BoklSh333 Posted June 11, 2021 Share Posted June 11, 2021 Hello, I have this PHP and HTML code and i recently figured out, it doesn't even enter the PHP function to execute and i have no idea whats wrong <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="trashy"> <table id="RemoveItem"> <tr> <b><label for="Itemid">Enter the item ID you want to delete : </label></b> <input type="number" name="Iid"><br><br> </tr> <tr> <td></td> <td></td> <td></td> <td> <!-- <button type="button" class="button1" name="remove" type="submit" href="AdministratorPanel.php?click=1">Remove</button> --> <input id="btn-login" class="btn btn-success" style="right: 50px;" type="submit" name="remove" value="remove"> </td> </tr> </table> </form> <?php if($_SERVER["REQUEST_METHOD"] == "POST") { if(isset($_POST['remove'])) { $ido = $_GET['Iid']; $result = mysqli_query($conn, "DELETE FROM productinfo WHERE ID = '$ido'") or die ("error"); if($del) { echo "success deleting record"; } else { echo "Error deleting record"; // display error message if not delete } } } ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted June 11, 2021 Share Posted June 11, 2021 If form method is POST, why try to access $_GET for the id? Where is $del being set? You should be using prepared statements instead of putting user input data directly into your query. Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 11, 2021 Author Share Posted June 11, 2021 (edited) 4 minutes ago, Barand said: If form method is POST, why try to access $_GET for the id? Where is $del being set? You should be using prepared statements instead of putting user input data directly into your query. 1. Sorry my bad, that was the old code, i changed it to _POST ages ago and still no luck 2. Again, Sorry my bad again, $del is $result, forgot to change it, still no luck 3. I cant use prepared statements because the user is meant to input what ID they want to delete, but even when i set the ID manually myself, lets say '110" it still doesn't work, it doesn't enter the php function at all EDIT: btw, the form is part of a much bigger section section tag along with other forms if that helps Edited June 11, 2021 by BoklSh333 Quote Link to comment Share on other sites More sharing options...
dodgeitorelse3 Posted June 11, 2021 Share Posted June 11, 2021 You have a button with type= button as well as type= submit and name of remove and at sane time you have an input with type=submit and name=remove. Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 11, 2021 Author Share Posted June 11, 2021 Just now, dodgeitorelse3 said: You have a button with type= button as well as type= submit and name of remove and at sane time you have an input with type=submit and name=remove. The button one is commented out, pretend its not there. Im using the input tag where the type is submit and the name is remove Quote Link to comment Share on other sites More sharing options...
dodgeitorelse3 Posted June 11, 2021 Share Posted June 11, 2021 My apologies. I didn't see the commented out lines. Quote Link to comment Share on other sites More sharing options...
Barand Posted June 11, 2021 Share Posted June 11, 2021 Have you got error reporting turned on? Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 12, 2021 Share Posted June 12, 2021 are you requesting this page using a URL, so that the php code will get executed, or a file system path, which would show the raw php code in the 'view source' in your browser? what do you see when you look at the 'view source' in your browser? 7 hours ago, BoklSh333 said: the form is part of a much bigger section section tag along with other forms is the html markup for the page valid, so that you don't have something like nested forms going on? 7 hours ago, BoklSh333 said: action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" to get the browser to submit to the same page and get any existing get parameters in the url to automatically be propagated between pages, just leave the entire action attribute out of the form tag. 7 hours ago, BoklSh333 said: 1. Sorry my bad, that was the old code, i changed it to _POST ages ago and still no luck you need to validate all inputs before using them, and set up a user error message for required inputs that don't exist. 7 hours ago, BoklSh333 said: 2. Again, Sorry my bad again, $del is $result, forgot to change it, still no luck the return value from the mysqli_query() call for a delete query doesn't tell you if the row was deleted or not. it just tells you if the query executed with or without an error. however, since you are also using an or die() for error handling (which shouldn't be used at all, you should use exceptions for error handling for database statements), you will never see the else {} "Error deleting record" message. to actually detect if a row was delete, you need test the number of affected rows. 7 hours ago, BoklSh333 said: 3. I cant use prepared statements because the user is meant to input what ID they want to delete a prepared query has nothing to do with where or how a value is entered. they are about protecting against sql special characters in external, unknown, dynamic values from breaking the sql query syntax, which is how sql injection is accomplished. Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 12, 2021 Author Share Posted June 12, 2021 10 hours ago, Barand said: Have you got error reporting turned on? I did and nothing came up Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 12, 2021 Author Share Posted June 12, 2021 7 hours ago, mac_gyver said: are you requesting this page using a URL, so that the php code will get executed, or a file system path, which would show the raw php code in the 'view source' in your browser? what do you see when you look at the 'view source' in your browser? is the html markup for the page valid, so that you don't have something like nested forms going on? to get the browser to submit to the same page and get any existing get parameters in the url to automatically be propagated between pages, just leave the entire action attribute out of the form tag. you need to validate all inputs before using them, and set up a user error message for required inputs that don't exist. the return value from the mysqli_query() call for a delete query doesn't tell you if the row was deleted or not. it just tells you if the query executed with or without an error. however, since you are also using an or die() for error handling (which shouldn't be used at all, you should use exceptions for error handling for database statements), you will never see the else {} "Error deleting record" message. to actually detect if a row was delete, you need test the number of affected rows. a prepared query has nothing to do with where or how a value is entered. they are about protecting against sql special characters in external, unknown, dynamic values from breaking the sql query syntax, which is how sql injection is accomplished. 1. I don't see the PHP code when i do view source 2. Yes 3. Leaving out that parameter didn't change anything, still got the same issue 4. What do you mean by validate all inputs before using them? can i get an example if thats okay 5. Yeah, i was trying to check for an error but nothing would come up, i would manually check the database itself to see if the row got deleted and it wouldn't get deleted. 6. Oh, so how do i do that, can i get an example? sorry im new to php Quote Link to comment Share on other sites More sharing options...
Strider64 Posted June 12, 2021 Share Posted June 12, 2021 My suggestion is to find a good PHP tutorial and have error reporting turned on (which should be part of the tutorial). As for what you are trying to do try to keep it simple. TRY to keep most of the PHP on top and the HTML on the bottom of each page. Here's an example of what I mean and try to comment your coding as it will make sense later on when you go modify or help you out when you go work on it later on. Top /* * Set the class to of the record (data) to be display * to the class then fetch the data to the $record * ARRAY do be displayed on the website. If an * update has been done then update database * table otherwise just fetch the record * by id. */ if (isset($_POST['submit'])) { $cms = new CMS($_POST['cms']); $result = $cms->update(); $id = $_POST['cms']['id']; } elseif ($id && is_int($id)) { $record = CMS::fetch_by_id($id); $cms = new CMS($record); } else { header("Location: index.php"); exit(); } Bottom <form id="formData" class="form_classes" action="edit.php" method="post" enctype="multipart/form-data"> <input type="hidden" name="cms[id]" value="<?= $id ?>"> <input type="hidden" name="cms[user_id]" value="<?= $_SESSION['id'] ?>"> <input type="hidden" name="cms[author]" value="<?= Login::full_name() ?>"> <input type="hidden" name="cms[date_updated]" value="<?= $date_updated ?>"> <input type="hidden" name="action" value="upload"> <input class="form_image_upload_style" type="file" name="image"> <br><br> <label class="heading_label_style" for="heading">Heading</label> <input class="enter_input_style" id="heading" type="text" name="cms[heading]" value="<?= $cms->heading ?>" tabindex="1" required autofocus> <label class="text_label_style" for="content">Content</label> <textarea class="text_input_style" id="content" name="cms[content]" tabindex="2"><?= $cms->content ?></textarea> <button class="form_button" formaction="delete.php?id=<?= $id ?