Hello, I'm autodidact and begginer in programing. So I created a file to try to edit and delete my posts but I have no idea what is wrong with my code.
The code is:


<?php
include('connect.php');

if (isset($_POST['delete'])) {

$apagar=mysql_query("DELETE FROM editor WHERE id=$id");
$rows=mysql_fetch_assoc($apagar);
echo "Text updated";
}



if (isset($_POST['update'])) {
mysql_query("UPDATE editor SET message = '$_POST[message]' WHERE id = '$_POST[id]'");
echo "Text updated";
}else{echo 'Text updated';}


?>
Waiting for your help, thanks.

Some suggestions -

1) Set php's error_reporting to E_ALL and display_errors to ON, in the php.ini on your development system, to get php to help you by reporting and displaying all the errors it detects. You would be getting errors at the $id variable, which doesn't exist, and the mysql_fetch_assoc() statement, there's no data to be fetched following a DELETE query.

2) The mysql_ extension is obsolete and has been removed from the latest php version. You need to use either the PDO or mysqli extension, so that your code is up to date and will continue to work in the future. The PDO extension is more constant and easier to use than the mysqli extension.

3) You need to ALWAYS detect and handle errors with database statements. If you use php itself to do this, you don't have to write extra code for every statement that can fail. Both the PDO and mysqli extension support using exceptions for errors. If you simply enable exceptions for errors in either the PDO or mysqli code, php will handle the exceptions that will get thrown when an error occurs and use the error_reporting and display_errors settings (see item #1 in this list) to determine how the error information will be reported/displayed.

4) You need to ALWAYS protect against sql injection in data values being put into sql query statements. The most secure way of doing this is to use prepared queries with bound input parameters (place-holders) to supply data to the sql query statement. Both the PDO and mysqli extensions support prepared queries.

5) You need to ALWAYS validate input data before using it. For your DELETE query, if there is no valid, integer, id, input value (and the current visitor has permission to be deleting things), you should not run the sql query. For the UPDATE query, the same conditions for the id for the DELETE query would apply and there needs to be a valid message (not empty) before running the sql query.

6) Messages your code produces should be unique and descriptive. You are echoing 'Text updated' in three different places. That won't help you or anyone using your code know exactly what your code did.

7) Your code REQUIRES the connect.php code in order to do anything. You should use 'require' instead of 'include'. The ( ) around the file name is not required (php pun intended.)

8) You should form the sql query statement in a php variable. This supports debugging, since you can echo the sql query statement to see what it actually is and copy/pasted it into a query tool to run it directly against your database, and leads to writing general purpose code, where the repetitive statements needed to (prepare, bind input data, and) execute a sql query statement can be put into a function or class method.

9) We are not sitting there with you. When you tell us that something doesn't work, we have no idea what that means. You need to specifically tell us or show us what result or error you got that leads you to believe that something didn't work and if it's not glaringly apparent from that result what is wrong with it, tell us what the expected result should have been.

10) The most important suggestion for writing code that does what you expect, is to define what inputs you have/need, what processing you are going to do based on each of those inputs, and what result you are going to produce, both when the code does what you expect, and when it fails. This helps you to write just the code you need (you won't have things like fetch statements after a DELETE query) and helps you debug the code when it doesn't work because you will have a statement of what the code and data should be doing, so that you can find where it deviates from the definition to locate where the problem is at.

Could someone correct my code and post here? Cause I dont know what I could do. Thanks

Nothing?

After you implemented the suggestions that have already been given, what sort of error or symptom did you get, that would help those reading this to further help you?

Debugging code is a closed-loop process. The exact symptom you get from your code suggests the next course of action to take to find the cause of a problem. Without any feedback from you, it's not possible to even narrow down the problem to the correct part of the process. The problem could be anywhere between a mistake in the html markup for your form to the method you are using to look at the result.

at first between the many problems the server gave me one was "id not defined", so I someone in other site sujest me to try this $id = (int)$_POST[id], I did and no more error message was shown but my form stil do not work, if I click the buttons "delete" or "update" Nothing happens.
To show the dates from the database and my form I have other file, maybe must be there the problems. Here is the code of the other file:

<?php
include('connect.php');

function activateUrlStrings($str){
$find = array('`((?:https?|ftp)://\S+[[:alnum:]]/?)`si', '`((?<!//)(www\.\S+[[:alnum:]]/?))`si');
$replace = array('<a href="$1" target="_blank">$1</a>', '<a href="http://$1" target="_blank">$1</a>');
return preg_replace($find,$replace,$str);
}


$getquery=mysql_query("SELECT * FROM editor ORDER BY id DESC");
$rows=mysql_fetch_assoc($getquery);


while($rows=mysql_fetch_assoc($getquery))
{
include('delete.php');

$id=$rows["id"];
$comment=$rows["message"];
$titre=$rows["titre"];
$comment=activateUrlStrings($comment);


echo
'<div style="border:2px solid #a1a1a1;
padding:3px 10px;
background:#333333;
border-radius:12px;"
>'.

'<br>'.$titre.'<br>'.'<font size="3" color="#FFFF99">'.

'<textarea id="textarea" name="message">'.$comment.
'</textarea>'.'</font>'.'<br>'.'<input type="submit" name="update" value="Update">' .'<input type="submit" name="delete" value="Delete">'.
'</div>';
}

?>
Thanks

The above code does contain an error that would cause the first row of data be discarded/missing when you display the data.

Why do you have this line in your code - $rows=mysql_fetch_assoc($getquery);?

The reason my reply is in the form a question (Jeopardy theme music playing in the background), is because you must know what the lines of code you are using actually do, so you will know what they contribute to the goal you are trying to accomplish, to even know if they belong in your program. In this case, this line of code doesn't belong.

What I get is you are trying to program by copy/pasting things you have seen or doing things that others tell you to do, without actually first learning the meaning of what you are doing. That's not programming, that's mimicking/counterfeiting. You must actually learn what each statement in each line of code does, so that you can write code that does what you want.

If the above code is your 'form' for the update/delete process, there's no way your code will work. There's no apparent <form> tag and there's no form field with name='id' and value='$id' attributes that would supply the id value to the form processing code. It's also outputting multiple textarea's with the same name='message' attribute. I suspect the above code is supposed to be retrieving ONE row, based on a $_GET['id'] value, in which case it should not contain any loop, and the sql query should contain a WHERE clause to match the correct row.

Best advice at this point, don't copy/paste or just follow along with things someone has told you to do. Define what you want your code to do for each operation and write just the code you need to accomplish your definition (please read/reread item #10 in the list I posted above.)

I already posted a problem here in other section and it was so easy and fast to solve it... but ok for my this is a kind of hobby, even if it is annoyng when It takes so long for find the solutions. As I'm always lerning I continue.
No there are no many textareas with the name "message", there are only one textarea fild on my code. And there no id fild because as everyone does it is autoincrement, why should a form ask for the person put and id?
I gonna try to put the tag '<form>' there to see if it works, even if I realy don't believe!