help needed with delete coding


#1

hi…i try to solve this for pass 1 week…please help me…when i hit the delete button…nothing happen…here i submit the coding…
[php]

<?php include "db1.php"; session_start(); ?> <?php if(isset($_REQUEST['delete'])){ $query ="DELETE from details where item = '.$_SESSION[item].'"; mysql_query($query) or die(mysql_error()); } ?> Untitled Document <?php $sql = "select *from details"; $query = @mysql_query($sql); $countData = @mysql_num_rows($query); $nt=mysql_fetch_array($query);?> <?php $sql = "select *from details"; $query = @mysql_query($sql); $countData = @mysql_num_rows($query); $nt=mysql_fetch_array($query);?>
  <td><?php 
		echo "$nt[acc_no] <br> ";?></td>
</tr>
<?php

$sql = “select *from details”;
$query = @mysql_query($sql);
$countData = @mysql_num_rows($query);
$nt=mysql_fetch_array($query);?>





<?php
$sql = “select *from details”;
$query = @mysql_query($sql);
$countData = @mysql_num_rows($query);
$nt=mysql_fetch_array($query);?>



<?php $sql = "select *from details"; $query = @mysql_query($sql); $countData = @mysql_num_rows($query); $nt=mysql_fetch_array($query);?>
<tr>
  <td height="30">Amount</td>

Item No <?php echo "$nt[item]
";?>
Account No
Department Code <?php
echo "$nt[depart_code]
";
?>
Description <?php
echo "$nt[descrip]
";
?>
<?php echo "$nt[amount]
"; ?>
   
Back

[/php]
thanks in advanced…

 

#2

Try putting the following text above the include statement:

[php]error_reporting(E_ALL);[/php]

And tell us what you see :) Because I have a feeling there’s a LOT wrong with that code.


#3

Also, again, stop suppressing errors with the @. That helps no one.

And please stop re-posting this same problem over and over. This is the 3rd time on the same code with the same question. If you would look to the first and second time you would see what we are asking for so we can better help.


#4

here the solution
[php]

<? include "db1.php"; $t_id=$_REQUEST['t_id']; $rec_id=$_REQUEST['rec_id']; $link=$_REQUEST['link']; $acc_no=$_REQUEST['acc_no']; $item=$_REQUEST['item']; $description=$_REQUEST['description']; $amount==$_REQUEST['amount']; if($link='delete') { $sql_delete="delete from details where rec_id='$rec_id'"; $result_delete=mysql_query($sql_delete)or die(mysql_error()); header("location:aftersave.php?t_id=$t_id"); } elseif($link='update') { $sql_update="update details set acc_no='$acc_no', item='$item', description='$description', amount='$amount' where rec_id='$rec_id'"; $result_update=mysql_query($sql_update)or die(mysql_error()); header("location:aftersave.php?t_id=$t_id"); } ?>

[/php]


#5

Maybe I am worng here, but i see 3 errors in this code. Am I wrong in this statement… here is what I see…

[php]
$amount==$_REQUEST[‘amount’];
// Shouldn’t it be –

$amount = $_REQUEST[‘amount’];

//---------NEXT ------

$link=‘update’
//&
$link=‘delete’

//Shouldn’t those be –

$link == ‘update’
//&
$link == ‘delete’

[/php]

I don’t claim to know everything about PHP, but I am just thinking these 3 things jumped out at me as they shouldn’t be working correctly. May not throw any errors, but might not doing the job correctly either.


#6

Please take a look at the COMMENTS to describe at least some of the errors.
[php]

<? include "db1.php"; $t_id=$_REQUEST['t_id']; $rec_id=$_REQUEST['rec_id']; $link=$_REQUEST['link']; $acc_no=$_REQUEST['acc_no']; $item=$_REQUEST['item']; $description=$_REQUEST['description']; ////////////////////////////////////////////////////////////////////////////// // Below line is WRONG. // == (equals equals) is an evaluate... Not Assignment // Should be // $amount= $_REQUEST['amount']; ////////////////////////////////////////////////////////////////////////////// $amount==$_REQUEST['amount']; ////////////////////////////////////////////////////////////////////////////// // Below line is WRONG. // = (equals) is Assignment Not Evaluate // The statement of --------> if($link='delete') Will ALWAYS // Evaluate to TRUE as $link will always get assigned the value of 'delete' // // Should be // if($link=='delete') // ////////////////////////////////////////////////////////////////////////////// if($link='delete') { $sql_delete="delete from details where rec_id='$rec_id'"; $result_delete=mysql_query($sql_delete)or die(mysql_error()); header("location:aftersave.php?t_id=$t_id"); } ////////////////////////////////////////////////////////////////////////////// // WRONG. = is Assignment Not Evaluate // The statement of --------> elseif($link='update') Would ALWAYS // Evaluate to TRUE as $link will always get assigned the value of 'update' // Accept that it will never get seen because the IF statement will ALWAYS // be TRUE (See above) and therefore this one won't get evaluated. // // Additionally it's not elseif in this case it's just else. elseif is used when // there is a THIRD "if" condition. // If (condition) { // blah blah // } ELSEIF (condition) { // blah blah // } ELSE { // blah blah // } // See http://us3.php.net/manual/en/control-st ... elseif.php // // Not really sure if below should be // else { $link='update'; // // or if it should be // // elseif ($link=='update') { some other conditions with a final else // // Either way there is a problem here. ////////////////////////////////////////////////////////////////////////////// elseif($link='update') { $sql_update="update details set acc_no='$acc_no', item='$item', description='$description', amount='$amount' where rec_id='$rec_id'"; $result_update=mysql_query($sql_update)or die(mysql_error()); header("location:aftersave.php?t_id=$t_id"); } ?>

