How can I delete multiple data from database using selected checkbox?

Question

I want to select one or more checkbox and when I click on "MASS DELETE" I want to delete that data and as I'm fetching this from the database will also not appear anymore. image of how the index look like

Here is my index.php (where I'm fetching the data I have and also where I will select and delete the data I want)

<!DOCTYPE html>
<html lang="en">
<head>
    <title>Document</title>
    <link rel="preconnect" href="https://fonts.googleapis.com">
    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">

    <link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&display=swap" rel="stylesheet">

    <link rel="stylesheet" href="style.css">
</head>

<body>
    <header>
        <div class="header-wrapper">
            <h1>Product List</h1>
            <div class="header-buttons">
                <a href="addproduct.php"><button><span>ADD</span></button></a>                
                <button type="submit" id="delete-product-btn"><span>MASS DELETE</span></button>                
            </div>
        </div>
    </header>

    <main>
        <div class="products-blocks">
    
            
            <?php

                include_once 'includes/model.php';
                $model = new Model();
                $rows = $model->fetch();
                $i = 1;
                if(!empty($rows)){
                  foreach($rows as $row){ 
              ?>
              <div class="products">

                <input name="checkbox[]" type="checkbox" value="<?php echo $row['link_id']; ?>">

                <h6><?php echo $row['sku']?></h6>
                <h6><?php echo $row['name']?></h6>
                <h6><?php echo $row['price']." $"?></h6>
                <?php
                if($row['size']) {
                    echo "<h6> Size: " .$row['size']."MB". "</h6>";
                }
                if($row['height']) {
                    echo "<h6> Dimensions: " .$row['height']."x".$row['width']."x".$row['length']. "</h6>";
                }
                if($row['weight']) {
                    echo "<h6> Weight: " .$row['weight']."KG". "</h6>";
                } ?>                 
   
                </div>

              <?php
                }
              }else{
                echo "no data";
            }

              ?>     
            
        </div>
    </main>

    <footer>
        <h2>Footer</h2>
    </footer>
       
</body>
</html>

Here is my model.php (where I'm putting everything so I can work as OOP)

<?php

Class Model {
  private $server = "localhost";
  private $username = "root";
  private $password = "";
  private $db = "itemslist";
  private $conn;

  public function __construct(){
    try {
        $this->conn = new mysqli($this->server,$this->username,$this->password,$this->db);
    } catch (Exception $e) {
        echo "connection failed" . $e->getMessage();
    }
  }

  public function insert() {

    if (isset($_POST['submit'])) {
      if (isset($_POST['sku']) && isset($_POST['name']) && isset($_POST['price']) && isset($_POST['size']) && isset($_POST['height']) && isset($_POST['width']) && isset($_POST['length']) && isset($_POST['weight'])) {
        if (!empty($_POST['sku']) && !empty($_POST['name']) && !empty($_POST['price']) && !empty($_POST['size']) && !empty($_POST['height']) && !empty($_POST['width']) && !empty($_POST['length']) && !empty($_POST['weigth'])) {

          $sku = $_POST['sku'];
          $name = $_POST['name'];
          $price = $_POST['price'];
          $size = $_POST['size'];
          $height = $_POST['height'];
          $width = $_POST['width'];
          $length = $_POST['length'];
          $weight = $_POST['weight'];

          $query = "INSERT INTO products (sku,name,price,size,height,width,length,weight) VALUES ('$sku', '$name', '$price', '$size', '$height', '$width', '$length', '$weight')";
          if ($sql = $this->conn->query($query)) {
            echo "<script>alert('product saved');</script>";
            echo "<script>window.location.href = 'index.php';</script>";
          }else{
            echo "<script>alert('failed');</script>";
            echo "<script>window.location.href = 'index.php';</script>";
          }
        }else{
          echo "<script>alert('empty');</script>";
          echo "<script>window.location.href = 'index.php';</script>";
        }
      }
    }
  }

  public function fetch(){
    $data = null;

    $query = "SELECT * FROM products";
    if ($sql = $this->conn->query($query)) {
      while ($row = mysqli_fetch_assoc($sql)) {
        $data[] = $row;
      }
    }
    return $data;
  }
}

?>

Where are you trying to do a delete? This also is open to SQL injections. Parameterize query and use prepared statements. The `isset` and `!empty` checks are redundant, I'd only do the not empty. — user3783243, May 27 '22 at 15:19
`if (isset($_POST['sku']) && isset($_POST['name']) && isset($_POST['price']) && isset($_POST['size']) && isset($_POST['height']) && isset($_POST['width']) && isset($_POST['length']) && isset($_POST['weight'])) {` and `if (isset($_POST['sku']) && isset($_POST['name']) && isset($_POST['price']) && isset($_POST['size']) && isset($_POST['height']) && isset($_POST['width']) && isset($_POST['length']) && isset($_POST['weight'])) {` are both not needed. — user3783243, May 27 '22 at 15:51
Oh I see your question, I have not did the delete function on my model.php because I don't know how — Matheus Berg, May 27 '22 at 15:54
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) — Dharman, May 27 '22 at 17:23

score -1 · Answer 1 · edited May 27 '22 at 17:23

-1

You will need to pass in the data ID's from the checkboxes to a prepared mass delete query. Something like this

if($_POST['mass_delete'] == 1) {
    $ids_to_delete = implode($_POST['your_ids_checked'];
    $query = $db->prepare('DELETE FROM table WHERE id IN (:ids_to_delete)');
    $query->bindParam(':ids_to_delete', $ids_to_delete);
    $query->execute();
}

edited May 27 '22 at 17:23

Dharman

26,923
21
73
125

answered May 27 '22 at 15:51

James Morey

1
2

but my page with my delete button will have to be inside a
?
– Matheus Berg May 27 '22 at 16:02
This code has a lot of errors. What exactly are you trying to demonstrate? – Dharman May 27 '22 at 17:24

How can I delete multiple data from database using selected checkbox?

1 Answers1