>" onclick="return confirm('Are you sure you want to delete this item?');">Delete</button> <button class="form_button" type="submit" name="submit" value="enter">submit</button> </form> Just my helpful addition to the conversation (I hope). Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 12, 2021 Author Share Posted June 12, 2021 25 minutes ago, Strider64 said: My suggestion is to find a good PHP tutorial and have error reporting turned on (which should be part of the tutorial). As for what you are trying to do try to keep it simple. TRY to keep most of the PHP on top and the HTML on the bottom of each page. Here's an example of what I mean and try to comment your coding as it will make sense later on when you go modify or help you out when you go work on it later on. Top /* * Set the class to of the record (data) to be display * to the class then fetch the data to the $record * ARRAY do be displayed on the website. If an * update has been done then update database * table otherwise just fetch the record * by id. */ if (isset($_POST['submit'])) { $cms = new CMS($_POST['cms']); $result = $cms->update(); $id = $_POST['cms']['id']; } elseif ($id && is_int($id)) { $record = CMS::fetch_by_id($id); $cms = new CMS($record); } else { header("Location: index.php"); exit(); } Bottom <form id="formData" class="form_classes" action="edit.php" method="post" enctype="multipart/form-data"> <input type="hidden" name="cms[id]" value="<?= $id ?>"> <input type="hidden" name="cms[user_id]" value="<?= $_SESSION['id'] ?>"> <input type="hidden" name="cms[author]" value="<?= Login::full_name() ?>"> <input type="hidden" name="cms[date_updated]" value="<?= $date_updated ?>"> <input type="hidden" name="action" value="upload"> <input class="form_image_upload_style" type="file" name="image"> <br><br> <label class="heading_label_style" for="heading">Heading</label> <input class="enter_input_style" id="heading" type="text" name="cms[heading]" value="<?= $cms->heading ?>" tabindex="1" required autofocus> <label class="text_label_style" for="content">Content</label> <textarea class="text_input_style" id="content" name="cms[content]" tabindex="2"><?= $cms->content ?></textarea> <button class="form_button" formaction="delete.php?id=<?= $id ?>" onclick="return confirm('Are you sure you want to delete this item?');">Delete</button> <button class="form_button" type="submit" name="submit" value="enter">submit</button> </form> Just my helpful addition to the conversation (I hope). I did that recently and still no luck 😕 Thanks for the help though Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 12, 2021 Share Posted June 12, 2021 given the number of mistakes in the first posted code, post your current php code. also, for debugging, add the following immediately before the if($_SERVER["REQUEST_METHOD"] == "POST") { line of code - echo '<pre>'; print_r($_POST); echo '</pre>'; after you submit the form, what output do you get on the page? i'm thinking you have something like a header redirect in your code, that you are not showing us, and any output from your code is being discarded and you are seeing the original page being output to the browser. requiring the user to know and enter id values is error prone. you should provide some method of selecting from existing records. lastly, depending on how the data originally got inserted into the table, you could have white-space characters as part of the data, so nothing you enter in a form field will ever match the values. how did the data get inserted? Quote Link to comment Share on other sites More sharing options...
BoklSh333 Posted June 12, 2021 Author Share Posted June 12, 2021 2 hours ago, mac_gyver said: given the number of mistakes in the first posted code, post your current php code. also, for debugging, add the following immediately before the if($_SERVER["REQUEST_METHOD"] == "POST") { line of code - echo '<pre>'; print_r($_POST); echo '</pre>'; after you submit the form, what output do you get on the page? i'm thinking you have something like a header redirect in your code, that you are not showing us, and any output from your code is being discarded and you are seeing the original page being output to the browser. requiring the user to know and enter id values is error prone. you should provide some method of selecting from existing records. lastly, depending on how the data originally got inserted into the table, you could have white-space characters as part of the data, so nothing you enter in a form field will ever match the values. how did the data get inserted? I found out the issue has nothing to do with my code, when i took the forum and moved it to an empty PHP page along with the html and php code and everthing it worked fine, its only in this particular page that it did not work Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.