This question already has answers here:
How can I get useful error messages in PHP?
(41 answers)
Closed 4 years ago.
I have a problem with a project made with PHP and MySQL.
I want to delete a row from my document but I can't.
It's very strange because when I click my button delete, he goes to index.php but it doesn't delete the row from the database.
if(isset($_POST['delete'])){
$sql = "DELETE FROM account WHERE idAccount = '".$id."'";
$result = $conn->query($sql);
header("location: index.php");
}
Try this, you have inserted ' after ".$id."
if(isset($_POST['delete'])){
$sql = "DELETE FROM account WHERE idAccount = ".$id."";
$result = $conn->query($sql);
header("location: index.php");
}
or
if(isset($_POST['delete'])){
$sql = "DELETE FROM account WHERE idAccount = '".$id."'";
$result = $conn->query($sql);
header("location: index.php");
}
As #nico-haase already mentioned your statement is wrong:
$sql = "DELETE FROM account WHERE idAccount = ".$id."'";
evaluates to (check the trailing quote):
DELETE FROM account WHERE idAccount = NUMBER'
Additionally I agree #ramraider that it's one big sql injection here. You should sanitise your input at minimum (int $_POST['id']) or use PDO at best.
Related
This question already has an answer here:
PHP PDO how to run a multiple query request?
(1 answer)
Closed 3 years ago.
I am trying to delete records from tables matching users ID while i delete the user. but somehow it deletes records only from the cv table.
what i am trying is
if($_GET['deluser'] !='1'){
$qr = "delete from members where member_id IN(".$_GET['deluser'].")";
$qr = "delete from company where caller_id IN(".$_GET['deluser'].")";
$qr = "delete from cv where agent_id IN(".$_GET['deluser'].")";
$st = $db->prepare($qr);
$st->execute();
header('Location: users.php?action=DELETED');
exit;
what could i be doing wrong?
In your case you overwrite the value in $qr every time so you need to execute it, everyone of them separately,
you need also to fix the SQL injection problem so you can fix it
by using bind your data in the execute method or by using bindParam
first, you need to add ? with the same number of input you want to pass
you can check how it work here in this answer
$in = str_repeat('?,', count(explode(',', $_GET['deluser'])) - 1) . '?';
$qr = "delete from members where member_id IN($in)";
$st = $db->prepare($qr);
$st->execute(explode(',', $_GET['deluser']));
$qr = "delete from company where caller_id IN($in)";
$st = $db->prepare($qr);
$st->execute(explode(',', $_GET['deluser']));
$qr = "delete from cv where agent_id IN($in)";
$st = $db->prepare($qr);
$st->execute(explode(',', $_GET['deluser']));
You can read more about BindParam and Execute in the docs
This question already has answers here:
PHP Mysql delete Query not working properly
(3 answers)
Closed 3 years ago.
I tried to delete user from mysql database with this code
if (isset($_POST['user_delete'])) {
$key = $_POST['keyToDelete'];
$check = "DELETE FROM user WHERE id = ". $key or die(mysqli_error($connection));
$result2 = $connection->query($query);
if($result2->num_rows >0){
$query_delete = "DELETE FROM user WHERE id =". $key or die(mysqli_error($connection));
var_dump($query_delete);
} else {
}
but it don't want to delete my database. but the sql already right and I also got the id because I tried to var_dump it. please help what was wrong with my code
You have a few issues here,
Your or die(mysqli_error($connection)) is to the querystrings, not the actual queries. Besides, instead of manually checking for errors it's much better to configure to throw errors automatically. For this add the following line to the connection code:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
You attempt to delete it twice? Though the second query is never executed, you just define the querystring (and never run it).
num_rows is only usable on select-statements. You want affected_rows to check if the query actually deleted any data.
You're not using a prepared statement.
if (isset($_POST['user_delete'])) {
$key = $_POST['keyToDelete'];
$query = "DELETE FROM user WHERE id = ?";
$stmt = $connection->prepare($query);
$stmt->bind_param("s", $key);
$stmt->execute();
if ($stmt->affected_rows) {
echo "Deleted ".$stmt->affected_rows." rows";
} else {
echo "No rows matched the criteria.";
}
$stmt->close();
}
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I'm new to coding and I'm using php and mysql to make a admin panel to show clients data from a form.
Now I want to make a button to show wether the data has been processed or not.
The idea is, I have a column named star and if star == read that display "green" and if star =! read display "red".
Then if the button is pressed, if star == read update to unread but if star =! read update to read.
I have the button like this:
<td>star</td>
And read.php like this:
<?php
include("db.php");
$id = $_GET['id'];
$query = "UPDATE users SET star='read' WHERE id = '$id'";
mysqli_query($link, $query) or die('Database error!');
header('location:admin_main.php');
?>
This just updates the row to read and doesn't have the ability to become unread again.
But I don't know how to formulate the if statements.
If anyone has any suggestions, that is much appreciated.
EDIT
To show a bit of what I tried:
I added a new column to the data sheet:
<td>".$star."</td>
And then I tried to use the code below to check the database:
$query = "SELECT star FROM users";
$selectie = mysqli_query($link, $query) or die($query."<br>".mysql_error());
if($selectie == 'read') {
$star = 'read';
} else {
$star = 'unread';
}
And for the read.php:
<?php
include("inc/verbinden.php");
$id = $_GET['id'];
$query = "SELECT star FROM users";
$selectie = mysqli_query($link, $query) or die($query." <br>".mysql_error());
if($selectie == 'read') {
$query = "UPDATE users SET star='unread' WHERE id = '$id'";
mysqli_query($link, $query) or die('Database error!');
} else {
$query = "UPDATE users SET star='read' WHERE id = '$id'";
mysqli_query($link, $query) or die('Database error!');
}
header('location:admin_main.php');
?>
But I realize that the if/else is wrong.
