Jump to content

$_POST problem

rascle

By rascle
in PHP Coding Help

 Share

Recommended Posts

rascle Member

rascle

Posted
Posted

Hi, I am using POST to send the id of a row in a MySQL database, this id should then be used to delete the row from MySQL, this all works fine when I use GET, but as soon as i try and use POST (for security reasons) it deletes another row.

Here is the code ($_POST):

<?php

$member = $logged['username'];
//IFMESSAGES THEN SAY OTHERWISE SAY NO 

$seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'");
$howmanymessages = mysql_num_rows($seemessages);

$seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'");
$howmanyreadmessages = mysql_num_rows($seereadmessages);  
$totalmessages = $howmanyreadmessages + $howmanymessages;
//MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL
echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>';

if(isset($_POST['delete'])){
//DELETE MESSAGE
$id = $_POST['delete'];
echo $id;
$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");
mysql_query("DELETE FROM rmail WHERE `id` = '$id'");
echo "Message has been deleted!";
}
else if(isset($_GET['inbox'])){
$username = $logged['username'];
//DISPLAY EMAILS FOR USER
//WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE
$getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC");

echo'
<table border="1">
<tr>
<td> <font size="5">Check</font> </td>
<td> <font size="5">Status</font></td>
<td><font size="5">From</font></td>
<td width="500"><font size="5">Subject</font></td>
<td><font size="5">Date Sent</font></td>
<td><font size="5">Time Sent</font></td>
<td><font size="5">Action</font></td>
</tr>
';
while($email = mysql_fetch_array($getemail)){
$id = $email['id'];
if($email['status'] == "unread"){
echo "<tr bgcolor='#666666'>";
}else{
echo "<tr>";
}
echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>';
echo '<td>';
if($email['status'] == "unread"){
echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>';
}else if($email['status'] == "read"){
echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>';
}
echo '</td>';
echo '<td>'.$email['from'].'</td>';
echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>';
echo '<td>'.$email['date'].'</td>';
echo '<td>'.$email['time'].'</td>';
echo '<td><form action="rmail.php" method="post">
<input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

echo "</font></tr>";
}
echo "</table>";
}

</html>

Here is the code with $_GET (this works but $_POST doesnt):

<?php

$member = $logged['username'];
//IFMESSAGES THEN SAY OTHERWISE SAY NO 

$seemessages = mysql_query("SELECT * FROM `rmail` WHERE `to` = '$member' && `status` = 'unread'");
$howmanymessages = mysql_num_rows($seemessages);

$seereadmessages = mysql_query("SELECT * FROM `rmail` WHERE `status` = 'read' && `to` = '$member'");
$howmanyreadmessages = mysql_num_rows($seereadmessages);  
$totalmessages = $howmanyreadmessages + $howmanymessages;
//MENU FOR USING EMAIL VIEWED ON ALL SECTIONS OF R-MAIL
echo'<div id="emailmenu"><a href="rmail.php">Home</a>|<a href="rmail.php?inbox">Inbox('.$howmanymessages.'/'.$totalmessages.')</a>|<a href="rmail.php?compose">Compose</a>| </div><br/>';

if(isset($_GET['delete'])){
//DELETE MESSAGE
$id = $_GET['delete'];
echo $id;
$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");
mysql_query("DELETE FROM rmail WHERE `id` = '$id'");
echo "Message has been deleted!";
}
else if(isset($_GET['inbox'])){
$username = $logged['username'];
//DISPLAY EMAILS FOR USER
//WHEN DISPLAYING DISPLAY LINK WITH THE ID TO VIEW THE SPECIFIC MESSAGE
$getemail = mysql_query("SELECT * from rmail WHERE `to` = '$username' ORDER BY `id` DESC");

echo'
<table border="1">
<tr>
<td> <font size="5">Check</font> </td>
<td> <font size="5">Status</font></td>
<td><font size="5">From</font></td>
<td width="500"><font size="5">Subject</font></td>
<td><font size="5">Date Sent</font></td>
<td><font size="5">Time Sent</font></td>
<td><font size="5">Action</font></td>
</tr>
';
while($email = mysql_fetch_array($getemail)){
$id = $email['id'];
if($email['status'] == "unread"){
echo "<tr bgcolor='#666666'>";
}else{
echo "<tr>";
}
echo '<td><input type="checkbox" name="'.$email['id'].'checked" class="check"></td>';
echo '<td>';
if($email['status'] == "unread"){
echo '<center><img src="/webimages/unread.gif" alt="Message Unread" width="30" height="25"></center>';
}else if($email['status'] == "read"){
echo '<center><img src="/webimages/read.gif" alt="Message Read" width="30" height="25"><center>';
}
echo '</td>';
echo '<td>'.$email['from'].'</td>';
echo '<td><a href="rmail.php?viewmail&id='.$email['id'].'">'.$email['subject'].'</a></td>';
echo '<td>'.$email['date'].'</td>';
echo '<td>'.$email['time'].'</td>';
echo '<td><a href="rmail.php?delete='.$email['id'].'">DELETE</a><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

echo "</font></tr>";
}
echo "</table>";
}

</html>

 

Any Ideas?

Thanks

Rhys

 

Link to comment
Share on other sites
wildteen88 Regular Member

wildteen88

Posted
Posted

In this code

echo '<td><form action="rmail.php" method="post">
<input type="hidden" value="'.$email['id'].'" name="delete"><input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');"><a href="viewmembers.php?user='.$email['from'].'"><img src="/webimages/eye3.gif" border="0" height="25" width="30"></a></td>';

 

Your're not closing the form. Make sure you're outputting valid HTML code, before debugging PHP. You'll want to close the form (add </form>) after

<input type="image" src="/webimages/delete.png" onclick="return confirm(\'Are you sure you want to Delete?Click Ok to proceed and Delete or Cancel if you do not want to delete!\');">

 

Also these lines

$newvalue = mysql_query("SELECT * FROM data");
$newvalue = mysql_fetch_array($newvalue);
$newvalue = $newvalue['rmailsent'];
$newvalue = $newvalue-1;
mysql_query("UPDATE data SET rmailsent = '$newvalue'");

Could be written as one line

mysql_query("UPDATE data SET rmailsent = rmailsent-1");

You may want to add a WHERE clause to that query, otherwise ALL rows within the table will be affected. I assume you have some form of id column within the data table, which relates to the email id. Your query most probably should be

mysql_query("UPDATE data SET rmailsent = rmailsent-1 WHERE email_id_field='$id'");

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.