I have a table with registered users. My code is suppose to delete a row when clicking delete in the table.
This is in the database.php
.....
while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
echo '<tr><td align="left">' . $row['Id'] . '</td><td align="left">Delete</td></tr>';
}
......
So, I'm getting the id when clicking delete. So far, this part works but when I tried to run the delete query it doesn't work.
delete.php
<?php
session_start();
include 'connection.php';
if (isset($_POST['Id']) && is_numeric($_POST['Id'])){
$id = mysqli_real_escape_string($conn, $_POST['Id']);
$result = mysqli_query("DELETE FROM table_name WHERE Id= '$id' ")
or die(mysqli_error());
echo "<h3><br><br><a href=database.php> <b> Go Back</a></h3>";
echo "Data Deleted";
}else {
echo "Error";
echo "<h3><br><br><a href=database.php> <b> Go Back</a></h3>";
}
?>
I just get "Error" and it doesn't remove the row. How can I fix it?
Edit:
<?php
session_start();
include 'connection.php';
if (isset($_GET['Id']) && is_numeric($_GET['Id']))
{
$id = mysqli_real_escape_string($conn, $_GET['Id']);
$result = mysqli_query("DELETE FROM User_reg WHERE Id= '$id' ")
or die(mysqli_error());
echo "<h3><br><br><a href=AdminLog.php> <b> Go Back</a></h3>";
echo "Data Deleted";
}else {
echo "Error";
echo "<h3><br><br><a href=AdminLog.php> <b> Go Back</a></h3>";
}
?>
Still getting the same result with the delete query not working.
Also "Id" name is set in the same way as in the database.
$_POST['Id'] is not set, because you got to that script via a link.
Delete
links are GET requests, not POST requests. So, $_GET['id'] (note that it is $_GET['id'] rather than $_GET['Id'] because you used id in your link) should be set, but it's not really safe to use a link to delete things to begin with.
There are various ways to get around this issue. One way is to have the delete link in your table direct you to a intermediate confirmation page that posts to the actual delete script.
it would not work because you are sending a get parameters and checking for post and note the comment above for prepared statement and also try not to use get to delete data because a programmer can easily change the id and delete another user info use post instead because it cant be tweaked that is why social use let me callm it ajax to delete, because a deleted cannot be retrieved unless you create an alternative so use POST METHOD instead change this
if (isset($_POST['id']) && is_numeric($_POST['id'])){
$id = mysqli_real_escape_string($conn, $_POST['id']);
to this
if (isset($_GET['id']) && is_numeric($_GET['id'])){
$id = mysqli_real_escape_string($conn, $_GET['id']);
This should work
Related
I'm showing a data table from MySQL, let say in x.php like
<?php $sql = "SELECT * FROM tblname";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$id=$row["id"];
echo "<tr><td>". $row["0"]. "</td><td>". $row["1"]."</td><td>".$row["2"]."</td><td>".$row["3"]."</td><td>"."<a href='y.php?=$id'>More details</a>"."</td></tr>";
$_SESSION["id"]=$id;
}
} else {
}?>
But where I go to y.php class to see more details it shows data only from last row of MySQL records.
How can I fix it?
What's wrong is you are using the $_SESSION to fetch the detail.
What you want isn't to store the id in the $_SESSION, you want to put it in each link, so that when a user clicks a link he has access to the row detail.
Basically, parameters passed in a link (like index.php?param1=value1) are found in $_GET global variable.
So I guess in y.php you use $_SESSION['id'] to fetch the row detail, use $_GET['id'] instead.
Also, in x.php edit this :
"<a href='y.php?=$id'>More details</a>"
to :
"<a href='y.php?id=$id'>More details</a>"
And remove : $_SESSION['id'] = $id;
I am trying to make this program where I can delete a thread if I am logged in. Now I already have the button linked and everything, I have it doing multiple tasks when pressed, but it seems to not run the SQL query I want it to. Now I have a variable called $forumid which is set in the URL and retrieved using $_GET['forumid'];
I know this is setting properly, because I have done echo $forumid; and its been correct. But there is one line of code that doesn't run for some reason, and that is:
$db->query("DELETE FROM threads WHERE id='$forumid'");
Now when I remove the WHERE clause, it works, but it wipes out the entire table. So I now know that the problem is the WHERE clause, I just can't find out why it is the issue. I am fairly new to PHP so please forgive my ignorance. But if anyone is able to see the issue, please tell me. Thank you.
