Delete button with alert does not work in php

Question

If I click the delete button, then it is asking permission from me to delete the contents but after clicking, OK contents are not deleting.

In my understanding, my code can not catch the id to delete the contents.

In my browser search box it is showing :

localhost/new/tree1/view_tree.php?id=

For getting the id code is given below:

<?php
    include('connect.php');
    $result = mysql_query("SELECT * FROM descriptionoftree WHERE vis=0 order by scientificname");
    while($row = mysql_fetch_array($result))
        {
            echo '<tr>';
            echo '<td >'.$row['scientificname'].'</td>';
            echo '<td>'.$row['english_name'].'</div></td>';
            echo '<td>'.$row['banglaname'].'</div></td>';
            echo '<td>'.$row['groupname'].'</div></td>';
            echo '<td><a href="update_tree.php? id='.$row['id'].'" title="Click To Update"><strong>Update</strong></a></td>';
 ?>
    <td><a href="view_tree.php?id=<?php $row['id']?>
     "onclick="return confirm('Are you sure you want to delete?')"<strong>Delete </strong></a></td>
    <?php
        echo '</tr>';
        }   
        ?>

For deleting the row (contents) code is given below:

if(isset($_GET['id']))
   {
     $cid=$_GET['id'];
     $sql=mysql_query("DELETE descriptionoftree WHERE id='$cid'");
   }

If you are expecting PHP to respond to a JavaScript alert, you're doing it wrong. — durbnpoisn, Aug 24 '16 at 16:06
@durbnpoisn There is nothing wrong with what he did. I did it and it works. — Eisa Adil, Aug 24 '16 at 16:13
**WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user parameters are **not** [properly escaped](http://bobby-tables.com/php) and there are [SQL injection bugs](http://bobby-tables.com/) that can be exploited. — tadman, Aug 24 '16 at 17:30

score 1 · Accepted Answer · edited May 23 '17 at 12:08

1

You're not echoing your variable here.

                                   vvv
<td><a href="view_tree.php?id=<?php $row['id']?>

Add an echo

<td><a href="view_tree.php?id=<?php echo $row['id']?>

Or use short echo tag

<td><a href="view_tree.php?id=<?= $row['id'] ?>

Also, your delete query is wrong. You're missing FROM.

Should be this:

$sql=mysql_query("DELETE FROM descriptionoftree WHERE id='$cid'");

Also try reading up on SQL Injections, How can I prevent SQL injection in PHP?

Your current code is vulnerable.

edited May 23 '17 at 12:08

Community

1
1

answered Aug 24 '16 at 16:07

Phiter

12,987
14
45
77

It is being echoed by the outer echo. Its concatenated – Eisa Adil Aug 24 '16 at 16:08
What outer echo? This is HTML before the tag, not an echo. – Phiter Aug 24 '16 at 16:09
that isn't all that's wrong with that guy's code. that delete will never happen. Edit: where you added it. – Funk Forty Niner Aug 24 '16 at 16:10
1

Guess you tought I was talking about the first line with `$row['id']` XD – Phiter Aug 24 '16 at 16:10

Radames E. Hernandez · Answer 2 · 2016-08-24T16:21:25.123

You forgot make echo of your $row['id'] change this line:

<td><a href="view_tree.php?id=<?php $row['id']?>
     "onclick="return confirm('Are you sure you want to delete?')"<strong>Delete </strong></a></td>

For

<td><a href="view_tree.php?id=<?php echo $row['id']?>
     "onclick="return confirm('Are you sure you want to delete?')"<strong>Delete </strong></a></td>

and your sql for delete the row is bad, same, your have a sintaxis error, missing the word FROM, update this line:

$sql=mysql_query("DELETE descriptionoftree WHERE id='$cid'");

For

$sql=mysql_query("DELETE FROM descriptionoftree WHERE id='$cid'");

And test it

Regards

Delete button with alert does not work in php

2 Answers2