Can't delete values from a form

Discussion in 'PHP' started by Kristy24, Mar 10, 2008.

0
  1. #1
    Hello everyone,

    I'm trying to create a form and this form receives information from a MYSQL db. I've accomplished that already. Now I'm trying to delete the values on that form by using: <form action="delete_values.php">.
    I think I've managed to do that too, but the values on the database just won't go away! :confused:

    When I chose one of the values on the form and apply "delete_values.php" to it, I see a new page with the url ending like this: "../delete_values.php?id=3" (i.e) and the data on the form doesn't change. I'll leave my code here just in case I'm doing something wrong. Thanks in advance.

    Here's the form code that displays the database info:

    <form action="apagar_ferramenta.php">
<?php
include("config.php");
$sql = "SELECT * FROM lista_ferramenta";
$result = mysql_query($sql);
$endselect = "</SELECT>";
$select = "<SELECT name=\"id\">";
echo ("".$select."");
$submit = "<BR><input type=\"submit\" value=\"Delete Tools\" style=\"
	color: #fff;
    font-weight:bold;
    background-color:#000000;
    border: 2px solid #fff;
	padding: 2px 5px;
	font-family: Arial, ..., serif;
	font-size: 11px;
	height: 30px;
	display: block;
	width: 350px;\">";
while ($row = mysql_fetch_array($result))
{
$option = "<option value=\"".$row[id]."\" />".$row[nome]."";
echo ("".$option."");
}
echo ("".$endselect."".$submit."");
?>
</form>
    Code (markup):
    And here is apagar_ferramenta.php code (delete_values.php):

    <?php

    
include("config.php");
$sql ="DELETE FROM lista_ferramenta WHERE id = '$_POST[id]'";
$result = mysql_query($sql);
if (!$result) {
die('Invalid SQL!: ' . mysql_error());
}
else
{
echo ("Tool Succesfully Deleted!"); }
?>
    Code (markup):

     
    Kristy24, Mar 10, 2008 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    The form's default submitting method is GET, and since you want to use POST, you have to specify it:
    
<form action="delete_values.php" method="post">
    HTML:
    Furthermore, your query string is insecure this way, because it allows SQL injection. If the ID from the database is numeric, use intval() to filter the POST variable, and if it's anything else, use mysql_real_escape_string()
    
$sql ="DELETE FROM lista_ferramenta WHERE id = " . intval($_POST['id']);
    PHP:
     
    nico_swd, Mar 10, 2008 IP
  3. Kristy24

    Kristy24 Guest

    Messages:
    118
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Nico, it worked like a charm! :D

    Thanks a lot!
     
    Kristy24, Mar 10, 2008 IP