[EDIT: COMPLETE CODE]
<?php
require 'connect.php';
session_start();
$forumid = $_GET['forumid'];
$title;
$body;
$by;
$loggedAsAuthor;
?>
<html>
<head>
<title>Legend Factions - View Forum</title>
<link href="stylesheet.css" rel="stylesheet" type="text/css"/>
</head>
<body>
<div id="header">
Home
Forum
Vote
Donate
Members
</div>
<div id="content">
<div id="divider">
<?php
if ($result = $db->query("SELECT * FROM threads")) {
while ($row = $result->fetch_assoc()) {
if ($row['id'] == $forumid) {
$title = $row['title'];
$body = $row['words'];
$by = $row['by'];
if ($_SESSION['sess_username'] == $by || $_SESSION['sess_username'] == "admin") {
$loggedAsAuthor = true;
}
}
}
}
echo '<h2>', $title, '</h2><br/><label>By: ', $by;
if (isset($loggedAsAuthor)) {
echo '<form action="viewForum.php" method="post">
<br/><input type="submit" name="delete" value="Delete Thread"/>
</form>';
}
$delete = $_POST['delete'];
if (isset($delete)) {
$db->query("DELETE FROM threads WHERE id=$forumid ");
//header("Location: forum.php");
}
?>
<hr/>
<?php
echo $body;
?>
</div>
</div>
</body>
</html>`
You need to modify your sql query as like :
$db->query("DELETE FROM threads WHERE id= $forumid "); // removed single quotes
Hope it works for you now.
You can try this way, Hope it will help
$qry = "DELETE FROM threads WHERE id= $forumid ";
$db->query($qry);
Your query seems to be correct.
If $_GET['forumid'] is a string, do :
$db->query("DELETE FROM threads WHERE id=".$db->quote($_GET['forumid']));
If $_GET['forumid'] is numeric, do :
$db->query("DELETE FROM threads WHERE id=".(int)$_GET['forumid']);
In any case, string syntax should work, because string will be cast to integer by mysql.
To debug, do :
echo "DELETE FROM threads WHERE id=".$db->quote($_GET['forumid']) ;
And give us the result, or directly paste it into phpMyAdmin to see the error.
You should also add this line at the top of your script to see all errors :
error_reporting(E_ALL) ;
ini_set('display_errors', true) ;
if(isset($_GET['forumid']) && !empty($_GET['forumid'])){
$qry = "DELETE FROM threads WHERE id= '" . mysql_real_escape_string ($_GET['forumid']) . "'";
}
or use active record
$this->db->where('id', $forumid );
$this->db->delete('threads ');
Either integer or string syntax in MySQL should work if the threads id is an integer. What I see that could be happening is:
1) $forumid does not have the value you think it has?
To check it, var_dump the variable right before the delete query:
var_dump($forumid); die;
2) The table id column is not named "id"?
Check the database schema, to check if the column has the name you think it should have. In mysql CLI:
desc threads;
i am trying to output some information based on the edit in the code below :
echo "<td>".$rows['td']."<a href='edittd.php?edit=$rows[Nom_Matiere]'> edit <a></td>";
but the problem is that i want to output this information using 2 different information $rows[Nom_Matiere] and $rows[Number] how can i do that i tried those options :
1*
echo "<td>".$rows['td']."<a href='edittd.php?edit=$rows[Nom_Matiere] and $rows[Number]'> edit <a></td>";
2*
echo "<td>".$rows['td']."<a href='edittd.php?edit=$rows[Nom_Matiere] && $rows[Number]'> edit <a></td>";
but they didn't work ,please is there suggestions how i can do that ,and the edittd.php:
echo mysql_error();
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Mail_Enseignant']))
{echo mysql_error();
$username = $_SESSION['Mail_Enseignant'];
echo mysql_error();
//query the database
if(isset($_GET['edit'])){
$Nom_Matiere = $_GET['edit'];
$Number = $_GET['edit'];
$res = mysql_query("select Nom_Etudiant,Numero from etudiant,groupe,matiere where matiere.`Nom_Matiere`= '".$Nom_Matiere."' and groupe.`Number`= '".$Number."' and matiere.`Id_Specialite`=groupe.`Id_Specialite`")or die($myQuery."<br/> <br/>".mysql_error());
while($rows = mysql_fetch_array($res)):
echo "<tr class='light'>";
echo "<td>".$rows['Nom_Etudiant']."</td>";
echo "<td>".$rows['Numero']."</td>";
endwhile;}
?>
You need a parameter for the second value there.
echo "<td>{$rows['td']}<a href='edittd.php?edit={$rows['Nom_Matiere']}&number={$rows['Number']}'> edit <a></td>";
To make two rows use:
echo "<td>".$rows['td']."</td><td><a href='edittd.php?edit=$rows[Nom_Matiere]& $rows[Number]'> edit <a></td>";
Changed: Added 2 tags instead of your one.
Also your code is full of SQL injection problems, use mysql_real_escape_string or better yet, use somethng better like PDO.
