Delete confirmation in php

Question

I'm trying to delete a record in mysql using php. What do I have to add in my code so that there will be a delete confirmation first. Because in my current code, it automatically deletes the record corresponding to the pnum inputted.

<html>
<style>
input { font-size: 16px;}
</style>

<?php include('header.php'); ?>
<div id="main_content">


</div>
<?php include('footer.php'); ?>
<head>

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="DeletebyPnumIn.php" method="post">
  <td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="9" style="background:#9ACD32; color:white; border:white 1px solid; text-align: center"><strong><font size="3">Delete In-patient</strong></td>
</tr>
<td><font size="3">Patient #:</td>
<td></td>
<td><input type="text" name="pnum" value="" maxlength="15" /><br/></td>


</tr>
<tr>
<td>&nbsp;</td>
<td>&nbsp;</td>
<td><input type="submit" name="Submit" value="Delete" /></td>
</form>
</tr>
</table>



<body>
</body>
</html>

Here is the form action:

<html>
<style>
input { font-size: 16px;}
</style>

<?php include('header.php'); ?>
<div id="main_content">

</div>
<?php include('footer.php'); ?>
<head>

    <?php
    $con = mysql_connect("localhost","root","nitoryolai123$%^");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      }

    mysql_select_db("hospital", $con);

    mysql_query("DELETE FROM t2 WHERE PNUM='{$_POST["pnum"]}'") ;

    mysql_close($con);

    echo "<script>alert('Record successfully deleted!')</script>";
    ?>

Please help.

Answer 1

There are numerous ways to provide delete confirmation, ranging from simple and haphazard to complex and robust. The simplest approach is probably a Javascript confirmation dialog. To implement this, you'll want to add the functionality on the page where they click "Delete", not on the PHP side.

For instance:

<a href="delete.php?id=<?php echo $id; ?>" onclick="return confirm('Delete this?');">Delete</a>

By the way, watch out for SQL injection. You need to sanitize your inputs before dropping POST or GET data into an SQL string.

Answer 2

The simplest way, given your current code would be just to add an onsubmit action to your form.

<form action="DeletebyPnumIn.php" method="post" onsubmit="return confirm('Really Delete?');">

or something similar.