To be able to remove and edit on the same page (mysql/PHP)

[ipodman]

Hey guys,

 

I did do a search on this and found nothing so if their is a post, sorry for posting this.

 

Ok, I am doing a little project based around a shopping cart and now on this page I want to be able to delete a product and edit a product.

 

Editing product:

 

I would like to be able to click on the product from the table...such as a colum that has "edit" init and it then loads it into text boxes below. [bottom of the table which shows a full list of items in the database]

 

Deleting products:

 

I would like to be able to have a colum added onto the full items list table where you can click and remove a product.

 

Code:

 

<div> 

  <p align="center">Current Products: </p>
  <p align="center">
    <?php
$db= mysql_connect("localhost", "root");
mysql_select_db("site",$db);
$result= mysql_query("SELECT * FROM stock",$db);

if($myrow = mysql_fetch_array($result))

{
echo "<table border=1>\n";
echo "<tr><td>Stock Id</td><td>Name</td><td>Cat Id</td><td>Desc</td><td>Sale Price</td></tr>\n";

do
{ printf("<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td><td>%s</td></tr>\n",
$myrow["pro_id"],
$myrow["name"],
$myrow["cat_id"],
$myrow["description"],
$myrow["sale_price"]); }
while ($myrow= mysql_fetch_array($result));
echo "</table>\n";
}

else

{echo "sorry nothing found"; }
?>
  </p>

</div> 

[jackpf]

Why not have a hyperlink like

echo '<a href="edit.php?id='.$myrow['id'].'">edit</a>';

And the same for delete, but with delete.php.

 

Then have queries that edit/delete the records in those files, respectively.

Something like

$id = $_GET['id'];
mysql_query("DELETE FROM table WHERE id='$id'");

 

You may also want a confirmation prompt and some security as well...

[ipodman]

I was trying to do the option of having a centralised approach but if that's not possible I may go down the route that you have said.

[jackpf]

Well, you could do it in the same file, something like so

 

if(isset($_GET['delete']))
{
$id = $_GET['delete'];
mysql_query(...etc
}
else if(isset($_GET['edit']))
{
$id = $_GET['edit'];
mysql_query(...etc
}

[ipodman]

Hey,

 

Thanks. I will attempt what you have said in the morning. i have spent too long with php over the past few days and need a little break. 3 days solid learning it, I have mastered the basics, just trying to get th ehang of the more complicated stuff which will take a lot of time.

 

Where woudl what you have suggested be located in the code, i am fine with the mysql of the code just where to the wrap it all into the code I have supplied

[waynew]

I'm actually doing something like that at the moment.

 

Here are some hints. For instance, when a deletion has been successful, redirect them back to the exact same page with the $_GET variabled "deleted" == "Y". Etc.

Also, using simple $_GET links for action taking leads to a few security concerns. What if I sent you a link and it had delete_image=434 as the query string? I might cause you to deleted an image if you clicked on it. So maybe use a token of some sort? Such as page.php?delete=332&sid='.session_id().'

 

????

 

[ipodman]

I'm actually doing something like that at the moment.

 

Here are some hints. For instance, when a deletion has been successful, redirect them back to the exact same page with the $_GET variabled "deleted" == "Y". Etc.

Also, using simple $_GET links for action taking leads to a few security concerns. What if I sent you a link and it had delete_image=434 as the query string? I might cause you to deleted an image if you clicked on it. So maybe use a token of some sort? Such as page.php?delete=332&sid='.session_id().'

 

????

 

I am happy that I am only doing a simple version without images [its part of a uni project[ but i would use the token session to ensure that the correct image is remove. Also i planned ot use the redirection upon removal of an item to the same page with a simple message displayed that would state that the item has been removed.

 

But thanks for the tips, they have made me think about using certain aspects in other areas

[jackpf]

In response to where would you use it, it'd be something like so

 

$action = $_GET['action'];
if(!isset($action))
{
//your code here
}
else if($action == 'delete')
{
//delete stuff...
}

 

If you take a look at my site (www.jackpf.co.uk), you'll notice it's all completely query string based, and it actually consists of about 6 or 7 pages, although hundreds are generated depending on what the query string is. If I actually had an individual page for each page generated, I'd have insane amounts.

 

Query strings are the way to go.