Jump to content

$_POST problem

rascle

By rascle
in PHP Coding Help

Recommended Posts

rascle Member

rascle

Posted
Posted

Hi, I am using POST to send the id of a row in a MySQL database, this id should then be used to delete the row from MySQL, this all works fine when I use GET, but as soon as i try and use POST (for security reasons) it deletes another row.

Here is the code ($_POST):

<?php

$member = $logged['username'];
//IFMESSAGES THEN SAY OTHERWISE SAY NO 

$seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'");
$howmanymessages = mysql_num_rows($seemessages);

$seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'");
$howmanyreadmessages = mysql_num_rows($seereadmessages);  
$totalmessages = $howmanyreadmessages + $howmanymessages;
//MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL
echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>';

if(isset($_POST['delete'])){
//DELETE MESSAGE
$id = $_POST['delete'];
echo $id;
$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");
mysql_query("DELETE FROM rmail WHERE `id` = '$id'");
echo "Message has been deleted!";
}
else if(isset($_GET['inbox'])){
$username = $logged['username'];
//DISPLAY EMAILS FOR USER
//WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE
$getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC");

echo'
<table border="1">
<tr>
<td> <font size="5">Check</font> </td>
<td> <font size="5">Status</font></td>
<td><font size="5">From</font></td>
<td width="500"><font size="5">Subject</font></td>
<td><font size="5">Date Sent</font></td>
<td><font size="5">Time Sent</font></td>
<td><font size="5">Action</font></td>
</tr>
';
while($email = mysql_fetch_array($getemail)){
$id = $email['id'];
if($email['status'] == "unread"){
echo "<tr bgcolor='#666666'>";
}else{
echo "<tr>";
}
echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>';
echo '<td>';
if($email['status'] == "unread"){
echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>';
}else if($email['status'] == "read"){
echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>';
}
echo '</td>';
echo '<td>'.$email['from'].'</td>';
echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>';
echo '<td>'.$email['date'].'</td>';
echo '<td>'.$email['time'].'</td>';
echo '<td><form action="rmail.php" method="post">
<input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

echo "</font></tr>";
}
echo "</table>";
}

</html>

Here is the code with $_GET (this works but $_POST doesnt):

<?php

$member = $logged['username'];
//IFMESSAGES THEN SAY OTHERWISE SAY NO 

$seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'");
$howmanymessages = mysql_num_rows($seemessages);

$seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'");
$howmanyreadmessages = mysql_num_rows($seereadmessages);  
$totalmessages = $howmanyreadmessages + $howmanymessages;
//MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL
echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>';

if(isset($_GET['delete'])){
//DELETE MESSAGE
$id = $_GET['delete'];
echo $id;
$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");
mysql_query("DELETE FROM rmail WHERE `id` = '$id'");
echo "Message has been deleted!";
}
else if(isset($_GET['inbox'])){
$username = $logged['username'];
//DISPLAY EMAILS FOR USER
//WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE
$getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC");

echo'
<table border="1">
<tr>
<td> <font size="5">Check</font> </td>
<td> <font size="5">Status</font></td>
<td><font size="5">From</font></td>
<td width="500"><font size="5">Subject</font></td>
<td><font size="5">Date Sent</font></td>
<td><font size="5">Time Sent</font></td>
<td><font size="5">Action</font></td>
</tr>
';
while($email = mysql_fetch_array($getemail)){
$id = $email['id'];
if($email['status'] == "unread"){
echo "<tr bgcolor='#666666'>";
}else{
echo "<tr>";
}
echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>';
echo '<td>';
if($email['status'] == "unread"){
echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>';
}else if($email['status'] == "read"){
echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>';
}
echo '</td>';
echo '<td>'.$email['from'].'</td>';
echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>';
echo '<td>'.$email['date'].'</td>';
echo '<td>'.$email['time'].'</td>';
echo '<td><a href="rmail.php?delete='.$email['id'].'">DELETE</a><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

echo "</font></tr>";
}
echo "</table>";
}

</html>

 

Any Ideas?

Thanks

Rhys

 

Link to comment
https://forums.phpfreaks.com/topic/210781-_post-problem/
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

In this code

echo '<td><form action="rmail.php" method="post">
<input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

 

Your're not closing the form. Make sure you're outputting valid HTML code, before debugging PHP. You'll want to close the form (add </form>) after

<input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');">

 

Also these lines

$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");

Could be written as one line

mysql_query("UPDATE data SET rmailsent = rmailsent-1");

You may want to add a WHERE clause to that query, otherwise ALL rows within the table will be affected. I assume you have some form of id column within the data table, which relates to the email id. Your query most probably should be

mysql_query("UPDATE data SET rmailsent = rmailsent-1 WHERE email_id_field='$id'");

Link to comment
https://forums.phpfreaks.com/topic/210781-_post-problem/#findComment-1099537
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.