Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Oct 2009
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Question Can't delete by id in mysql

    Hello, i found this snippit i've been trying to fix to delete links i put on my site. (I am working on an admin section) I want it to delete by id specifically, it does delete but it deletes in order the links were put in the database.

    Here's the code for delete.php (lists all the links)
    Code:
    <?php
    //connect to mysql
    //change user and password to your mySQL name and password
    mysql_connect("localhost","root","");
    
    //select which database you want to edit
    mysql_select_db("links");
    
       //display all the links
       $result = mysql_query("select * from links order by id");
    
       //run the while loop that grabs all links
       while($row=mysql_fetch_array($result))
       {
          //grab the title and the ID of the news
               $id = $row['id'];
               $title = $row['title'];
               $url = $row['url'];
    
    	 //make the title a link
          echo "<a target=_blank href='$url'>$title</a>&nbsp;&nbsp;&nbsp;&nbsp;<a href='delete_now.php?cmd=delete&id=$id'>Delete</a>";
          echo "<br>";
        }
    
    ?>
    Here's the code for delete_now.php (deletes the links from the database)

    Code:
    <?php
    //connect to mysql
    //change user and password to your mySQL name and password
    mysql_connect("localhost","root","");
    
    //select which database you want to edit
    mysql_select_db("links");
    
    //If cmd has not been initialized
    if(!isset($cmd))
    {
       //display all the links
       $result = mysql_query("select * from links order by id");
    
       //run the while loop that grabs all links
       while($row=mysql_fetch_array($result))
       {
          //grab the title and the ID of the news
               $id = $row['id'];
               $title = $row['title'];
               $url = $row['url'];
    
    
        }
    }
    
      if($_GET["cmd"]=="delete")
    {
        $sql = "DELETE FROM links WHERE id=$id";
        $result = mysql_query($sql);
        header("location: delete.php");
        //echo "Row deleted!";
    
    }
    
    ?>
    I am new to php any help would be appreciated.
    Thanks,
    Randy.

  • #2
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    You need to fetch the id from the GET string before you attempt your delete. Something like this:
    PHP Code:
    if($_GET["cmd"]=="delete")
    {
        
    $id $_GET['id'];
        
    $sql "DELETE FROM links WHERE id=$id";
        
    $result mysql_query($sql);
        
    header("location: delete.php");
        
    //echo "Row deleted!";


    There are several security issues with your code. 1) You're open to SQL injection, and 2) you don't confirm the delete request is coming from someone authorized to delete records, meaning anyone who stumbles across these pages can delete at will.

    Also, the whole if (!isset... section of delete_now appears to be completely useless unless I'm missing something.
    Are you a Help Vampire?

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    This is relying on an old old directive called register_globals. This will be officially terminated as of PHP6.
    Fix:
    PHP Code:
    <?php
    //connect to mysql
    //change user and password to your mySQL name and password
    mysql_connect("localhost","root","") or die('Could not connect to database!');

    //select which database you want to edit
    mysql_select_db("links");

    //If cmd has not been initialized
    /* This entire block is not necessary.
    if(!isset($cmd))
    {
       //display all the links
       $result = mysql_query("select * from links order by id");

       //run the while loop that grabs all links
       while($row=mysql_fetch_array($result))
       {
          //grab the title and the ID of the news
               $id = $row['id'];
               $title = $row['title'];
               $url = $row['url'];


        }
    }*/

      
    if(isset($_GET['cmd']) && $_GET["cmd"] == "delete")
    {
        
    // I'm assuming that $id is an integer value, likely auto-increment in origin
        
    $sql "DELETE FROM links WHERE id=" . (int)$_GET['id'];
        
    // This should be error checked:
        
        
    if (false !== @mysql_query($sql))
        {
            
    header("location: delete.php");
        }
        
    // Maybe add an error page?
        
    else
        {
            
    header('Location: errorpage.php');
        }
    }

    ?>
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 
    Been gone for a few months, and haven't programmed in that long of a time. Meh, I'll wing it ;)

  • Users who have thanked Fou-Lu for this post:

    elrando (10-26-2009)

  • #4
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,863
    Thanks
    160
    Thanked 2,224 Times in 2,211 Posts
    $result = mysql_query($sql);
    Always add proper error checks to your code while development, say for your query, changing it like
    PHP Code:
    $result mysql_query($sql) or die(mysql_error()); 
    would have shown you the issues.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #5
    New to the CF scene
    Join Date
    Oct 2009
    Posts
    2
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Smile Thanks guys working now.

    Thank you guys for helping me out. I appreciate it, I guess I have a long way to go before I reach the level of anyone here. Thanks Fou-Lu I used your code, it works perfectly.

    I'll have more questions soon.

    Randy.


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •