager

managerID

firstName

lastName

Department

I use a while loop to display the records of every manager in the database a "delete this

manager" link next to each record.

If the user clicks the "delete this manager" a html form is called prompting the user if he

wants indeed to delete that manager.

If yes,I get the following error:

Error deleting manager: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2

Here are extracts of my code (manager.php):

<?php

// Connect to the database server.
// Select the trainee_allocation database

  require('connectdatabase.inc.php');

$result = @mysql_query('SELECT managerID,FirstName,LastName,Department FROM manager');
if (!$result) {
   exit('<p>Error performing query: ' .
       mysql_error() . '</p>');
}

while ($row = mysql_fetch_array($result)) {
$managerID = $row['managerID'];
$FirstName = $row['FirstName'];
$LastName = $row['LastName'];

$Department = $row['Department'];

echo "<tr><td>";
echo $managerID;
echo "</td><td>";
   	echo $FirstName;
echo "</td><td>";
echo $LastName;
echo "</td><td>";
echo $Department;
echo "</td><td>";

echo "<a href='delete_manager.php?mGinNo=$mGinNo'>Delete this manager</a>";
echo "</td></tr>";

}//end of while-loop
?>

Extracts of delete_manager.php:

<html>

<p>Are you sure you want to delete this manager?</p>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
   Your choice: <input type="radio" name="choice" value="yes"> Yes <input type="radio" name="choice" value="no" /> No
    <button type="submit">Send</button>
</form>

<?php

// Connect to the database server.
// Select the trainee_allocation database

  require('connectdatabase.inc.php');

if (isset($_POST['choice']) ) {
    switch($_POST['choice']) {
        case 'yes':
            /// Code here

	$mGinNo = $_POST['mGinNo'];

	$sql = "DELETE FROM manager
       			WHERE mGinNo=$mGinNo";

   		if (@mysql_query($sql)) {
    	 	echo '<p>The manager has been deleted.</p>';
  	 	} else {
    	 	echo '<p>Error deleting manager: ' .
     	   	 mysql_error() . '</p>';
   		}
            break;
        case 'no':
            /// Code here

            break;
        default:
            /// Error treatment

            break;
    }
}
else {
    // error treatment
echo "error";
}

?>
</html>

Can anybody have a look and tell me what I am doing wrong?

Thank you.

WolfRage · April 8, 2009

mGinNo is not a column in your database table, therefore SQL has no idea what you are trying to delete. I think you meant managerID.

sdasilva · April 8, 2009

Thank you for the correction.

Where I wrote mGinNo was supposed to managerID.

Can you provide any feedback now with managerID?

regards

PHP Monkeh · April 8, 2009

Are you getting the same error message with managerID in place of mGinNo?

sdasilva · April 8, 2009

Yes, I am getting exactly the same error with managerID.

Dtonlinegames · April 8, 2009

$mGinNo = $_POST['mGinNo'];

I cant find the value for that is. echo it and see if it has a value

also

	
if (@mysql_query($sql)) {...

Take the @ out. There expensive for loading and hides things that are wrong.

sasa · April 8, 2009

in your form you mast have input field named 'mGinNo' with value menagerID

it could be hidden type

sdasilva · April 9, 2009

Hi there,

After getting some help, I managed to get it working.It is working fine,deleting without any problems.

I had to use hidden input in the form and got it working. Thank you everyone for all the input and help.

Here is the code (I decided to use 3 files):

Main file (manager.php):

<?php
//connect to the database

$result = @mysql_query('SELECT managerID,FirstName,LastName,Department FROM manager');
if (!$result) {
   exit('<p>Error performing query: ' .
       mysql_error() . '</p>');
}

while ($row = mysql_fetch_array($result)) {
$managerID = $row['managerID'];
$FirstName = $row['FirstName'];
$LastName = $row['LastName'];

$Department = $row['Department'];

echo "<tr><td>";
echo $managerID;
echo "</td><td>";
   	echo $FirstName;
echo "</td><td>";
echo $LastName;
echo "</td><td>";
echo $Department;
echo "</td><td>";

echo "<a href='delete_manager.php?managerID=$managerID'>Delete this manager</a>";
echo "</td></tr>";

}//end of while-loop
?>

Extracts of delete_manager.php:


<html>

<p>Are you sure you want to delete this manager?</p>

<form action="manager_deleted.php" method="post">
   Your choice: <input type="radio" name="choice" value="yes"> Yes <input type="radio" 

name="choice" value="no" /> No
<input type="hidden" name="managerID"  id="managerID" value="<?php  echo 

$_REQUEST['managerID'];?>">
    <button type="submit">Send</button>
</form>

</html>

Extracts of manager_deleted.php:

<?php

// Connect to the database server.
// Select the trainee_allocation database

  require('connectdatabase.inc.php');

if (isset($_POST['choice']) ) {
    switch($_POST['choice']) {
        case 'yes':
            /// Code here

	$managerID = (int)$_POST['managerID'];

	$sql = "DELETE FROM manager
       			WHERE managerID=$managerID";

   		if (@mysql_query($sql)) {
    	 	echo '<p>The manager has been deleted.</p>';
  	 	} else {
    	 	echo '<p>Error deleting manager: ' .
     	   	 mysql_error() . '</p>';
   		}
            break;
        case 'no':
            /// Code here

            break;
        default:
            /// Error treatment

            break;
    }
}
else {
    // error treatment

}

?>

sasa · April 9, 2009

redarrow · April 9, 2009

Are you sure that it a safe solution your way off deleting a manager.

what i can see , would it be passable for another user, with those writes, to delete other mangers via the mangers id in the url.

just asking.

if security not a issue sorry.

WolfRage · April 9, 2009

In my opion SECURITY is always an issue, so I agree.

sdasilva · April 10, 2009

Hey guys,

since security is an issue!Do you have any better idea? I really did not want to use java script.

amitkpt · April 10, 2009

Change following line

echo "<a href='delete_manager.php?managerID=$managerID'>Delete this manager</a>";

echo "<a href='delete_manager.php?managerID=managerID'>Delete this manager</a>";

In other page put this line on top

@extract($_GET);

Hopefully this will solve your problem.

WolfRage · April 11, 2009

I would recommend building in a secure session handler, that checks the user before allowing them to proceed to this page.

Sign In

[SOLVED] DELETE - CONFIRMATION DIALOG

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information