dimanche 22 novembre 2015

How to delete an HTML table row that's generated by php and sql using checkboxes

I am trying to delete -- using checkboxes -- an HTML table row/s populated by SQL data using PHP. I am new to this, so I would appreciate any improvements to my code. (especially SQL-injection, which I read quite a few times while researching)

Part of HTML with a table - inv_main.php

...
<div class="mid">
    <h1>Inventory</h1>
        <div class="content">
            <!-- buttons -->
                <div class="inv_btn">
                    <a href="add_form.php" type="button">Add</a>

                    <!-- button to press to delete ticked checkboxes -->
                    <form action="inventory.php" method="post">
                        <input name="delete" type="submit" id="delete" value="Delete"/>
                    </form> 

               </div>

            <!-- TABLE -->
                <div id="inv_tbl">                  
                    <table class="table table-striped" id="tblSearch">
                        <thead>
                            <tr>
                                <th>Product Name</th>
                                <th>Supplier Name</th>
                                <th>Category</th>
                                <th>Unit Price</th>
                                <th>Retail Price</th>
                                <th>Est. profit per unit</th>                     
                            </tr>
                        </thead>

                        <tbody>
                            <?php foreach($allInfo as $info): ?>
                                <tr>
                                    <td> <?= $info['product'] ?> </td>
                                    <td> <?= $info["supplier_name"] ?> </td>
                                    <td> <?= $info["category"] ?> </td>
                                    <td>$ <?= $info["unit_price"] ?> </td>
                                    <td>$ <?= $info["retail_price"] ?> </td>
                                    <td>$ <?= number_format(($info["unit_price"] - $info["retail_price"]), 2) ?></td>
                                    <td><input type="checkbox" name="checkbox[<?= $info['product'] ?>"] id="checkbox[]" value="<?= $info['product'] ?>" method="post"/></td>

                                </tr>
                            <?php endforeach ?>    
                        </tbody>
                    </table>
              </div>
        </div>
</div>
...

PHP - inventory.php

<?php
    /**
     *  inventory.php
     *  configures the inventory page.
     */

    // configuration
    require("../includes/config.php");
    require("../includes/render_dash.php");

    // if user reached page via GET...
    if($_SERVER["REQUEST_METHOD"] == "GET")
    {
        // get all the info from the inventory database
        $allInfo = [];
        $getInfo = query("SELECT * FROM inventory WHERE id = ?", $_SESSION["id"] );
        foreach($getInfo as $info)
        {
            $allInfo[] = [
                "product" => $info["product"],
                "unit_price" => number_format($info["unit_price"], 2),
                "retail_price" => number_format($info["retail_price"], 2),
                "supplier_name" => $info["supplier_name"],
                "category" => $info["category"],
            ];
        }


        // render HTML
        render("inv_main.php", ["title" => "Inventory", "allInfo" => $allInfo ] );
    }

Note the 'form' right after the comment <!-- button to press to delete ticked checkboxes --> and the last table data inside the tbody tag.

I already saw similar questions but I still can't figure it out. If it helps, my PRIMARY KEYS in the inventory database are the user's id and product. The id is used for the $_SESSION, so using that would delete all the inventory data for, say user id #30 so I'm trying to reach the product, which is a string.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)