morocco-iceberg Posted May 30, 2010 Share Posted May 30, 2010 I have been trying to create a page that gives administration the ability to add, edit and delete questions. Adding and editing work fine, and deleting does work, just not the way I want it to. Each row has an edit and delete button contained in a seperate form. My problem is that the delete button deletes everything in the table when I only want it to delete one row. I've tried putting all the buttons into a single form rather than seperate forms and a whole bunch of other things but nothing seems to work. Help? <?php session_start(); if(!isset($_SESSION['loggedin'])){ die("To access this page, you need to <a href=\"login.php\">login</a>."); } mysql_connect("", "", "") or die("Could not connect to database, please try again."); mysql_select_db("") or die("Could not connect to database, please try again."); $error_message = "There was an error, please <a href=\"edit_writing.php\">try again</a>."; $success_message = ""; if(isset($_POST["delete"])){ $a = $_POST["delete"]; mysql_query("DELETE FROM writing WHERE a=$a") or die($error_message); $success_message = "Question was deleted."; } if(isset($_POST["update"])){ $z = $_POST["update"]; $a = $_POST["a"]; $b = $_POST["b"]; $c = $_POST["c"]; $d = $_POST["d"]; $e = $_POST["e"]; if(!$a || !$b || !$c || !$d || !$e) { die("Please <a href=\"edit_writing.php\">try again</a> and ensure the form is completed properly."); } mysql_query("UPDATE writing SET a='$a', b='$b', c='$c', d='$d', e='$e' WHERE a='$z'") or die($error_message); $success_message = "Question was edited."; } if(isset($_POST["add"])){ $a = mysql_real_escape_string($_POST["a"]); $b = mysql_real_escape_string($_POST["b"]); $c = mysql_real_escape_string($_POST["c"]); $d = mysql_real_escape_string($_POST["d"]); $e = mysql_real_escape_string($_POST["e"]); if(!$a || !$b || !$c || !$d || !$e) { die("Please <a href=\"edit_writing.php\">try again</a> and ensure the form is completed properly."); } mysql_query("INSERT INTO writing (a, b, c, d, e) VALUES ('$a', '$b', '$c', '$d', '$e')") or die($error_message); $success_message = "Question was added."; } echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> <html xmlns=\"http://www.w3.org/1999/xhtml\"> <head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /> <title>Title</title> <link rel=\"stylesheet\" type=\"text/css\" href=\"css.css\" /> </head> <body> <div id=\"timer\"> </div> <div id=\"wrap\"> <div id=\"mainheader\"> </div> <div id=\"content\"> <div id=\"orangeheader\"><br/> Title </div> <div id=\"text\"> " . $success_message; if(isset($_POST["edit"])){ $a = $_POST["edit"]; $sql = mysql_query("SELECT * FROM writing WHERE a='$a'") or die($error_message); while($row = mysql_fetch_array($sql)){ $b = $row["b"]; $c = $row["c"]; $d = $row["d"]; $e = $row["e"]; } echo "<form action=\"edit_writing.php\" method=\"post\"> <table> <tr> <td><label for=\"a\">Question One</label></td> <td><label for=\"b\">Question Two</label></td> <td><label for=\"c\">Question Three</label></td> <td><label for=\"d\">Question Four</label></td> <td><label for=\"e\">Question Five</label></td> </tr> <tr> <td><input type=\"text\" name=\"a\" value=\"" . $a . "\" /></td> <td><input type=\"text\" name=\"b\" value=\"" . $b . "\" /></td> <td><input type=\"text\" name=\"c\" value=\"" . $c . "\" /></td> <td><input type=\"text\" name=\"d\" value=\"" . $d . "\" /></td> <td><input type=\"text\" name=\"e\" value=\"" . $e . "\" /></td> </tr> </table> <button type=\"submit\" name=\"update\" value=\"" . $a . "\">Update</button> </form>"; } echo "<table> <tr> <td><strong>Question One</strong></td> <td><strong>Question Two</strong></td> <td><strong>Question Three</strong></td> <td><strong>Question Four</strong></td> <td><strong>Question Five</strong></td> </tr>"; $result = mysql_query("SELECT * FROM writing"); $number = mysql_numrows($result); $counter = 0; while ($counter<$number){ $a = mysql_result($result, $counter,"a"); $b = mysql_result($result, $counter,"b"); $c = mysql_result($result, $counter,"c"); $d = mysql_result($result, $counter,"d"); $e = mysql_result($result, $counter,"e"); echo "<tr> <td>" . $a . "</td> <td>" . $b . "</td> <td>" . $c . "</td> <td>" . $d . "</td> <td>" . $e . "</td> <form action=\"edit_writing.php\" method=\"post\"> <td><button type=\"submit\" name=\"edit\" value=\"" . $a . "\">Edit</button></td> <td><button type=\"submit\" name=\"delete\" value=\"" . $a . "\">Delete</button></td> </form> </tr>"; $counter++; } ?> </table> <form action="edit_writing.php" method="post"> <table> <tr> <td><label for="a">Question One</label></td> <td><label for="b">Question Two</label></td> <td><label for="c">Question Three</label></td> <td><label for="d">Question Four</label></td> <td><label for="e">Question Five</label></td> </tr> <tr> <td><input type="text" name="a" /></td> <td><input type="text" name="b" /></td> <td><input type="text" name="c" /></td> <td><input type="text" name="d" /></td> <td><input type="text" name="e" /></td> </tr> </table> <input type="submit" name="add" value="Add Question"/> </form> </body> </html> Quote Link to comment Share on other sites More sharing options...
ghostcoder Posted May 30, 2010 Share Posted May 30, 2010 On a quick scan, I'd change your delete line from DELETE FROM writing WHERE a=$a to DELETE FROM writing WHERE a='$a' LIMIT 1 But I might not use $a as my variable name. Also, I'd escape it first. You can also echo what the value of your post data is and exit before you run the SQL. Then you can do a select on the table with the same value and see if it returns more than one row or not. Quote Link to comment Share on other sites More sharing options...
morocco-iceberg Posted May 30, 2010 Author Share Posted May 30, 2010 Oh yay! It works now, thank you and I'll make sure to escape it as well Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.