0

I'm trying to have a DELETE link printed alongside each $row. Also, on another page, have a "DOWNLOAD" link - they should work the same way. The problem is this: I am getting both DELETE and DOWNLOAD to print out alongside each record, but using the code I have, nothing happens or my script bails out on an error. For some reason I have the most complex features of my site up and running but this still eludes me. Here's some code:

    while ($row = mysqli_fetch_array($r,MYSQLI_ASSOC))
    {
  echo '<tr><td align="left">' .
    $row['title'] . '</td><td align="left">'
    . $row['genre'] . '</td><td align="left">'
    . $row['length'] . '</td><td align="left">'
    . $row['created'] . '</td><td align="left">'
    . $row['views'] . '</td><td align="left">'
    . "<a href='wprofile.php?id={$row['upload_id']}'>Delete</a></td> . '</td></tr>';
    }

and on the same php page I have this logic which is failing me. the example is for delete but the same fail follows for my DOWNLOAD link problem.

    if(isset($_GET['upload_id']))
    {
    $id = intval($_GET['upload_id']);

    require_once (dbconnectionpath);

    $delquery = "DELETE FROM 'upload' WHERE 'upload_id' = {$id}";
    $done = @mysqli_query ($dbc, $delquery); //run the query

    if($done) {
    if (mysqli_num_rows($done)==1) {
    echo 'Record deleted';
    }
    else{
    echo 'Delete failed';
    }

    @mysqli_free_result($result);
    }
    else{
    echo "Error! Query failed: <pre>{$dbc->error}</pre>";
    }
    mysqli_close(dbconnection);

the error I am getting is "Error, query failed"

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
V1GG3N
  • 309
  • 1
  • 6
  • 22
  • 2
    What does `$dbc->error` say? Removing the `@` might help, too. – John Conde May 11 '12 at 01:02
  • Or `mysqli_error`, for consistency – Amadan May 11 '12 at 01:04
  • good call, that error is not outputting anything, it just says "Error! Query failed: [blank space] that line was borrowed code, go figure. – V1GG3N May 11 '12 at 01:04
  • 1
    Never ever put a 'delete' link up on a GET-accessible script. One webcrawler in your site and you can kiss your data goodbye: http://thedailywtf.com/Articles/The_Spider_of_Doom.aspx – Marc B May 11 '12 at 01:51
  • interesting Marc, does this also apply for Sessions? I am not using cookies. – V1GG3N May 11 '12 at 01:58

3 Answers3

0

In your link, you appear to be setting id:

<a href='wprofile.php?id={$row['upload_id']} ...

but your code references $_GET['upload_id']. In other words, you're referencing the wrong name in your code. Either use id in the code or upload_id in the link.

One other thing though this may just be because I can't see all the HTML - you appear to have to many </td> elements in your code. Check the one at the end of your link line though, as stated, this may close off an earlier <td> that isn't shown.

If, as you mention in the comments, your "view source" is showing the link as:

<a href='newwriter_profile.php?id='>Delete</a></td>

then there's something wrong with your creation of that HTML link.

There are a number of things that could be going wrong there, the first couple that spring to mind are that your original query doesn't have update_id in it, or the ID is indeed blank for the row you're looking at.

Check the value of $row['update_id'] before generating the HTML link line, that should confirm or deny that hypothesis at least. Beyond that, you'll have to figure out why your link is incorrect.

One thing I have just noticed, which you may want to look into, is your use of quotes:

$delquery = "DELETE FROM 'upload' WHERE 'upload_id' = {$id}";

Now I know MySQL uses backticks to sometimes protect table and column names from incorrect parsing (such as with select `column with spaces` from tbl1 ...), but your code seems to have single quotes rather than backticks.

It's just one more thing to check out. It may be that the where clause in your query is comparing the literal string "upload_id" with your variable, rather than comparing the upload_id column.

That may explain why your delete is not hitting any rows since your ID is (probably) an auto-incrementing integer field, meaning it would never be equal to a non-numeric string literal.

paxdiablo
  • 854,327
  • 234
  • 1,573
  • 1,953
  • I fixed this. I'm redirected to my ahref but no id is listed. (profile.php?id=) and the record is still in the database, no errors now. REMOVED the , you were correct, but it is still bailing out on me with no errors – V1GG3N May 11 '12 at 01:18
  • @V1GG3N, that's a _different_ question and should be asked as such. The original problem is solved and you'll get a broader response if you ask a new question with newer details, rather than just leaving a comment - that will also server the SO Q&A nature better as well. However, I would do a "view source" on the page with the delete buttons to ensure the href is correctly output. – paxdiablo May 11 '12 at 01:23
  • noted, thank you I'll ask a new question. fyi Delete is my viewsource – V1GG3N May 11 '12 at 01:32
  • @V1GG3N, then your problem isn't with the link itself, it's with the generation of the href. First thing to look for: _is_ there an `upload_id` in your query? – paxdiablo May 11 '12 at 01:33
  • yes it is listed first in my SELECT, naturally it's my primary key. I was forgetting a subfolder on my a href but after correcting it the same issue remains. I'm stumped – V1GG3N May 11 '12 at 01:37
  • I repaired the broken a href by referencing upload_id in the a href and also the intval GET (upload_id). The link now points to the correct upload_id but the delete still does not take place. – V1GG3N May 11 '12 at 01:53
0

if(isset($_GET['upload_id'])) change to if(isset($_GET['id']))

and $id = intval($_GET['id']);

The HTML parameter is id, not upload_id

Alexios Tsiaparas
  • 880
  • 10
  • 17
  • I just did this, and changed to mysqli_error. Now there's no error, redirects to .php?id= ...record still in DB – V1GG3N May 11 '12 at 01:15
0

Try removing the curly brackets, beacuse when you print out the query created it shows the value of the id with curly braces which might result in not deleting the id.

This should work : "DELETE FROM upload WHERE upload_id = $id ";

to prevent the page directing to another page use preventdefault js function.

Ram
  • 26
  • 5