You're almost there. What you missed is looping over (successful) results, such as using a while loop for instance:
Side note: I added (int) for the GET array which helps to safeguard against a possible SQL injection and corrected the use of mysql_error(). That api does not intermix with the mysqli_* api.
<?php
include("inc/verbinden.php");
if(!empty($_GET['id'])){
$id = (int)$_GET['id'];
}else{
echo "The GET array is empty.";
exit; // Stops further execution.
}
$query = "SELECT star FROM users";
$selectie = mysqli_query($link, $query) or die($query." <br>".mysqli_error($link));
while($row = mysqli_fetch_array($selectie)){
if($row['star'] == 'read') {
$query = "UPDATE users SET star='unread' WHERE id = '$id'";
mysqli_query($link, $query) or die('Database error!'); // use mysqli_error($link)
}else{
$query = "UPDATE users SET star='read' WHERE id = '$id'";
mysqli_query($link, $query) or die('Database error!'); // use mysqli_error($link)
}
}
header('location:admin_main.php');
exit; // Stops further execution.
Note: You could substitute mysqli_fetch_array() with mysqli_fetch_assoc().
Also, it's best to use mysqli_affected_rows() when using UPDATE in order to get actual truthness.
You can read up on those functions:
http://php.net/manual/en/mysqli-result.fetch-array.php
http://php.net/manual/en/mysqli-result.fetch-assoc.php
http://php.net/manual/en/mysqli.affected-rows.php
One thing to note though is that read and Read, as well as unread and Unread are two different animals. So make absolutely sure that those are indeed the values in your database as well is what is going in the database.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
php - check record exists db - error show
I am currently trying to add a user to the database. I want to to check if the user exists, and IF SO, then just update a few fields. If IT DOESNT, then it should completely insert a new record.
$result22 = mysql_query("SELECT COUNT(1) FROM newsite WHERE user = '$username'");
if($result22){
$SQL = "UPDATE newsite SET active = '1' WHERE user = '$username'";
$_SESSION['username'] = $_GET['user'];
$result = mysql_query($SQL);
echo("lol."); // TEST
header("Location: ./share.php?user=$username");
}
if(!$result22){
$SQL = "INSERT INTO newsite (user, active) VALUES ('".$username."', '1')";
$_SESSION['username'] = $_GET['user'];
$result = mysql_query($SQL);
echo("NOPE."); //TEST
header("Location: ./share.php?user=$username");
}
}
I'm not really sure why, but no matter what it ALWAYS outputs "lol." (aka, the user exists.) it completely ignores the other if.
$result22 = mysql_query("SELECT COUNT(1) FROM newsite WHERE user = '$username'");
if($result22){
Unless you have error in your SQL code, mysql_query returns resultset that is always resolved to true
Also:
Please, don't use mysql_* functions in new code. They are no longer maintained and the deprecation process has begun on it. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
You can also use the mysql_num_rows function, which returns the number of row of the last result set
if(mysql_num_rows()>0)
{
}
I want have an insert query, but before inserting I check whether the username and email are used by someone else. If used, I want to cancel insert query and echo a message to say whether username or email is in use.
Here my code:
$sql = "SELECT 1 FROM user WHERE username='".$_POST['username']."'";
if(!$result = mysql_query($sql))
die(mysql_error());
while($row = mysql_fetch_array($result))
die('This username is already exists');
$sql = "SELECT 2 FROM user WHERE email='".$_POST['email']."'";
if(!$result = mysql_query($sql))
die(mysql_error());
while($row = mysql_fetch_array($result))
die('This email address is already exists');
$sql = "insert into user (username,email,password,tel,type) values ('".$_POST['username']."','".$_POST['email']."','".$_POST['password']."','".$_POST['telnumber']."','member')";
if(!mysql_query($sql))
die(mysql_error());
I want these three sql statements in one. It can be either using cases or something else that you suggest. So,
Is it possible to zip this code into one sql query?
As a result what I need is
sql = "sql_query"
if(!$result = mysql_query($sql))
die(mysql_error());
while($row = mysql_fetch_array($result)){
if($row['result']==1)
die('This username is already exists');
else if($row['result']==2)
die('This email is already exists');
}
die('you have succesfully registered');
thanks for any advice.
While I suggest you follow #cularis' answer, you may be interested in the following alternative:
Give email and username the UNIQUE constraint, by creating a unique index for both of these.
run your INSERT query, and if this fails... (due to duplicate keys)
run the suggested combined SELECT, to determine which field existed (username or email)
You can combine the first two queries like this:
$sql = "SELECT * FROM user WHERE username='".$_POST['username']."' OR email='".$_POST['email']."'";
Have look at mysql_real_escape string to sanatize your input.
Assuming you don't care about a more specific error case you could probably just do the following:
$sql = "SELECT * FROM user WHERE username='".$_POST['username']."' OR email='".$_POST['email']."'";
if(!$result = mysql_query($sql))
die(mysql_error());
while($row = mysql_fetch_array($result))
die('The username or email address is already being used');
$sql = "insert into user (username,email,password,tel,type) values ('".$_POST['username']."','".$_POST['email']."','".$_POST['password']."','".$_POST['telnumber']."','member')";
if(!mysql_query($sql))
die(mysql_error());
This isn't the best of designs if you're looking for, as I said, specific error cases. So if you are okay with just telling the person there is an error that one or both are in use then that should work.
I am not sure as I am very rusty in PHP/MySQL but I assume that if such cases of both exist then multiple rows may be returned and I forget exactly how mysql_fetch_array works but I assume it's an array of all results valid for the query so you should be set. As long as the array exists, you know there was a hit in the db.