rascle Posted August 15, 2010 Share Posted August 15, 2010 Hi, I am using POST to send the id of a row in a MySQL database, this id should then be used to delete the row from MySQL, this all works fine when I use GET, but as soon as i try and use POST (for security reasons) it deletes another row. Here is the code ($_POST): <?php $member = $logged['username']; //IFMESSAGES THEN SAY OTHERWISE SAY NO $seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'"); $howmanymessages = mysql_num_rows($seemessages); $seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'"); $howmanyreadmessages = mysql_num_rows($seereadmessages); $totalmessages = $howmanyreadmessages + $howmanymessages; //MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>'; if(isset($_POST['delete'])){ //DELETE MESSAGE $id = $_POST['delete']; echo $id; $newvalue = mysql_query("SELECT * FROM data"); $newvalue = mysql_fetch_array($newvalue); $newvalue = $newvalue['rmailsent']; $newvalue = $newvalue-1; mysql_query("UPDATE data SET rmailsent = '$newvalue'"); mysql_query("DELETE FROM rmail WHERE `id` = '$id'"); echo "Message has been deleted!"; } else if(isset($_GET['inbox'])){ $username = $logged['username']; //DISPLAY EMAILS FOR USER //WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE $getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC"); echo' <table border="1"> <tr> <td> <font size="5">Check</font> </td> <td> <font size="5">Status</font></td> <td><font size="5">From</font></td> <td width="500"><font size="5">Subject</font></td> <td><font size="5">Date Sent</font></td> <td><font size="5">Time Sent</font></td> <td><font size="5">Action</font></td> </tr> '; while($email = mysql_fetch_array($getemail)){ $id = $email['id']; if($email['status'] == "unread"){ echo "<tr bgcolor='#666666'>"; }else{ echo "<tr>"; } echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>'; echo '<td>'; if($email['status'] == "unread"){ echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>'; }else if($email['status'] == "read"){ echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>'; } echo '</td>'; echo '<td>'.$email['from'].'</td>'; echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>'; echo '<td>'.$email['date'].'</td>'; echo '<td>'.$email['time'].'</td>'; echo '<td><form action="rmail.php" method="post"> <input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>'; echo "</font></tr>"; } echo "</table>"; } </html> Here is the code with $_GET (this works but $_POST doesnt): <?php $member = $logged['username']; //IFMESSAGES THEN SAY OTHERWISE SAY NO $seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'"); $howmanymessages = mysql_num_rows($seemessages); $seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'"); $howmanyreadmessages = mysql_num_rows($seereadmessages); $totalmessages = $howmanyreadmessages + $howmanymessages; //MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>'; if(isset($_GET['delete'])){ //DELETE MESSAGE $id = $_GET['delete']; echo $id; $newvalue = mysql_query("SELECT * FROM data"); $newvalue = mysql_fetch_array($newvalue); $newvalue = $newvalue['rmailsent']; $newvalue = $newvalue-1; mysql_query("UPDATE data SET rmailsent = '$newvalue'"); mysql_query("DELETE FROM rmail WHERE `id` = '$id'"); echo "Message has been deleted!"; } else if(isset($_GET['inbox'])){ $username = $logged['username']; //DISPLAY EMAILS FOR USER //WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE $getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC"); echo' <table border="1"> <tr> <td> <font size="5">Check</font> </td> <td> <font size="5">Status</font></td> <td><font size="5">From</font></td> <td width="500"><font size="5">Subject</font></td> <td><font size="5">Date Sent</font></td> <td><font size="5">Time Sent</font></td> <td><font size="5">Action</font></td> </tr> '; while($email = mysql_fetch_array($getemail)){ $id = $email['id']; if($email['status'] == "unread"){ echo "<tr bgcolor='#666666'>"; }else{ echo "<tr>"; } echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>'; echo '<td>'; if($email['status'] == "unread"){ echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>'; }else if($email['status'] == "read"){ echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>'; } echo '</td>'; echo '<td>'.$email['from'].'</td>'; echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>'; echo '<td>'.$email['date'].'</td>'; echo '<td>'.$email['time'].'</td>'; echo '<td><a href="rmail.php?delete='.$email['id'].'">DELETE</a><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>'; echo "</font></tr>"; } echo "</table>"; } </html> Any Ideas? Thanks Rhys Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 15, 2010 Share Posted August 15, 2010 In this code echo '<td><form action="rmail.php" method="post"> <input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>'; Your're not closing the form. Make sure you're outputting valid HTML code, before debugging PHP. You'll want to close the form (add </form>) after <input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"> Also these lines $newvalue = mysql_query("SELECT * FROM data"); $newvalue = mysql_fetch_array($newvalue); $newvalue = $newvalue['rmailsent']; $newvalue = $newvalue-1; mysql_query("UPDATE data SET rmailsent = '$newvalue'"); Could be written as one line mysql_query("UPDATE data SET rmailsent = rmailsent-1"); You may want to add a WHERE clause to that query, otherwise ALL rows within the table will be affected. I assume you have some form of id column within the data table, which relates to the email id. Your query most probably should be mysql_query("UPDATE data SET rmailsent = rmailsent-1 WHERE email_id_field='$id'"); Quote Link to comment Share on other sites More sharing options...
rascle Posted August 15, 2010 Author Share Posted August 15, 2010 Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.