tags:

views:

37

answers:

3
Q: 

delete confirmation in php viewing the entry to be deleted

I have a delete form wherein the user will enter the pnum to be deleted and then it will delete the corresponding record. But I want the user to atleast see what would be deleted so I tried this code, but it doesnt seem to work:

  <?php
  $con = mysql_connect("localhost","root","nitoryolai123$%^");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("Hospital", $con);
  $result = mysql_query("SELECT * FROM t2 WHERE PNUM='{$_POST["pnum"]}'");
?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="DeletebyPnumIn.php" method="post" onSubmit="return confirm('Are you sure you want to delete "<?php echo $row["LASTNAME"]; ?>" )">

what might be the correct way of doing this?

+1  A: 

You must fetch your data using mysq_fetch_assoc for instance (of mysql_result but it's dirty imo).

And by the way : sanitize your input!

Aif  2010-03-01 14:04:05
+2  A: 

Your form is requiring the Submit action to know the contents of the to-be-deleted record before it submits. The way you've written it, this won't happen.

A javascript free way is something like this:

  • have form1 with list of possible deletions and a Submit button called submit1
  • process form1 and return form2 which shows the "Are you sure?" dialogue and has Submit button called submit2
  • process form2 and delete record

If you want to use javascript, you have to add an AJAX function to your submit button that looks up the LASTNAME value.

//sidenotes

  • you really need to sanitize your user input
  • you should probably display a list of records with all their info rather than just allow pnums to be input. That way you'll be less likely to get mistaken input and you'll already have LASTNAME available to your form
dnagirl  2010-03-01 14:12:49
Great answer to an awkward question
Scott Saunders  2010-03-01 14:17:31
+1  A: 

The code above does not include a line like:

$row = fetch_array($result);

You will need that for $row['LASTNAME'] to be set.

Otherwise, it looks like your code should work. You don't say how it doesn't work though. And it's hard to tell if this is the first page where they enter the pnum or a second page where the deletion is being confirmed. If it's the first page, you won't have the pnum to run the query on.

Instead of using javascript, you could have the original form post to a page that displays as much of the record information as you want to show the user. That page could have a simple "Are you sure..." form with buttons to delete or cancel.

Scott Saunders  2010-03-01 14:14:02

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL