Deletejoke.php

PHP
1

I have modified the deletejoke.php file from chapter 4 of

Yank, Kevin (2009). Build Your Own Database Driven Web Site Using PHP & MySQL 4th Edition (Kindle Location 69). SitePoint Pty Ltd. Kindle Edition.
to interface with a used_boats database.

The page contains a link to add new boats, display the boats with a delete button works great. I can add boats with the add boat link, but when I click the delete button, the boat does not delete, but I get no error message.

Could someone please help me?

Here is the index.php file:


<?php
if (get_magic_quotes_gpc())
{
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                array_map('stripslashes_deep', $value) :
                stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
    $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

if (isset($_GET['addboat']))
{
    include 'form.html.php';
    exit();
}

$link = mysqli_connect('localhost', 'root', 'password');
if (!$link)
{
    $error = 'Unable to connect to the database server.';
    include 'error.html.php';
    exit();
}

if (!mysqli_set_charset($link, 'utf8'))
{
    $output = 'Unable to set database connection encoding.';
    include 'output.html.php';
    exit();
}

if (!mysqli_select_db($link, 'used_boats'))
{
    $error = 'Unable to locate the boat database.';
    include 'error.html.php';
    exit();
}

if (isset($_POST['type']))
{

    $type = mysqli_real_escape_string($link, $_POST['type']); 
$BoatID = mysqli_real_escape_string($link, $_POST['BoatID']); 
$make = mysqli_real_escape_string($link, $_POST['make']); 
$year = mysqli_real_escape_string($link, $_POST['year']);
$price = mysqli_real_escape_string($link, $_POST['price']);
$city = mysqli_real_escape_string($link, $_POST['city']);
$state = mysqli_real_escape_string($link, $_POST['state']);
$details = mysqli_real_escape_string($link, $_POST['details']);
$item = mysqli_real_escape_string($link, $_POST['item']);
$boat_description = mysqli_real_escape_string($link, $_POST

['boat_description']);
$picture = mysqli_real_escape_string($link, $_POST['picture']);
switch($type) {
        case 'Sailboat':
            $Cid = 1;
            break;
        case 'Powerboat':
            $Cid = 2;
            break;
        case 'Other':
            $Cid = 3;
            break;
default: $Cid = 3;
}
$sql = "INSERT INTO boats SET  CategoryID='$Cid', 

BoatType='$type', Make='$make',
    BoatYear='$year', Price='$price', City='$city',     

State='$state', Details='$details', Item='$item', 

BoatDescription='$boat_description',
    Picture='$picture'";
            
    if (!mysqli_query($link, $sql))
    {
        $error = 'Error adding submitted boat: ' . mysqli_error($link);
        include 'error.html.php';
        exit();
    }

    header('Location: .');
    exit();
}
if (isset($_GET['deleteboat']))
{
    $BoatID = mysqli_real_escape_string($link, $_GET['BoatID']);
    $sql = "DELETE FROM boats WHERE BoatID='$BoatID'";
    if (!mysqli_query($link, $sql))
    {
        $error = 'Error deleting boat: ' . mysqli_error($link);
        include 'error.html.php';
        exit();
    }

    header('Location: .');
    exit();
}
$result = mysqli_query($link, 'SELECT BoatID, Make, BoatType, BoatYear, Price, Item, Details, Picture FROM boats');
if (!$result)
{
    $error = 'Error fetching boats: ' . mysqli_error($link);
    include 'error.html.php';
    exit();
}

while ($row = mysqli_fetch_array($result))
{
     $boats[] = array('BoatID' => $row['BoatID'], 'text' =>  $row['BoatType'] . " - " . $row['Make'] ." - " . $row['BoatYear'] . " - " . $row['Price'] . " - " . $row['Details']);
}

include 'boats.html.php';
?>

Here is the boats.html.php file:

  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
        <title>List of Boats</title>
        <meta http-equiv="content-type"
                content="text/html; charset=utf-8"/>
    </head>
    <body>
        <p><a href="?addboat">Add a new boat</a></p>
        
        <p>Here are all the boats in the database:</p>
        <?php foreach ($boats as $boat): ?><form action="?deletejoke" method="post">
                <blockquote>
                    <p>
                        <?php echo htmlspecialchars($boat['text'], ENT_QUOTES,
                                'UTF-8'); ?>
                        <input type="text" size="4" name="BoatID" value="<?php
                                echo $boat['BoatID']; ?>"/>
                        <input type="submit" value="Delete"/>
                    </p>
                </blockquote>
</form>(5) <?php endforeach; ?> 
</body>
</html>

In the form just to make sure I am getting the corredt BoatID, i made the input type “text”. I will change to hidden when I go live.

Any help will be greatly appreciated.

Thanks,

2

What error do you get?

