Hi,

I'm trying to delete multiple values from a MySQL table using checkboxes. however, no matter what code I use (foreach or while) only the first item in the checkbox is being deleted, it's like it's not looking through. Code is:

if (isset($_POST['delete'])) {
delete($delete);
}
<form action="'. $PHP_SELF .'" method="POST">
<input type="checkbox" name="delete[]" value="1">
<input type="checkbox" name="delete[]" value="2">
<input type="checkbox" name="delete[]" value="3">
</form>

function delete($delete){
	global $feedback;
	$delete=$_POST['delete'];
	if (!$delete){
	$feedback .=' ERROR - Nothing Selected ';
	return false;
		} else {
		foreach ($delete as $val) {
		$result = mysql_query("DELETE FROM `test` WHERE `id` = '$val'")
		or die(mysql_error());
		if (!$result || mysql_affected_rows() < 1){
		$feedback .=' ERROR - Unable To Delete ';
		return false;
			} else {
			$feedback .=' SUCCESS - Vendor Deleted ';
			return true;
			}
		}
	}
}

I've also tried changing

foreach ($delete as $val) {

to

foreach ($_POST['delete'] as $key => $val) {

and

while(list($key,$val) = each($delete)) {

however, each produces the same result, only a single entry from the database is deleted!

Can anyone suggest how to get this working?

Thanks

Ben

    Your returns are prematurely ending your DELETE loop. Set a flag or something and return that after the loop.

      Or even better, use [man]implode/man and only run a single DELETE statement with an IN clause.

      Also, don't forget about data sanitization if you go this route (e.g. using [man]array_map/man or something similar to apply [man]intval/man, assuming your ID's are integers, to the user-supplied data).

        Hi,

        Thanks for the replies.

        Those damn returns! I've been caught out with this before, I should have known!

        As for implode(), I assume you mean something like:

        $result=mysql_query(DELETE FROM test WHERE idIN ('. implode(', ', $delete).')')
        or die(mysql_error());

        And remove the foreach argument altogether. Would this work?

        Ben

          bjblackmore wrote:

          Would this work?

          Try it out and see. 🙂 By the way, why do you have $delete as a parameter, but then just replace it with $_POST['delete'] in the body of the function?

          Also, don't forget about the data sanitization I mentioned above, as you should never place user-supplied data directly into a SQL query string.

            I tend to use variables like $delete rather than $_POST['delete'] as it's quicker/easier to type, and doesn't have any quote marks, so there's less room for mis-types. But in the above example I was trying everything to get it working.

            I'll add the user sanitization now, I was trying to keep it less complicated, to make debugging easier, until I get the whole function working, then I can add to it!

            Oh, and the implode() worked by the way :-)

              bjblackmore;10959457 wrote:

              I'll add the user sanitization now, I was trying to keep it less complicated, to make debugging easier, until I get the whole function working, then I can add to it!

              While I understand the practice of making a simple working example and then add more functionality/complexity, I'd recommend against doing that for input validation & sanitizing. If you deal with user input properly from the start, you run no risk of forgetting it later on.

                Write a Reply...