Hi, I have an inbox code for deleting messages. If i select one single message it deletes all of them. How can i fix this ? Here is my code for delete_message.php : $inboxbtn = $_POST['deleteinbox']; $outboxbtn = $_POST['deleteoutbox']; if($inboxbtn){ $selectall = $_POST['selectall'];if($selectall){ $query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");while($row = mysql_fetch_assoc($query)){ mysql_query("UPDATE messages SET to_delete='1' WHERE to_user='$user'");} echo "All messages have been deleted.";}else{ $query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");while($row = mysql_fetch_assoc($query)){ $msg_id = $row['id']; $value ="cb"."$msg_id"; $checkbox = $_POST[$value];if($value){ mysql_query("UPDATE `messages` SET `to_delete`='1' WHERE `to_user`='$user' AND `id`='$msg_id'");}} echo "The selected messages have been deleted.";} }elseif ($outboxbtn){ $selectall = $_POST['selectall'];if($selectall){ $query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");while($row = mysql_fetch_assoc($query)){ mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");} echo "All messages have been deleted.";}else{ $query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");while($row = mysql_fetch_assoc($query)){ $msg_id = $row['id']; $value ="cb"."$msg_id"; $checkbox = $_POST[$value];if($value){ mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");}} echo "The selected messages have been deleted.";}}else echo "Choose a message to delete."; Code (markup): And here is the code in inbox.php that has the checkboxes $query = mysql_query("SELECT * FROM messages WHERE from_user='$user' AND from_delete='0' ORDER BY id DESC"); $numrows = mysql_num_rows($query);if($numrows !=0){ echo "<form action='delete_message.php' method='POST'>"; echo "<div class='messages'> <div class='leftside'><input type='checkbox' name='selectall'><input type='submit' name='deleteoutbox' value='Delete' class'button'></div> <div class='rightside'>Date</div> Subject And Message <div class='clear'></div> <hr> </div>";while($row = mysql_fetch_assoc($query)){ $msg_id = $row['id']; $msg_to_user = $row['to_user']; $msg_to_id = $row['to_id']; $msg_from_user = $row['from_user']; $msg_from_id = $row['from_id']; $msg_subject = $row['subject']; $content = nl2br($row['content']); $msg_date = $row['date']; $msg_from_delete = $row['from_delete']; $msg_to_delete = $row['to_delete']; if(!$msg_from_delete){ echo "<div class='messages'>"; echo "<div class='leftside'> <input type='checkbox' name='cb$msg_id' value='$msg_id'> <a href='profile.php?id=$msg_to_id' target='_blank'>$msg_to_user</a> </div>"; echo "<div class='rightside'>$msg_date</div>"; echo "<div id='center' style='margin-left:150px; margin-right:150px;'> <span class='toggle'><a href='#' onClick='return false'>$msg_subject</a></span> <div class='hiddenDiv'> <br /><hr> <b>$smiles </b> <br><br> </div> </div>"; echo "<div class='clear'>"; echo "<br /><br /><hr>"; echo "</div></div>";}} echo "</form>";}else echo "You Have No Messages In Your Outbox" Code (markup): Then for the inbox messages it is the same as the outbox but in the inbox form. How can I fix this ?
It looks like the problem is in delete_message.php with the following bit of code: $value ="cb"."$msg_id"; PHP: and if($value){ mysql_query("UPDATE `messages` SET `to_delete`='1' WHERE `to_user`='$user' AND `id`='$msg_id'"); } PHP: The problem is that if($value) will always evaluate to true because the "cb" portion of $value is a string. A string will always evaluate to true if it is not empty. Did you write the script yourself?
@BrainyBiz has it right that said if statement is likely where it's failing... really you shouldn't be doing if ($value) there, more likely you should be doing "if (isset($msg_id))" Though that code is horrifically bad. Multiple echo doing one echo's job, mysql_ functions we've been told for NINE YEARS to stop using, will very soon be throwing warnings and in a couple years stop functioning altogether, endless pointless variables for nothing... markup's no winner either; no FIELDSET, no LABEL, stuff in the form that's not form related, no semantic relationships, clearing DIV like it's still 2001, single quotes doing double's job and vice-versa, code that is probably outputting the same ID more than once... I'm saying this WAY too often lately; throw it out and start over, there is nothing worth even trying to salvage from that mess of outdated code and broken methodologies.
Just curious where you got that number from? If I remember correctly, the yellow box started appearing mid 2012, definitely not 9 years ago.
The WARNING on the site was added in 2012 as a "nobody is listening, so let's punch them in the face about it" -- but telling us to stop using mysql_ functions started the day PDO was added to PHP 5.1... which if memory serves was 2005! Hence all the talk about the scope vulnerability of the mysql_ functions back then which contributed to them even existing? Not that ANYONE seems to be paying attention to that part of why mysql_ sucked and was vulnerable... That's when I first started hearing "stop using mysql_" -- and why I'm flabberghasted that it's still taught and so many major pieces of software have plodded on idiotically without even TRYING to start making the switchover. Honestly at this point they should just pull them altogether and stop supporting old builds that use them; it's going to take that type of "alright, if you can't be bothered **** you" to get the changeover done... NOT that most people seem to get concepts like scope restriction of connection, scope restriction of connection data, prepared queries...
Where did this talk occur thou? Was it more of general developer discussion (external of PHP.net) or was it on their mailing list/blog?
I found out that mysql_functions are deprecated when I searched for mysql_connect on PHP.net. I use mysqli_functions now. You can find discussions on this subject on stackoverflow also.
I don't really remember when I first started coding PHP, but as @deathshadow says, it was not recommended to use mysql_ back then either, however, most of the online learning places still used it, so it was sort of what you had to go with, if you were following online tutorials. I don't think I started using PDO until approx 2008-2009 or something like that - before that, I was mostly (unfortunately) using mysql_, since I wasn't really following any mailing lists or forum discussions.