Hi guys, can anyone see why the following might not work?
[php] Delete Product[/php]
I’m a bit of a newby, I’ve played around with the quote marks but cant get it working.
I can pass a variable value using a form, but struggling to get this working.
thanks kevin,
Doesnt seem to want to load the page when i try that…
here’s the full line
[php]
echo “$count.” . $row[‘ID’] . “
” . $row[‘Title’] . "
Edit Product | <a href="deleteproducts.php?<?=$row['ID'];"?>Delete Product";[/php]
[php]echo "$count{$row[‘ID’]}
{$row[‘Title’]}
<a href=“updateproduct.php”>Edit Product | <a href=“deleteproducts.php?{$row[‘ID’]}”>Delete Product";
[/php]
Hi Kevin,
Seems to run, thanks 
but my php file doesnt seem to be receiving the value… have i done it right?
[php]
$id = $_GET[‘ID’];
echo $id;
[/php]
There is other stuff in the php file but i assume it’s just this part that needs attention…
If your url is like this you do:
[php]yourpage.php?ID=55[/php]
An example:
[php]echo ‘’; // Your $id is the user input[/php]
[php]if (isset($_POST[‘id’])) {
// Your code goes here:
}[/php]
OP never specified what he is using as an id. If it is numbers only there is no reason to use urlencode. If it is something other than numbers then yes. Urlencode is for strings.
Per the docs:
Returns a string in which all non-alphanumeric characters except -_. have been replaced with a percent (%) sign followed by two hex digits and spaces encoded as plus (+) signs.
I highly doubt the OP just wants to send one id? But I could be wrong, as for urlencode being just for strings, yes I agree with you 100%. However, do you trust it just to be a number from user input?
BTW, If you know it’s just going to be a number then some other kind of check probably should be perform instead of the urlencode, for example:
[php]// Validate the ID:
if (!isset($id) || !filter_var($id, FILTER_VALIDATE_INT, array(‘min_range’ => 1))) {
throw new Exception(‘An invalid page ID was provided to this page.’);
}[/php] This would insure the integrity of the data being sent over in my opinion, never trust user input is what I go by. 
However, do you trust it just to be a number from user input?Absolutely not! As you wisely said, NEVER trust user input
BTW, If you know it's just going to be a number then some other kind of check probably should be perform instead of the urlencode, for example: [php]// Validate the ID: if (!isset($id) || !filter_var($id, FILTER_VALIDATE_INT, array('min_range' => 1))) { throw new Exception('An invalid page ID was provided to this page.'); }[/php]
Must definitely check the data. If a number is expected, test for it. There is also is_numeric but that is not strictly numbers. A better option aside from the filter example you cite is using preg_match
[php]if(!preg_match("/^[0-9]+$/", $_GET[‘ID’]) { // not valid } else { // valid } [/php]
Personally, I would just typecast the input, since an ID of 0 should never exist…
[php]
$id = (int) $_GET[‘ID’];
if (!$id) {
// not valid
}
[/php]
Hi guys,
thanks for all your posts, perhaps if I include more of my code you’ll get a better picture of what I’m trying to achieve.
[php]
CHOOSE PRODUCT BELOW TO EDIT
<?php include 'connect.php';
$result = mysqli_query($con,"SELECT Title, ID FROM pdfs ORDER by Title ASC");
$num_rows = mysql_num_rows($result);
$count = 0;
echo "<br />";
echo "<br />";
while($row = $result->fetch_assoc()){
$count++;
//echo "$count." . $row['ID'] . "<h3>" . $row['Title'] . "</h3> <a href='updateproduct.php'>Edit Product</a> | <a href="deleteproducts.php?<?=$row['ID'];"Delete Product</a> <br /> <br />";
echo "$count{$row['ID']}<h3>{$row['Title']}</h3> <a href=\"updateproduct.php\">Edit Product</a> | <a href=\"deleteproducts.php?{$row['ID']}\">Delete Product</a> <br /> <br />";
}
?>
this is the php file that is supposed to get the ID value sent from the hyperlink in my previous post, then delete a record related to that ID.
[php]<?php
//connect to the database server
include ‘connect.php’;
//get the data from the form
$id = $_GET[‘ID’];
echo $id;
//formulate the query
$result=mysqli_query(“DELETE FROM pdfs WHERE ID=’” . $id . “’;”);
//check if there is an error
if (!$result)
{
die('Error: ’ . mysqli_error());
}
else
{
echo “1 record deleted…”;
}
//close the connection
mysqli_close();
?> [/php]
Problem is the echo ID line is not displaying anything.
$id = $_GET[‘ID’];
echo $id;
Not sure why?
Personally, I would just typecast the input,
This is a bad idea. All it will do is give you a value of zero for non numeric and you will never know it failed.
Here is an example:
[php]<?php
echo $var=(int)‘a’;// ‘a’ is clearly not an integer but we now get a value of zero which is. Php is now lying to you saying ‘a’ is an integer
if (is_int($var))
{
echo “$var is Integer
” ; //Evaluates to true because ‘a’ is now zero
}
?>[/php]
The value is zero. It will not error or do anything but give you a zero.
i assume it's just this part that needs attentionDont assume anything.
if I include more of my code you'll get a better picture of what I'm trying to achieve.
If you post the complete code you will get better and proper answers than posting pieces. As you can see from my first posts with you, it changed how the code should be when you provided the entire line.
Since you didnt post your form we cannot see why there is no $_GET[‘ID’] being set.
Hi Kevin,
I don’t have a form…
The ID value is initially pulled from a database with the following code in
[php]
$result = mysqli_query($con,“SELECT Title, ID FROM pdfs ORDER by Title ASC”);
$num_rows = mysql_num_rows($result);
$count = 0;
[/php]
This is getting the value fine, as I echo the ID out with each row and it shows fine on the page… it’s just not getting to my second php page/file which is the file that will do the deleting.
<a href=“deleteproducts.php?ID={$row[‘ID’]}”>Delete Product
Now this will work:
[php] $id = $_GET[‘ID’];
echo $id;[/php]
Thanks very much… that works just fine I have much to learn