如何在php函数中删除页面中mySQL中的特定行

Question

I have a headache on how to delete a specific rows in my database from a function in a page. This is where I am stuck : I know I must use the specific ID from a row, so I put my $id in a while loop, and here I am stuck. Because I don't know how to retrieve that ID from a specific row. IN each row though, there's a "submit" button to delete it. Someone can help me out??

In my other page when I call these 2 functions :

<?php 
session_start();
include_once('connect.php');
$object = new User;
if(isset($_POST['supprimer'])) {
    $object->supprimer($id);
}
?>

<html>
    <head>
    <link rel="stylesheet" type="text/css" href="public/css/layout.css">
    </head>
    <body>
        <?php $object->showConcessionnaire(); ?>
    </body>
</html>

PHP

public function showConcessionnaire(){
            $st = $this->db->prepare("SELECT * FROM `phplogin`.`users` WHERE type='Concessionnaire'");
            $st->execute();
            echo '<form action="supprConc.php" method="post">
            <table class="tableCredit">
                <tr class="">
                    <th>Date</th>
                    <th>Nom d\'utilisateur</th>
                    <th>Mot de pass</th>
                    <th>E-mail</th>
                    <th>Cr&eacute;&eacute; par</th>
                    <th></th>
                    <th></th>
                </tr>
                ';
            while($r = $st->fetch(PDO::FETCH_ASSOC)){
                $id = $r['ID'];
                echo '<tr class="lightGray">
                    <td>'.$r['Date'].'</td>
                    <td>'.$r['username'].'</td>
                    <td>'.$r['password'].'</td>
                    <td>'.$r['E-mail'].'</td>
                    <td>'.$r['Creer par'].'</td>
                    <td></td>
                    <td><input type="submit" name="supprimer" value="X" class="logout"></td>
                    </tr>';
            }
            echo '</table></form>';
        }


    public function supprimer($id){
            $st = $this->db->prepare("DELETE FROM `phplogin`.`users` WHERE `users`.`id` = '$id'");
            $st->execute();
        }

Answer 1

One solution would be to insert a hidden input containing the ID of the row.

<input type="hidden" name="rowID" value="$id" />

Then when calling your function...

$object->supprimer($_POST['rowID']);

!! Make sure you escape your string to avoid SQL Injection!

Answer 2

Change this:

<td><input type="submit" name="supprimer" value="X" class="logout"></td>

to this:

<td><input type="submit" name="supprimer" value=".$id." class="logout"></td>

and then change your function call to:

$object = new User;
if(isset($_POST['supprimer'])) {
    $id = $_POST['supprimer'];
    $object->supprimer($id);
}

This is not entirely secure solution but more like a proof of concept to demonstrate the approach.

Answer 3

You can add hidden input field with your id:

<input type="hidden" name="id" value="'.$id.'">

of course this is on your echo and you should move form to your <td>