Wont delete db row (message) in Colorbox

Question

I'm using colorbox for my PM system. I added a trash-btn so users can delete their messages whenever they like. When the user opened his PM (colorbox) and clicks the trash-btn to delete a message, it does not delete it. While whenever I browse directly to a message and hit the button, it does work. So it only doenst work when colorbox has been opened.

Since I'm a new to this and dont know much of javascript, I would like it if anyone could help me out abit. Here's my EDITED code

read_message.php form (this opens in the colorbox)

echo '
        <div class="inboxMessage">
        <div class="inboxMessageImg NoNewMsg"></div>
        <div class="inboxMessageHeader">
        <a id="ajax" class="inboxMessageLink" onclick="showMessage('.$row['message_id'].')">'.$row['message_title'].'</a>
        <p class="inboxMessageStatus Read">'.$inboxMessageStatus_Read.'</p>
        </div>
        <div class="inboxMessageDescription">'.$inboxMessageDescription.'</div>
        <div class="inboxMessageActions">
        <form method="post" action="message/delete_message.php">
        <input type="hidden" value="'.$row['message_title'].'" name="message_title">
        <input type="hidden" value="'.$row['message_id'].'" name="message_id">
        <input type="submit" class="deleteMessageIcon" value="" name="deleteMessage">
        </form>
        </div>
        </div>';

This is delete_message.php page

<?php
include '../../includes/db_connect.php';

sec_session_start();

//Delete bericht uit db
if (isset($_POST['deleteMessage'])) {
$msgID = $POST['message_id'];
$msgTitle = $POST['message_title'];
$deleteMessage = mysqli_query($mysqli,"DELETE FROM messages WHERE message_title = '$msgTitle' AND message_id = '$msgID'") OR die(mysql_error($mysqli));
    if($deleteMessage) { 
    echo "Deleted";    
    }else{
    echo "Error - Try again";
    }
}
?>

If you need more information, please let me know so.

Thanks in advance!

PS - I know anyone is able to change the message id and title in the form so he's able to delete messages. First of all, the user needs to know the whole title of anyone elses message. Besides that, I'll create a random number which will be the message_id so its not easy to get/find the message id - IM WORKING ON IT. First, the delete function needs to work properly.

Answer 1

I think I saw your error:

if the query is returning and doing nothing is because the condition is Wrong. If you try the query in PHPMyAdmin the Query is OK, the only thing I can think is in this part:

$msgID = $POST['message_id'];
$msgTitle = $POST['message_title'];

it should be:

$msgID = $_POST['message_id'];
$msgTitle = $_POST['message_title'];

if it doesn't work make:

print_r("DELETE FROM messages WHERE message_title = '$msgTitle' AND message_id = '$msgID'");

and let us know the output