Deleting Multiple Rows PHP MYSQL with checkboxes

[dannyp100]

Hi guys

I'm trying to a way of deleting multiple user inbox messages with checkboxes, this is what i've got so far.

 

<?php
include 'gradnetconn.php';
require_once ('webpage.class.php');
session_start();
$messageTo = $_SESSION['userID'];

if (!(isset($_SESSION['userID']) && $_SESSION['userID'] != '')) {
echo "Log in to send a message" ;
header ("Location: login.php");
} else {
echo "You aree logged in, please feel free to delete a message ";
}
$sql="SELECT * FROM gn_messages WHERE messageTo = $messageTo AND messageDeleted = '0'
ORDER BY messageDate DESC";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
?>
<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<td><form name="form1" method="post" action="">
<table width="400" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td bgcolor="#FFFFFF"> </td>
<td colspan="4" bgcolor="#FFFFFF"><strong>Delete A Message</strong> </td>
</tr>
<tr>
<td align="center" bgcolor="#FFFFFF">#</td>
<td align="center" bgcolor="#FFFFFF"><strong>Message ID</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>From</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Subject</strong></td>
<td align="center" bgcolor="#FFFFFF"><strong>Date</strong></td>
</tr>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['messageID']; ?>"></td>
<td bgcolor="#FFFFFF"><? echo $rows['messageID']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['messageFrom']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['messageSubject']; ?></td>
<td bgcolor="#FFFFFF"><? echo $rows['messageDate']; ?></td>
</tr>
<?php
}
?>

<tr>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td>
</tr>
<?php
// Check if delete button active
if($delete){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM gn_messages WHERE messageID='$del_id'";
$result = mysql_query($sql);
}
// if successful redirect to delete_multiple.php
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=delete_multiple.php\">";
}
}
mysql_close();
?>
</table>
</form>
</td>
</tr>
</table>

 

It says undefined variable delete. Shouldn't this correspond to the ID of the delete button?

Notice: Undefined variable: delete (line 70)

 

Thanks

[PFMaBiSmAd]

Your form is using method='post'. The form data will be in the $_POST array - $_POST['delete']

 

Your code has some security problems that you should fix -

 

1) Your login check code needs an exit; statement after the header() redirect to prevent the remainder of the code on your protected page from running while the browser is requesting the target url in that redirect. The only thing your current logic is protecting or preventing is the echo "You aree logged in, please feel free to delete a message "; statement.

 

2) You need to make sure that any messages you are deleting actually belong to the currently logged in user. Your current logic would allow any logged in user to delete any or all the messages, belonging to anyone.

 

You also need to consider that any one message appears in the outbox of the person who sent it and in the inbox of the recipient, and actually deleting it would remove it from both the sender and recipient boxes. Are you sure that is what you want? Shouldn't you have two flags, one for the sender and one for the receiver, that indicates when one of them has deleted the message and you should simply not display it in their corresponding box?

Edited February 8, 2013 by PFMaBiSmAd

[dannyp100]

Thanks for the advice. I understand what you've said.

I completely forgot that if a message is deleted, it is completely deleted from the database and wouldn't remain in the senders outbox. I wouldn't know where to start with doing flags etc as i'm a total beginner, any tutorials you could link me to?

 

Thanks