3

As you are posting the form, you need to use $_POST instead of $_GET, like this:


if (isset($_POST['deleteboat']))
{
    $BoatID = mysqli_real_escape_string($link, $_POST['BoatID']);
    $sql = "DELETE FROM boats WHERE BoatID='$BoatID'";
    if (!mysqli_query($link, $sql))
    {
        $error = 'Error deleting boat: ' . mysqli_error($link);
        include 'error.html.php';
        exit();
    }

    header('Location: .');
    exit();
}
4

I am getting no error message, The page just reloads

I did use post, but tried $_GET to see if the BoatID would show up in the URL

5

Put this code at the top of the page to see whats getting posted:

print_r($_POST);
6

Zaggs,

This is what I get:

Array ( [BoatID] => 105 )

105 is the BoatID of the one I am deleting.

Which ever BoatID I click the delete button, the statement changes. Is it because it is an Array?

7

The part of the code that deletes the boat is never getting executed because “deleteboat” is not set. To do this, try adding a hidden field inside the form. Something like this should work:

<input type="hidden" name="deleteboat" value="1">
8

Zaggs,
I added: <input type=“hidden” name=“deleteboat” value=“1”> in the form
I now get: Array ( [BoatID] => 107 [deleteboat] => 1 )
but nothing gets deleted.

I was looking through my index.php:


<?php

print_r($_POST);  
if (get_magic_quotes_gpc())
{
	function stripslashes_deep($value)
	{
		$value = is_array($value) ?
				array_map('stripslashes_deep', $value) :
				stripslashes($value);

		return $value;
	}

	$_POST = array_map('stripslashes_deep', $_POST);
	$_GET = array_map('stripslashes_deep', $_GET);
	$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
	$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}

if (isset($_GET['addboat']))
{
	include 'form.html.php';
	exit();
}

$link = mysqli_connect('localhost', 'root', 'hv42879&I6');
if (!$link)
{
	$error = 'Unable to connect to the database server.';
	include 'error.html.php';
	exit();
}

if (!mysqli_set_charset($link, 'utf8'))
{
	$output = 'Unable to set database connection encoding.';
	include 'output.html.php';
	exit();
}

if (!mysqli_select_db($link, 'used_boats'))
{
	$error = 'Unable to locate the boat database.';
	include 'error.html.php';
	exit();
}

if (isset($_POST['CategoryID']))
{

	$type = mysqli_real_escape_string($link, $_POST['type']); 
$BoatID = mysqli_real_escape_string($link, $_POST['BoatID']); 
$make = mysqli_real_escape_string($link, $_POST['make']); 
$year = mysqli_real_escape_string($link, $_POST['year']);
$price = mysqli_real_escape_string($link, $_POST['price']);
$city = mysqli_real_escape_string($link, $_POST['city']);
$state = mysqli_real_escape_string($link, $_POST['state']);
$details = mysqli_real_escape_string($link, $_POST['details']);
$item = mysqli_real_escape_string($link, $_POST['item']);
$boat_description = mysqli_real_escape_string($link, $_POST['boat_description']);
$picture = mysqli_real_escape_string($link, $_POST['picture']);

switch($type) {
		case 'Sailboat':
			$Cid = 1;
			break;
		case 'Powerboat':
			$Cid = 2;
			break;
		case 'Other':
			$Cid = 3;
			break;
default: $Cid = 3;
}
$sql = "INSERT INTO boats SET  CategoryID='$Cid', 

BoatType='$type', Make='$make',
	BoatYear='$year', Price='$price', City='$city', 	

State='$state', Details='$details', Item='$item', 

BoatDescription='$boat_description',
	Picture='$picture'";
			
	if (!mysqli_query($link, $sql))
	{
		$error = 'Error adding submitted boat: ' . mysqli_error($link);
		include 'error.html.php';
		exit();
	}

	header('Location: .');
	exit();
}
if (isset($_GET['deleteboat']))
{
	$BoatID = mysqli_real_escape_string($link, $_POST['BoatID']);
	$sql = "DELETE FROM boats WHERE BoatID='$BoatID'";
	if (!mysqli_query($link, $sql))
	{
		$error = 'Error deleting boat: ' . mysqli_error($link);
		include 'error.html.php';
		exit();
	}

	header('Location: .');
	exit();
}
$result = mysqli_query($link, 'SELECT BoatID, Make, BoatType, BoatYear, Price, Item, Details, Picture FROM boats');
if (!$result)
{
	$error = 'Error fetching boats: ' . mysqli_error($link);
	include 'error.html.php';
	exit();
}

while ($row = mysqli_fetch_array($result))
{
	 $boats[] = array('BoatID' => $row['BoatID'], 'text' =>  $row['BoatType'] . " - " . $row['Make'] ." - " . $row['BoatYear'] . " - " . $row['Price'] . " - " . $row['Details']);
}

include 'boats.html.php';
?>

the statement: if (isset($_POST[‘CategoryID’])) before my variables. As long as that column does not contain NULL, it should be okay. I tried putting BoatID in there, but when I pressed delete. I got: Array()

I want to thank you for our your patience and help.

9

Is your form action still ‘deletejoke’?

<form action="?deletejoke" method="post">

If so, if (isset($_GET[‘deleteboat’])) won’t ever be true…

10

LSC-Rob,

That was it! Thank you so much! I didn’t catch that, but it makes sense.