Jump to content

Post and Get not working


BoklSh333
 Share

Recommended Posts

Hello, I have this PHP and HTML code and i recently figured out, it doesn't even enter the PHP function to execute and i have no idea whats wrong

 

            <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" id="trashy">
                <table id="RemoveItem">
                    <tr>
                    <b><label for="Itemid">Enter the item ID you want to delete : </label></b>
                    <input type="number" name="Iid"><br><br>
                    </tr>
                    <tr>
                        <td></td>
                        <td></td>
                        <td></td>
                        <td>
                        <!-- <button type="button" class="button1" name="remove" type="submit" href="AdministratorPanel.php?click=1">Remove</button> -->
                        <input id="btn-login" class="btn btn-success" style="right: 50px;" type="submit" name="remove" value="remove"> 
                        </td>
                    </tr>
                </table>
            </form>
<?php 
  if($_SERVER["REQUEST_METHOD"] == "POST") {
      if(isset($_POST['remove'])) {
        $ido = $_GET['Iid'];
        $result = mysqli_query($conn, "DELETE FROM productinfo WHERE ID = '$ido'") or die ("error");
        if($del)
        {
            echo "success deleting record";
        }
        else
        {
            echo "Error deleting record"; // display error message if not delete
        }
      }
  }
?>

 

Link to comment
Share on other sites

Posted (edited)
4 minutes ago, Barand said:

If form method is POST, why try to access $_GET for the id?

Where is $del being set?

You should be using prepared statements instead of putting user input data directly into your query.

1. Sorry my bad, that was the old code, i changed it to _POST ages ago and still no luck

2.  Again, Sorry my bad again, $del is $result, forgot to change it, still no luck

3. I cant use prepared statements because the user is meant to input what ID they want to delete, but even when i set the ID manually myself, lets say '110" it still doesn't work, it doesn't enter the php function at all

 

EDIT: btw, the form is part of a much bigger section section tag along with other forms if that helps

Edited by BoklSh333
Link to comment
Share on other sites

Just now, dodgeitorelse3 said:

You have a button with type= button as well as type= submit and name of remove and at sane time you have an input with type=submit and name=remove. 

The button one is commented out, pretend its not there. Im using the input tag where the type is submit and the name is remove

Link to comment
Share on other sites

are you requesting this page using a URL, so that the php code will get executed, or a file system path, which would show the raw php code in the 'view source' in your browser? what do you see when you look at the 'view source' in your browser?

7 hours ago, BoklSh333 said:

the form is part of a much bigger section section tag along with other forms

is the html markup for the page valid, so that you don't have something like nested forms going on?

7 hours ago, BoklSh333 said:

action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>"

to get the browser to submit to the same page and get any existing get parameters in the url to automatically be propagated between pages, just leave the entire action attribute out of the form tag.

7 hours ago, BoklSh333 said:

1. Sorry my bad, that was the old code, i changed it to _POST ages ago and still no luck

you need to validate all inputs before using them, and set up a user error message for required inputs that don't exist.

7 hours ago, BoklSh333 said:

2.  Again, Sorry my bad again, $del is $result, forgot to change it, still no luck

the return value from the mysqli_query() call for a delete query doesn't tell you if the row was deleted or not. it just tells you if the query executed with or without an error. however, since you are also using an or die() for error handling (which shouldn't be used at all, you should use exceptions for error handling for database statements), you will never see the else {} "Error deleting record" message. to actually detect if a row was delete, you need test the number of affected rows.

 

7 hours ago, BoklSh333 said:

3. I cant use prepared statements because the user is meant to input what ID they want to delete

a prepared query has nothing to do with where or how a value is entered. they are about protecting against sql special characters in external, unknown, dynamic values from breaking the sql query syntax, which is how sql injection is accomplished.

Link to comment
Share on other sites

7 hours ago, mac_gyver said:

are you requesting this page using a URL, so that the php code will get executed, or a file system path, which would show the raw php code in the 'view source' in your browser? what do you see when you look at the 'view source' in your browser?

is the html markup for the page valid, so that you don't have something like nested forms going on?

to get the browser to submit to the same page and get any existing get parameters in the url to automatically be propagated between pages, just leave the entire action attribute out of the form tag.

you need to validate all inputs before using them, and set up a user error message for required inputs that don't exist.

the return value from the mysqli_query() call for a delete query doesn't tell you if the row was deleted or not. it just tells you if the query executed with or without an error. however, since you are also using an or die() for error handling (which shouldn't be used at all, you should use exceptions for error handling for database statements), you will never see the else {} "Error deleting record" message. to actually detect if a row was delete, you need test the number of affected rows.

 

a prepared query has nothing to do with where or how a value is entered. they are about protecting against sql special characters in external, unknown, dynamic values from breaking the sql query syntax, which is how sql injection is accomplished.

1. I don't see the PHP code when i do view source

2. Yes

3.  Leaving out that parameter didn't change anything, still got the same issue

4. What do you mean by validate all inputs before using them? can i get an example if thats okay

5.  Yeah, i was trying to check for an error but nothing would come up, i would manually check the database itself to see if the row got deleted and it wouldn't get deleted. 

6. Oh, so how do i do that, can i get an example? sorry im new to php

Link to comment
Share on other sites

My suggestion is to find a good PHP tutorial and have error reporting turned on (which should be part of the tutorial). As for what you are trying to do try to keep it simple. TRY to keep most of the PHP on top and the HTML on the bottom of each page. Here's an example of what I mean and try to comment your coding as it will make sense later on when you go modify or help you out when you go work on it later on.

