MjM8082 Posted August 8, 2012 Share Posted August 8, 2012 I created a blog and what I am trying to delete a post when I click the delete button underneath the post. I have messed around with this for a while and can't seem to figure out why it is not working. Here is my code on the post page... include "connect_to_mysql.php"; $sql = "SELECT * FROM posts ORDER BY time_posted DESC"; $results = mysql_query($sql); while($row = mysql_fetch_array($results)) { echo "</br>"; echo "</br>"; echo $row['title'] ."</br>"; echo $row['date_posted'] . "<br />"; echo $row['time_posted'] ."</br></br>"; echo $row['content'] . "<br /></br>"; echo "<a href=\"delete_post.php?post_id=" . $row['post_id'] . "\">Delete</a>"; Here is my delete_post page. include "connect_to_mysql.php"; // SQL query $sql = mysql_query ("DELETE FROM posts WHERE post_id = '$post_id'"); echo 'Post has been deleted! </br></br>Go to blog home!<a href="index.php">Click Here</a><br /></br>'; Just so you know post_id is the name of the id's in the database.. so I know my names are not wrong. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/ Share on other sites More sharing options...
peipst9lker Posted August 8, 2012 Share Posted August 8, 2012 1. In your delete_post page you have to initialize $post_id, place above query execution. $post_id = (int)$_GET['post_id']; 2. Check with mysql_error() or any other method like mysql_affected_rows() to validate query execution. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367738 Share on other sites More sharing options...
MjM8082 Posted August 8, 2012 Author Share Posted August 8, 2012 Hey thanks man, so would this work the same way if I wanted to delete the title of the post from the database instead of the entire row? Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367856 Share on other sites More sharing options...
Jessica Posted August 8, 2012 Share Posted August 8, 2012 No, DELETE is for an entire row. To change the title of the post you would use UPDATE. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367864 Share on other sites More sharing options...
scootstah Posted August 8, 2012 Share Posted August 8, 2012 Hey thanks man, so would this work the same way if I wanted to delete the title of the post from the database instead of the entire row? No, you would use an UPDATE for that, with an empty value. UPDATE posts SET post_title='' WHERE post_id=$post_id With that aside, you are doing something very wrong. <a href=\"delete_post.php?post_id=" . $row['post_id'] . "\">Delete</a> <-- DO NOT DO THIS! GET should only be used for GETting data, not manipulating it in any way. Use a POST request to delete things, so that you can properly secure it from CSRF attacks. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367865 Share on other sites More sharing options...
Porl123 Posted August 8, 2012 Share Posted August 8, 2012 I sometimes use GET to perform deletes. It's alright as long as you add some sort of verification to the link. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367893 Share on other sites More sharing options...
scootstah Posted August 8, 2012 Share Posted August 8, 2012 You could use a CSRF token in the query string, and that would be OK, but you should still stick to POST for that stuff. I sometimes run a bit of AJAX on the link to avoid the extra button click. Quote Link to comment https://forums.phpfreaks.com/topic/266800-delete-statement-not-working/#findComment-1367919 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.