sdasilva Posted April 8, 2009 Share Posted April 8, 2009 Hi there, I am trying to implement a confirmation dialog box before deleting a record in a table that have. I created a MYSQL table called manager with columns: Table manager managerID firstName lastName Department I use a while loop to display the records of every manager in the database a "delete this manager" link next to each record. If the user clicks the "delete this manager" a html form is called prompting the user if he wants indeed to delete that manager. If yes,I get the following error: Error deleting manager: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 Here are extracts of my code (manager.php): <?php // Connect to the database server. // Select the trainee_allocation database require('connectdatabase.inc.php'); $result = @mysql_query('SELECT managerID,FirstName,LastName,Department FROM manager'); if (!$result) { exit('<p>Error performing query: ' . mysql_error() . '</p>'); } while ($row = mysql_fetch_array($result)) { $managerID = $row['managerID']; $FirstName = $row['FirstName']; $LastName = $row['LastName']; $Department = $row['Department']; echo "<tr><td>"; echo $managerID; echo "</td><td>"; echo $FirstName; echo "</td><td>"; echo $LastName; echo "</td><td>"; echo $Department; echo "</td><td>"; echo "<a href='delete_manager.php?mGinNo=$mGinNo'>Delete this manager</a>"; echo "</td></tr>"; }//end of while-loop ?> Extracts of delete_manager.php: <html> <p>Are you sure you want to delete this manager?</p> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Your choice: <input type="radio" name="choice" value="yes"> Yes <input type="radio" name="choice" value="no" /> No <button type="submit">Send</button> </form> <?php // Connect to the database server. // Select the trainee_allocation database require('connectdatabase.inc.php'); if (isset($_POST['choice']) ) { switch($_POST['choice']) { case 'yes': /// Code here $mGinNo = $_POST['mGinNo']; $sql = "DELETE FROM manager WHERE mGinNo=$mGinNo"; if (@mysql_query($sql)) { echo '<p>The manager has been deleted.</p>'; } else { echo '<p>Error deleting manager: ' . mysql_error() . '</p>'; } break; case 'no': /// Code here break; default: /// Error treatment break; } } else { // error treatment echo "error"; } ?> </html> Can anybody have a look and tell me what I am doing wrong? Thank you. Quote Link to comment Share on other sites More sharing options...
WolfRage Posted April 8, 2009 Share Posted April 8, 2009 mGinNo is not a column in your database table, therefore SQL has no idea what you are trying to delete. I think you meant managerID. Quote Link to comment Share on other sites More sharing options...
sdasilva Posted April 8, 2009 Author Share Posted April 8, 2009 Thank you for the correction. Where I wrote mGinNo was supposed to managerID. Can you provide any feedback now with managerID? regards Quote Link to comment Share on other sites More sharing options...
PHP Monkeh Posted April 8, 2009 Share Posted April 8, 2009 Are you getting the same error message with managerID in place of mGinNo? Quote Link to comment Share on other sites More sharing options...
sdasilva Posted April 8, 2009 Author Share Posted April 8, 2009 Yes, I am getting exactly the same error with managerID. Quote Link to comment Share on other sites More sharing options...
Dtonlinegames Posted April 8, 2009 Share Posted April 8, 2009 $mGinNo = $_POST['mGinNo']; I cant find the value for that is. echo it and see if it has a value also if (@mysql_query($sql)) {... Take the @ out. There expensive for loading and hides things that are wrong. Quote Link to comment Share on other sites More sharing options...
sasa Posted April 8, 2009 Share Posted April 8, 2009 in your form you mast have input field named 'mGinNo' with value menagerID it could be hidden type Quote Link to comment Share on other sites More sharing options...
sdasilva Posted April 9, 2009 Author Share Posted April 9, 2009 Hi there, After getting some help, I managed to get it working.It is working fine,deleting without any problems. I had to use hidden input in the form and got it working. Thank you everyone for all the input and help. Here is the code (I decided to use 3 files): Main file (manager.php): <?php //connect to the database $result = @mysql_query('SELECT managerID,FirstName,LastName,Department FROM manager'); if (!$result) { exit('<p>Error performing query: ' . mysql_error() . '</p>'); } while ($row = mysql_fetch_array($result)) { $managerID = $row['managerID']; $FirstName = $row['FirstName']; $LastName = $row['LastName']; $Department = $row['Department']; echo "<tr><td>"; echo $managerID; echo "</td><td>"; echo $FirstName; echo "</td><td>"; echo $LastName; echo "</td><td>"; echo $Department; echo "</td><td>"; echo "<a href='delete_manager.php?managerID=$managerID'>Delete this manager</a>"; echo "</td></tr>"; }//end of while-loop ?> Extracts of delete_manager.php: <html> <p>Are you sure you want to delete this manager?</p> <form action="manager_deleted.php" method="post"> Your choice: <input type="radio" name="choice" value="yes"> Yes <input type="radio" name="choice" value="no" /> No <input type="hidden" name="managerID" id="managerID" value="<?php echo $_REQUEST['managerID'];?>"> <button type="submit">Send</button> </form> </html> Extracts of manager_deleted.php: <?php // Connect to the database server. // Select the trainee_allocation database require('connectdatabase.inc.php'); if (isset($_POST['choice']) ) { switch($_POST['choice']) { case 'yes': /// Code here $managerID = (int)$_POST['managerID']; $sql = "DELETE FROM manager WHERE managerID=$managerID"; if (@mysql_query($sql)) { echo '<p>The manager has been deleted.</p>'; } else { echo '<p>Error deleting manager: ' . mysql_error() . '</p>'; } break; case 'no': /// Code here break; default: /// Error treatment break; } } else { // error treatment } ?> Quote Link to comment Share on other sites More sharing options...
sasa Posted April 9, 2009 Share Posted April 9, 2009 Quote Link to comment Share on other sites More sharing options...
redarrow Posted April 9, 2009 Share Posted April 9, 2009 Are you sure that it a safe solution your way off deleting a manager. what i can see , would it be passable for another user, with those writes, to delete other mangers via the mangers id in the url. just asking. if security not a issue sorry. Quote Link to comment Share on other sites More sharing options...
WolfRage Posted April 9, 2009 Share Posted April 9, 2009 In my opion SECURITY is always an issue, so I agree. Quote Link to comment Share on other sites More sharing options...
sdasilva Posted April 10, 2009 Author Share Posted April 10, 2009 Hey guys, since security is an issue!Do you have any better idea? I really did not want to use java script. Quote Link to comment Share on other sites More sharing options...
amitkpt Posted April 10, 2009 Share Posted April 10, 2009 Change following line echo "<a href='delete_manager.php?managerID=$managerID'>Delete this manager</a>"; echo "<a href='delete_manager.php?managerID=managerID'>Delete this manager</a>"; In other page put this line on top @extract($_GET); Hopefully this will solve your problem. Quote Link to comment Share on other sites More sharing options...
WolfRage Posted April 11, 2009 Share Posted April 11, 2009 I would recommend building in a secure session handler, that checks the user before allowing them to proceed to this page. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.