[/php]

Also in my opinion, I don’t like to use the $_REQUEST method of getting passed variables. This poses a security issue in that you are not sure by which method the variable was passed. You should know if you are requesting the variable by SESSION, POST or GET (etc…) and use the appropriate super global instead of request.


#7

Added some more comments. Yes, I’m being picky about certain things, but if you really want to develop decent scripts, you can’t get away with sloppy coding.

[php]

<? /* ##### ##### ##### ##### ##### ##### ##### * Add Error Reporting For Debugging Purposes * ##### ##### ##### ##### ##### ##### ##### */ error_reporting(E_ALL); // <-- This Line! include "db1.php"; /* ##### ##### ##### ##### ##### ##### ##### * Do NOT Use $_REQUEST!! Use The Right Tool For The Right Job: - $_GET For URL Query Variables - $_POST For Form Element Variables - $_COOKIE For Cookie Variables - $_SESSION For Session Variables - $_SERVER For Server Variables Note Also That Variables Should Be Initiated Or Checked Before Being Used, And That Also Goes For Array Index Variables: http://nl3.php.net/manual/en/function.isset.php * ##### ##### ##### ##### ##### ##### ##### */ $t_id=$_REQUEST['t_id']; $rec_id=$_REQUEST['rec_id']; $link=$_REQUEST['link']; $acc_no=$_REQUEST['acc_no']; $item=$_REQUEST['item']; $description=$_REQUEST['description']; ////////////////////////////////////////////////////////////////////////////// // Below line is WRONG. // == (equals equals) is an evaluate... Not Assignment // Should be // $amount= $_REQUEST['amount']; ////////////////////////////////////////////////////////////////////////////// $amount==$_REQUEST['amount']; ////////////////////////////////////////////////////////////////////////////// // Below line is WRONG. // = (equals) is Assignment Not Evaluate // The statement of --------> if($link='delete') Will ALWAYS // Evaluate to TRUE as $link will always get assigned the value of 'delete' // // Should be // if($link=='delete') // ////////////////////////////////////////////////////////////////////////////// if($link='delete') { /* ##### ##### ##### ##### ##### ##### ##### * NOT GOOD! User Input Directly In A SQL Query! Read Up On SQL Injection @ http://nl3.php.net/manual/en/security.d ... ection.php ALWAYS Validate User Input Before Using It ANYWHERE! * ##### ##### ##### ##### ##### ##### ##### */ $sql_delete="delete from details where rec_id='$rec_id'"; $result_delete=mysql_query($sql_delete)or die(mysql_error()); /* ##### ##### ##### ##### ##### ##### ##### * Header() Location Requires A FULL Path, Including Protocol The Fact That It Works On Some Clients Is NO Excuse: http://nl3.php.net/header * ##### ##### ##### ##### ##### ##### ##### */ header("location:aftersave.php?t_id=$t_id"); } ////////////////////////////////////////////////////////////////////////////// // WRONG. = is Assignment Not Evaluate // The statement of --------> elseif($link='update') Would ALWAYS // Evaluate to TRUE as $link will always get assigned the value of 'update' // Accept that it will never get seen because the IF statement will ALWAYS // be TRUE (See above) and therefore this one won't get evaluated. // // Additionally it's not elseif in this case it's just else. elseif is used when // there is a THIRD "if" condition. // If (condition) { // blah blah // } ELSEIF (condition) { // blah blah // } ELSE { // blah blah // } // See http://us3.php.net/manual/en/control-st ... elseif.php // // Not really sure if below should be // else { $link='update'; // // or if it should be // // elseif ($link=='update') { some other conditions with a final else // // Either way there is a problem here. ////////////////////////////////////////////////////////////////////////////// elseif($link='update') { /* ##### ##### ##### ##### ##### ##### ##### * AGAIN! User Input Directly In A SQL Query! Read Up On SQL Injection @ http://nl3.php.net/manual/en/security.d ... ection.php ALWAYS Validate User Input Before Using It ANYWHERE! * ##### ##### ##### ##### ##### ##### ##### */ $sql_update="update details set acc_no='$acc_no', item='$item', description='$description', amount='$amount' where rec_id='$rec_id'"; $result_update=mysql_query($sql_update)or die(mysql_error()); /* ##### ##### ##### ##### ##### ##### ##### * Header() Location Requires A FULL Path, Including Protocol The Fact That It Works On Some Clients Is NO Excuse: http://nl3.php.net/header * ##### ##### ##### ##### ##### ##### ##### */ header("location:aftersave.php?t_id=$t_id"); } ?>

[/php]