Top

/*
 * Set the class to of the record (data) to be display
 * to the class then fetch the data to the $record
 * ARRAY do be displayed on the website. If an
 * update has been done then update database
 * table otherwise just fetch the record
 * by id.
 */
if (isset($_POST['submit'])) {
    $cms = new CMS($_POST['cms']);

    $result = $cms->update();
    $id = $_POST['cms']['id'];
} elseif ($id && is_int($id)) {
    $record = CMS::fetch_by_id($id);
    $cms = new CMS($record);
} else {
    header("Location: index.php");
    exit();
}

Bottom

    <form id="formData" class="form_classes" action="edit.php" method="post" enctype="multipart/form-data">
        <input type="hidden" name="cms[id]" value="<?= $id ?>">
        <input type="hidden" name="cms[user_id]" value="<?= $_SESSION['id'] ?>">
        <input type="hidden" name="cms[author]" value="<?= Login::full_name() ?>">
        <input type="hidden" name="cms[date_updated]" value="<?= $date_updated ?>">
        <input type="hidden" name="action" value="upload">
        <input class="form_image_upload_style" type="file" name="image">
        <br><br>
        <label class="heading_label_style" for="heading">Heading</label>
        <input class="enter_input_style" id="heading" type="text" name="cms[heading]" value="<?= $cms->heading ?>"
               tabindex="1" required autofocus>
        <label class="text_label_style" for="content">Content</label>
        <textarea class="text_input_style" id="content" name="cms[content]" tabindex="2"><?= $cms->content ?></textarea>
        <button class="form_button" formaction="delete.php?id=<?= $id ?>" onclick="return confirm('Are you sure you want to delete this item?');">Delete</button>
        <button class="form_button" type="submit" name="submit" value="enter">submit</button>
    </form>

Just my helpful addition to the conversation (I hope).

Link to comment
Share on other sites

25 minutes ago, Strider64 said:

My suggestion is to find a good PHP tutorial and have error reporting turned on (which should be part of the tutorial). As for what you are trying to do try to keep it simple. TRY to keep most of the PHP on top and the HTML on the bottom of each page. Here's an example of what I mean and try to comment your coding as it will make sense later on when you go modify or help you out when you go work on it later on.

Top


/*
 * Set the class to of the record (data) to be display
 * to the class then fetch the data to the $record
 * ARRAY do be displayed on the website. If an
 * update has been done then update database
 * table otherwise just fetch the record
 * by id.
 */
if (isset($_POST['submit'])) {
    $cms = new CMS($_POST['cms']);

    $result = $cms->update();
    $id = $_POST['cms']['id'];
} elseif ($id && is_int($id)) {
    $record = CMS::fetch_by_id($id);
    $cms = new CMS($record);
} else {
    header("Location: index.php");
    exit();
}

Bottom


    <form id="formData" class="form_classes" action="edit.php" method="post" enctype="multipart/form-data">
        <input type="hidden" name="cms[id]" value="<?= $id ?>">
        <input type="hidden" name="cms[user_id]" value="<?= $_SESSION['id'] ?>">
        <input type="hidden" name="cms[author]" value="<?= Login::full_name() ?>">
        <input type="hidden" name="cms[date_updated]" value="<?= $date_updated ?>">
        <input type="hidden" name="action" value="upload">
        <input class="form_image_upload_style" type="file" name="image">
        <br><br>
        <label class="heading_label_style" for="heading">Heading</label>
        <input class="enter_input_style" id="heading" type="text" name="cms[heading]" value="<?= $cms->heading ?>"
               tabindex="1" required autofocus>
        <label class="text_label_style" for="content">Content</label>
        <textarea class="text_input_style" id="content" name="cms[content]" tabindex="2"><?= $cms->content ?></textarea>
        <button class="form_button" formaction="delete.php?id=<?= $id ?>" onclick="return confirm('Are you sure you want to delete this item?');">Delete</button>
        <button class="form_button" type="submit" name="submit" value="enter">submit</button>
    </form>

Just my helpful addition to the conversation (I hope).

I did that recently and still no luck 😕 Thanks for the help though

Link to comment
Share on other sites

given the number of mistakes in the first posted code, post your current php code.

also, for debugging, add the following immediately before the if($_SERVER["REQUEST_METHOD"] == "POST") { line of code -

echo '<pre>'; print_r($_POST); echo '</pre>';

after you submit the form, what output do you get on the page? i'm thinking you have something like a header redirect in your code, that you are not showing us, and any output from your code is being discarded and you are seeing the original page being output to the browser.

requiring the user to know and enter id values is error prone. you should provide some method of selecting from existing records.

lastly, depending on how the data originally got inserted into the table, you could have white-space characters as part of the data, so nothing you enter in a form field will ever match the values. how did the data get inserted?

Link to comment
Share on other sites

 

2 hours ago, mac_gyver said:

given the number of mistakes in the first posted code, post your current php code.

also, for debugging, add the following immediately before the if($_SERVER["REQUEST_METHOD"] == "POST") { line of code -


echo '<pre>'; print_r($_POST); echo '</pre>';

after you submit the form, what output do you get on the page? i'm thinking you have something like a header redirect in your code, that you are not showing us, and any output from your code is being discarded and you are seeing the original page being output to the browser.

requiring the user to know and enter id values is error prone. you should provide some method of selecting from existing records.

lastly, depending on how the data originally got inserted into the table, you could have white-space characters as part of the data, so nothing you enter in a form field will ever match the values. how did the data get inserted?

I found out the issue has nothing to do with my code, when i took the forum and moved it to an empty PHP page along with the html and php code and everthing  it worked fine, its only in this particular page that it did not work

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.