Form action not posting, via php/html
Question
I have aa problem when posting some info from a form to a delete function, I am probably going to kick my self for this but I can't find the answer.
- admin/index.php
- lib/admin_functions.php
- lib/delete_user.php
As above, I have 3 files.
The function it's self is below:
// Display users
function get_all_users() {
global $con;
$sql = "SELECT * FROM users ORDER BY id ASC";
$result = mysqli_query($con, $sql);
echo "<tr><td> </td><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td>
Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active
</td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>";
while($row = mysqli_fetch_array($result)) {
// Displaying all user details
echo "<tr><td><img height='40' width='40' src='{$row['user_photo']}'></td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .$row['zendesk_user_id']."</td><td>"
.$row['zendesk_view_id']. "</td><td>" .$row['user_firstname']. "</td><td>" .$row['user_surname']. "</td><td>" .$row['user_nickname']. "</td><td>"
.$row['is_active']. "</td><td>" .$row['is_admin']. "</td><td>" .$row['display_stats'].
// Form for deleting a user
"</td><td><form id='delete_user' accept-charset='UTF-8' action='/delete_user.php' role='form' method='POST'><input type='checkbox' value='Delete'><input type='hidden' name='user_id' value='{$row['id']}'></td></tr>";
}
echo "<tr><td> Delete Selected User(s) </td><td>";
echo "<input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td></form></tr>";
}
The above function belongs in admin_functions.php, it displays all my users with an extra column with a tick box for deletion, and at the bottom a form with the delete button.
I then have the delete_user code
<?php
session_start();
if( ! $_SESSION['loggedIn'] && ! $_SESSION['isAdmin']) {
// If not admin or logged in, die
die();
}
require_once(dirname(__FILE__).'/admin_functions.php');
require_once(dirname(__FILE__).'/../config.php');
// DELETE USER
$user_id = mysql_real_escape_string( $_POST['user_id'] );
// Insert the customer, including the password hash
$sql = "DELETE FROM users where id = '{$user_id}' limit 1";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
print "User Deleted";
mysqli_close($con);
?>
And finally on the index file, I have something that calls the function.
<?php get_all_users(); ?>
The problem I have is that the code all displays as expected, but after the warning message nothing happens. Nothing appears to get posted to delete_user.php, I see no errors in apache2 and also nothing in my console.
Any ideas?
5 answers
solution1
1 2014-08-02 14:52:31
You're not doing a valid HTML anyway :
This is what you've got :
<tr>
<td>
<form>
</td>
</tr>
<tr>
<td></td>
<td></td>
</form>
</tr>
This is what you should have :
<tr>
<td>
<form>
<table><tr><td><!-- checkbox --></td><td><!-- submit --></td></tr></table>
</form>
</td>
</tr>
EDIT: Well... I'll try to rewrite your function with a valid HTML Form :
function get_all_users() {
global $con;
$sql = "SELECT * FROM users ORDER BY id ASC";
$result = mysqli_query($con, $sql);
echo "<tr><td> </td><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td> Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active </td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>";
while($row = mysqli_fetch_array($result)) {
// Displaying all user details
echo "<tr><td><img height='40' width='40' src='" .$row['user_photo']. "'></td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .$row['zendesk_user_id']."</td><td>" .$row['zendesk_view_id']. "</td><td>" .$row['user_firstname']. "</td><td>" .$row['user_surname']. "</td><td>" .$row['user_nickname']. "</td><td>" .$row['is_active']. "</td><td>" .$row['is_admin']. "</td><td>" .$row['display_stats']. "</td>
<td>
<form id='delete_user' accept-charset='UTF-8' action='/delete_user.php' role='form' method='POST'>
<table>
<tr>
<td><input type='checkbox' value='Delete'><input type='hidden' name='user_id' value='". $row['id']. "'></td>
</tr>
<tr>
<td> Delete Selected User(s) </td>
<td><input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td>
</tr>
</table>
</form>
</td>
</tr>";
}
}
solution2
1 ACCPTED 2014-08-02 18:18:28
As per our chat conversation, am submitting the following answer in order to close the question and to be marked as solved.
You will need to make some slight HTML/table modifications. Plus, you'll need to modify it later on to be a safer method.
I didn't have time to add the extra stuff.
You also did not have any <table></table> tags.
Using the following links >>> mysqli_ with prepared statements , or PDO with prepared statements will help in regards to SQL injection.
<?php
$DB_HOST = "xxx"; // replace
$DB_NAME = "xxx"; // replace
$DB_USER = "xxx"; // replace
$DB_PASS = "xxx"; // replace
$con = new mysqli($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if($con->connect_errno > 0) {
die('Connection failed [' . $con->connect_error . ']');
}
$sql = "SELECT * FROM users ORDER BY id ASC";
$result = mysqli_query($con, $sql);
echo "<!DOCTYPE html>" . "\n";
echo "<head></head>" . "\n";
echo "<body>" . "\n";
echo "<form id='delete_user' accept-charset='UTF-8' action='' role='form' method='POST'>" . "\n";
echo "<table>" . "\n";
echo "<tr><td> User ID </td><td> Username </td><td> Email Address </td><td> Zendesk User Id </td><td>
Zendesk View ID </td><td> Firstname </td><td> Surname </td><td> Nickname </td><td> Active
</td><td> Admin </td><td> Display Stats?</td><td> Remove User </td></tr>" . "\n";
while($row = mysqli_fetch_array($result)) {
// Displaying all user details
echo "<tr><td>USER PHOTO CODE</td><td>" .$row['id']. "</td><td>" .$row['user_name']. "</td><td>" .$row['email_address']. "</td><td>" .
"</td>\n<td><input type='checkbox' name='user_id[]' value='{$row['id']}'></td></tr>" . "\n";
echo "<tr><td> Delete Selected User(s) </td><td>" . "\n";
}
echo "<input type='submit' name='submit' value='Delete My Account' onClick=\"return confirm('Are you sure you want to delete this account?')\"></td>\n</tr>" . "\n";
echo "</table>" . "\n";
echo "</form>";
echo "</body></html>" . "\n";
if(isset($_POST['submit'])){
foreach($_POST['user_id'] as $id){
$id = (int)$id;
$delete = "DELETE FROM users WHERE id = $id";
mysqli_query($con,$delete);
}
print "User Deleted";
mysqli_close($con);
}
solution3
0 2014-08-02 15:06:08
Form is being created inside the while loop, while the closing tag and the submit button is outside the loop. So there are multiple form being created and a single submit button. Ideally it should be like
Open form
While loop, create check boxes End of loop
Submit button
Close form.
solution4
0 2014-08-02 15:33:33
First of all, you are using checkboxes in your form so should declare hidden variables user_id as array
<input type='hidden' name='user_id[]' value='{$row['id']}'>
Then in your php file delete_user.php Use the following code to delete users
//echo "<pre>";print_r($_POST);exit; //check user ids using print_r() function
$user_id = $_POST['user_id'];
foreach($user_id as $userid) {
// Insert the customer, including the password hash
$sql = "DELETE FROM users where id = '$userid' limit 1";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
}
solution5
0 2014-08-02 15:36:27
您正在混合使用这两个API,它必须是mysqli_real_escape_string而不是mysql_real_escape_string 。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.