I am trying delete data from table, the form method is post. The url http://localhost/RustoleumCustomCMS2/administrator/input_image.php?mode=delete&id=0 (passing mode = delete and id = 0). I wonder why nothing happen. It suppose to delete a row in the database.


    $id = isset($_POST['id']) ? $_POST['id'] : '';  
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $image = isset($_POST['image']) ? $_POST['image'] : '';
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  

    //Hapus image

    if (!empty($_REQUEST['mode'])&& !empty($_REQUEST['id']) && $_REQUEST['mode'] == "delete"){
        $id = $_REQUEST['id'];
        $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());

        $confirmation = $result ? "Data successfully deleted." : "fail to delete data."; 

Recommended Answers

All 6 Replies


What does the mysql_error() return at that point?

it doesn't return anything. I guess it doesn't bypass the condition.

Try this please

if(isset($_GET['mode']) && !empty($_GET['mode']) && $_GET['mode']) == "delete"){
    $id = $_REQUEST['id'];
    $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());
    $confirmation = $result ? "Data successfully deleted." : "fail to delete data.";

A few notes here:

  1. You mix GET and POST method. From URL it seems like your intention is to use GET, from the code it seems like you wanted to use POST; it is nothing wrong with mixing methods but do not do it if not realy needed since it is harder to control
  2. It is recommended to avoid $_REQUEST combined array. It is again not wrong if you use it but only if it is necessary and are careful. $_REQUEST contains data from $_GET, $_POST and $_COOKIE arrays and it might happen that you have same keys in them thus overwriting values.
  3. It is not recommended to use GET method for deleting. It is semantically wrong but more importantly the deleting URL gets cached and can do damage later on (intentionally or unintentionally).
  4. Escape values before using them in a query.

szabizs correctly spotted the error and suggested solution to existing code. I usually have to add my raving about security since this is my field of work :-) (and I had to learn it a hard way).

commented: That is correct, I've wanted just to help out him :) +3

It works. Does id == 0 consider empty ? I am trying figure what i did wrong.

The manual for empty says:

Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE.

The following things are considered to be empty:

"" (an empty string)
0 (0 as an integer)
0.0 (0 as a float)
"0" (0 as a string)
array() (an empty array)
$var; (a variable declared, but without a value)

So 0 is empty (sounds a bit strange to me, we need to be careful with this function).

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.