Hello,

I do not know if I fully comprehend the use of post. My understanding was that because $_POST was a superglobal, the values set applied to all pages after having been set. Here is the problem I am facing.

1) User enters an id number into field to delete x record:

<form action="update_delete.php" method="post">
       Player I.D. <input type="text" name="pid" maxlength=10 size=5><br>
<input type="Submit" value="Delete" name="Delete">
<input type="Submit" value="Update" name="Update">
</form>

2) Information is called and used in delete query:

$pid = $_POST['pid'];
@$delete = $_POST['Delete'];
@$update = $_POST['Update'];

if(isset($update))
{
  //Do update here..
}
else
if(isset($delete))
{
  $sql = "DELETE FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection)
  or die("Database query failed: " . mysql_error());
  echo "Row deleted!";
}

3) Value of pid reported to user:

@ $pid = $_POST['pid'];
?>
<html>
<body><br><br>
Record(s): <?php echo "$pid" ?> have been deleted.
</body>

</html>

My problem ends in step 3 where the record is reported back. The $pid variable is not echoed and I see no feedback suggesting that $pid was not set. Perhaps there is something wrong in the code on step 3?

Well, firstly, for all that is good in the world, please, please stop using @. Secondly, you already have pid, why assign it again?

Are these three seperate documents? If os the post values will only be passed onto the document you secify in the action attribute of your form after you move from this page the post data is destroyed.

If you need to move the data from the second page to the third try using the get method (will have ?pid=playerid in your title) or if you want it to be more professional create a cookie and then call it when you are on your third document.

In this bit...
Aren't you already sending a message to the user with the echo?
why not include the $pid var in the echo?

{
  $sql = "DELETE FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection)
  or die("Database query failed: " . mysql_error());
  echo "Row $pid deleted!";
}

or for a little more flexibility...

{
  $sql = "DELETE FROM player WHERE id = {$pid}";
  $result = mysql_query($sql, $connection)
  or die("Database query failed: " . mysql_error());
  $deleteMsg = "Row $pid deleted!";
}

Then you can plop the variable $deleteMsg into any area on that page where you would like it to appear rather than right in the spot where it was echoed.

Another thought...kill the mysql_error() reporting bit. Error reporting in a "live" site can give away too much info to the nasties. If you feel there is a benefit to reporting errors to the user, develop a little code to yourself...ie "Database query failed: Error Message 123. Please contact the system administrator". You know what Error Message 123 is, but they don't.

PS...re-read your initial forum post... the $_POST variable is more secure than the $_GET variable (cannot see $_POST in url), however, you still have to declare it in the "action" page:

$thisVariable = $_POST['thisVariable'];
if($thisVariable) {
// make it dance...
}
This article has been dead for over six months. Start a new discussion instead.