Insert to database from form. PHP SQL

Insert to database from form. PHP SQL
0

#1

Hello. I have a problem with deleting promo code value from the database.
I have form created with php which sends(or must send) info from the form to the dcodes_action.php.
I need to send $new_row to dcodes_action.php but when I echoing this later on the dcodes_action.php page I got only “submit” in the place of $new_row value.

This is my first file:

echo '<div class="table">';
foreach ($row_arr as $new_row) {
	echo "<table id='table'>";
	echo "<tr>";
	echo "<form action='../admin/dcodes_action.php' id='form' method='get'>
	<td>
		
			<input class='delete_button' name='todelete' type='submit'><span id='code'>".$new_row."</span></input>
			
	</td>";
	echo "</tr>";
    echo "</table>";
}	
	echo "<input type='submit' value='Delete'>
	</form></div>";



echo "<form action='../admin/dcodes_action.php' id='new_code'>
		<input id='new_code_textfield' type='text' name='newcode' placeholder='Enter new code'>	
		<input id='new_code_submit' type='submit' value='Submit'>
</form>";




 


$conn->close();

?>

And I have a table of all the *promocodes but the problem is in transfering to the database.
My second destination file looks like:

if($code_to_delete = $_GET['todelete']){
echo $code_to_delete.'code to delete<br/>';

$sql_code_delete = "DELETE FROM dcodes WHERE value = ('" .$code_to_delete. "')";
if ($conn->query($sql_code_delete ) === TRUE) {
    echo "<br/>deleting code";
} else {
    echo "Wrong";
}
}

#2

First fix your document layout: you’re not closing your forms, so who knows where the browser does that for you. I doubt you need one per input either, it’s just complicating matters.

Your second blob is insecure, use a prepared statement or similar instead.


#3

When your php code runs, it produces something similar to the following html. I added my own array, since I did not have access to your array. See comments where you should be closing your forms. Also, there is no such thing as </input>, so you should remove it.

<div class="table">
  <table id='table'>
    <tr>
      <form action='../admin/dcodes_action.php' id='form' method='get'>
        <td>
          <input class='delete_button' name='todelete' type='submit'><span id='code'>Volvo</span></input>
        </td>
      <!-- missing a closing form tag here -->
    </tr>
  </table>
  <table id='table'>
    <tr>
      <form action='../admin/dcodes_action.php' id='form' method='get'>
        <td>
          <input class='delete_button' name='todelete' type='submit'><span id='code'>BMW</span></input>
        </td>
      <!-- missing a closing form tag here -->
    </tr>
  </table>
  <table id='table'>
    <tr>
      <form action='../admin/dcodes_action.php' id='form' method='get'>
        <td>
          <input class='delete_button' name='todelete' type='submit'><span id='code'>Toyota</span></input>
        </td>
      <!-- missing a closing form tag here -->
    </tr>
  </table><input type='submit' value='Delete'>
  </form>
</div>
<form action='../admin/dcodes_action.php' id='new_code'>
  <input id='new_code_textfield' type='text' name='newcode' placeholder='Enter new code'>
  <input id='new_code_submit' type='submit' value='Submit'>
</form>