So as said in title I'm trying to use the query variable given from the page which directs to this one and the form data from THIS page to manipulate the database. I can't seem to get it right and I have no idea what I'm doing wrong. The code snippet looks like this:
<?php
$ware_number = $_GET['id'];
Echo "<form action='usernamecheck.php' method='post'>";
Echo 'Username:<br>';
Echo '<input type="text" name="usernamecheck" size="14"><br>';
Echo 'Password:<br>';
Echo '<input type="password" name="passwordcheck" size="14"><br>';
Echo '<input type="submit" value="Send">';
Echo '</form>';
if (isset($_POST['usernamecheck'])) {
$sql2 = "SELECT * FROM `storedata`.`users` WHERE `username` LIKE '$_POST[usernamecheck]'";
$found_user_id = mysql_query($sql2, $conn);
print $found_user_id;
}
if (isset($_POST['usernamecheck'])) {
$sql3 = "INSERT INTO `storedata`.`basket` (user_id, ware_id, number, complete)
VALUES
('$found_user_id', '$ware_number', 1, 0)";
$derp = mysql_query($sql3, $conn);
print $derp;
}
?>
The document itself is usernamecheck.php, and I was just printing to try and locate the error. When i check the basket table nothing has happened, even though no error is displayed. Right now the variable $ware_number is causing errors. What am I doing wrong?
I have also made user_id and ware_id foreign keys in the storedata.basket table, since they are primary keys in their own respective table. This means they can only be specific values, but I'm testing with these values, primarily 1's and 0's...
What if $_GET['id'] is not set? it will fail. Also please read up into correct usage of SQL in PHP. Your code is vulnerable to SQL injection attacks and whatnot.
EDIT:
updated piece of code
if(isset$_GET['id'] && is_numeric($_GET['id']))
{
$ware_number = $_GET['id'];
Echo "<form action='usernamecheck.php?id=" . $_GET['id'] . "' method='post'>";
.....
I have a problem with my PHP form. Whenever I refresh the page, the old data automatically inserted to my database. My codes are:
<?php
if(isset($_GET['send'])){
isset($_GET['name'])?$name = $_GET['name']:"";
isset($_GET['score'])?$score = $_GET['score']:0;
$con = mysql_connect('localhost','root','') or die(mysql_error());
mysql_select-db('student',$con) or die(mysql_error());
$qry = mysql_query('INSERT INTO student(name, score) VALUES('$name', $score)') or die(mysql_error());
$display = mysql_query('SELECT * FROM student',$con) or die(mysql_error());
echo '<table border=1>';
while($rows = mysql_fetch_array($display)){
echo '<tr>';
echo "<td>$rows['id']</td>";
echo "<td>$rows['name']</td>";
echo "<td>$rows['score']</td>";
echo '</tr>';
}
echo '</table>';
}
?>
please help me solve this problem.
A common way to prevent duplicate form submission is to make use of the Post/Redirect/Get Pattern.
You would need to change your forms method to Post then. After successful form submission you redirect to the form again but making the redirect a get request. The form will be reset then (empty values).
Edit:
Now as I see it, your script can actually do something similar: After insertion into the mysql Database you can redirect it to itself removing the get parameters:
<?php
if(isset($_GET['send'])){
isset($_GET['name'])?$name = $_GET['name']:"";
isset($_GET['score'])?$score = $_GET['score']:0;
$con = mysql_connect('localhost','root','') or die(mysql_error());
mysql_select-db('student',$con) or die(mysql_error());
$qry = mysql_query('INSERT INTO student(name, score) VALUES('$name', $score)') or die(mysql_error());
header('Location: myscriptsurl.php');
exit;
}
$display = mysql_query('SELECT * FROM student',$con) or die(mysql_error());
echo '<table border=1>';
while($rows = mysql_fetch_array($display)){
echo '<tr>';
echo "<td>$rows['id']</td>";
echo "<td>$rows['name']</td>";
echo "<td>$rows['score']</td>";
echo '</tr>';
}
echo '</table>';
?>
So you have a problem.
And since you cannot avoid a refresh of the screen...
If you are doing a form post, you might consider sending a location
header AFTER you inserted the record:
<form action="process.php" method="POST">
<input type="text" name="number">
<input type="sumbit">
</form>
then from process.php:
// do you usual inserts in the database based on the post
header("Location: http://www.example.com/thanks.php");
// do not forget the exit, since your script will run on without it.
exit;
In that way your script will process the posting, and then redirects the
browser to thanks.php.
A reload of thanks.php will not result in a fresh db insert.
U have used GET method so every time page refresh it will fetch the value from URL.
Try using POST method...It will solve your Problem and don't forget to Put Condition for POST
if(isset($_POST))
{
/* Your Insert Code */
}