Hexana Hexana - 1 year ago 90
MySQL Question

Delete Record with PHP Confirm Prompt

I am trying to present the user with a confirm yes/no prompt before deleting an author from a Mysql Database. When a user hits Delete in the authors.html.php, the controller includes a confirm.php. The confirm.php prompts the user for a yes or no to confirm. If the yes button is clicked, the confirm.php is meant to pass the id back to the controller which then checks if the action isset, and if yes, delete the author based on the id.

Unfortunately the author does not get deleted, so the issue is with the the inclusion of the confirm prompt. Without the confirm include, the script works perfectly well, but I want to figure out what is going wrong and it's all too easy to use Javascript.

Any help appreciated.

My controller: index.php

//inlcude the data connection.
include $_SERVER['DOCUMENT_ROOT'] . '/authors/includes/db.inc.php';

$result = $pdo->query('SELECT id, name FROM author'); //Rows of a result set returned by fetch are represented as associative arrays,
catch (PDOException $e)
$error = 'Error fetching authors from the database!';
include 'error.html.php';

foreach ($result as $row)
$authors[] = array('id' => $row['id'], 'name' => $row['name']);

include 'authors.html.php';

if(isset($_POST['action']) and $_POST['action'] == 'Delete') {

include "confirm.php";

if(isset($_POST['action']) and $_POST['action'] == 'Yes') {

try {
$sql = 'DELETE FROM author WHERE id = :id';
$s = $pdo -> prepare($sql);
$s->bindValue(':id', $_POST['id']);

catch (PDOException $e) {
$error = "Error deleting author.";
include 'error.html.php';

header('Location: .');

}// if yes

} // end if isset delete

The authors.html.php then displays a list of authors:

<?php foreach ($authors as $author): ?><!-- loop through the list of authors pulled from the database by the controller -->
<form action="" method="post">
<?php htmlout($author['name']); ?> <!--display a list of authors and an edit and delete button-->
<input type="hidden" name="id" value="<?php
echo $author['id']; ?>">
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Delete">
<?php endforeach; ?>

confirm.php ......

<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $author['id']; ?>">
<input type="submit" name="action" value="Yes">
<!--input type="submit" name="action" value="No"-->

Answer Source

Strictly speaking in terms of PHP, Instead of trying to process everything in a single action file (controller in MVC), what you should be doing is.. Make the second form to post to a different controller.

Say you have a form/table that contains the button/form that deletes the author. Let that form/button call a file named as confirm.php with the id of that author passed.

Inside the confirm page you render the confirm form with the yes/no input. And then this confirm.php will post to a delete.php which will check if the confirmation value is set inside the $_GET/$_POST and proceed as such.

Also on a side note I recommend that you learn some very basic javascript and use the confirm() function.

Also on a side side note, I strongly recommend that you learn some validation, sanitization, escaping, and about sessions.