Updating a cell

I currently show a user’s inventory as follows:

$result= mysql_query(“SELECT * FROM certnumbers WHERE owner=‘{$_SESSION[‘logname’]}’ ORDER BY id”)
or die (“Couldn’t execute select query.”);

echo “<p> </p>”;
echo “<table border=0>”;

while($row = mysql_fetch_array($result))
{
echo “<tr><th>”;
echo “<form action=‘myinv-del.php’ method=‘POST’>”;
echo “<input type=‘image’ src=‘/pix/icon-delete.png’ value=‘$row[id]’ width=20 height=20>”;

echo “</th><th>” . $row[‘id’] . “</th><th>” . $row[‘sport’] . “</th><th>” . $row[‘setdescription’] . “</th><th><center>” . $row[‘cardnumber’] . “</center></th><th>” . $row[‘playerdescription’] . “</th><th><center>” . $row[‘grade’] . “</center></th>”;
}
echo “</table>”;

I want a user to remove an item from inventory by updating the owner column in the table to NULL… so i use the myinv-del.php as follows:

$queryd = “UPDATE certnumbers SET owner=NULL WHERE id=‘$row[$id]’ AND owner=‘{$_SESSION[‘logname’]}’”;
$result2 = mysql_query($queryd)
or die (“couldn’t update owner”);

Currently when a user clicks the delete image,the mysql-del page loads but doesn’t actually update the cell. Any ideas?

Give the form field a name, for example ‘id’, and use $_POST[‘id’] in the UPDATE query.
Of course, for security reasons, you shouldn’t use user input values without validation. So validate it with mysql_real_escape_string() or whatever other validation you see fit.

Giudo - i’m just a bit confused.

The user is not actually inputting anything, i’m presenting them a list of things in a database that are assigned to them. I want to allow them to remove their name from one of the items they have.

the loop in the first section shows all the items, then the delete image has a value which is what I thought was being passed.

I’m not quite sure how to assign the “field” value you refer to. the loop may show 20 rows of items, how do i pass the id of that specific row?

The form code you posted doesn’t seem to be complete. For example, the form starting tag is inside the while loop, but the closing tag isn’t anywhere. Do you have a form for each row from your query result? Or do you have multiple rows in one form?

All data sent by a form must be considered user input. Because you can’t know if it is really coming from your form, or if someone with bad intentions sends bad data from somewhere else.

Ok… I made a few changes…
inventory display page looks like this…

$result= mysql_query(“SELECT * FROM certnumbers WHERE owner=‘{$_SESSION[‘logname’]}’ ORDER BY id”)
or die (“Couldn’t execute select query.”);

echo “<p> </p>”;
echo “<table border=0><thead><tr>”;
echo “<th>ACTION</th><th>CERT NUMBER</th><th>SPORT</th><th>SET DESCRIPTION</th><th>CARD #</th><th>CARD DESCRIPTION</th><th>GRADE</th></tr></thead>”;

while($row = mysql_fetch_array($result))
{
echo “<tr><th>”;
echo “<form action=‘myinv-del.php’ method=‘POST’>”;
echo “<input type=‘image’ src=‘/pix/icon-delete.png’ name=‘cd’ value=‘$row[id]’ width=20 height=20></form>”;

echo “</th><th>” . $row[‘id’] . “</th><th>” . $row[‘sport’] . “</th><th>” . $row[‘setdescription’] . “</th><th><center>” . $row[‘cardnumber’] . “</center></th><th>” . $row[‘playerdescription’] . “</th><th><center>” . $row[‘grade’] . “</center></th>”;
}
echo “</table>”;

then when someone clicks on the delete image the action page code looks like this…

$queryd = “UPDATE certnumbers SET owner=NULL WHERE ‘{$_POST[‘cd’]}’ AND owner=‘{$_SESSION[‘logname’]}’”;
$result2 = mysql_query($queryd)
or die (“couldn’t delete cert number”);

this actually updated the ENTIRE owner column making every row NULL and not the one with the post ID that I hoped for

its not passing the id to that row, but all id’s

Can anyone here help? My last post just above updates the WHOLE owner column to NULL instead of just the one matching the ID on the first page. I’m obviously not passing the ID correctly from the while loop on page 1 to the second page where it updates the owner.

any help would be greatly appreciated

WHERE ‘{$_POST[‘cd’]}’

You’re missing the column that’s supposed to be equal to this value.

Dan you have me more confused. The post(id) should be the id in the row that the delete image exists in.

so when its clicked isn’t it passing that id? Then i am saying to update the owner for that ID if it in fact matches the session for logged in user.

What Dan is saying is that you’re missing a piece in your WHERE statement. Look at it again.

WHERE ‘{$_POST[‘cd’]}’ what?

Don’t you need something like

WHERE id=‘{$_POST[‘cd’]}’

?

“WHERE 5” does not match the row with the value 5 in the id column, it matches all rows, because any positive number alone is boolean true.

“WHERE id = 5” matches only the row with the value 5 in the id column

Wow… I can’t believe I missed that… so simply. Thats what happens when you spend too many hours looking at the code!

I simply added the id= and viola… it works.

THANK YOU!

Wow… now this is crazy… it seems to work in firefox but doesn’t work on IE 8.

on firefox it deletes the item and shows the updated list on the new page.

on explorer it loads the new page but never deletes the item from the inventory and just shows the same list. i checked the db and there is no change there.

ideas?

Debug. Output variables (like all of $_POST) so you can see what’s going on then follow your code with those values.

Thanks dan… i’m just a couple months in as I learn to code php and mysql and i’m just getting by.

is there a site/tutorial you can suggest that provides info on your idea? I’m not quite sure where to start to debug. After all my efforts I have this running exactly as I wanted, then to find out it works in firefox and not explorer was kick a kick in the ass!

I’ve found this article recently and it looks useful
http://www.ibm.com/developerworks/library/os-debug/

Second one from my google with “php debugging” query though :wink: