How to delete entry from database, script delete wrong entry - php

I need script to delete registered users from database. It is working but not how it should.
My script delete last entry instead of entry I clicked on?
Here is my script for listing entries.
<form action="user_delete.php" method="post">
<?php
error_reporting(0);
$sql="SELECT * FROM users WHERE status='member' ORDER BY id_user";
$result = mysql_query($sql) or die(mysql_error());
while ($record = mysql_fetch_array($result))
{
$id_c=$record['id_user'];
$mail=$record['mail'];
$_SESSION["del_user"]=$id_c;
$user = mysql_result(mysql_query("SELECT username FROM users WHERE id_user='$id_c'"), 0);
echo "Name: <b>$user</b><br />";
echo "E-mail korisnika: <b>$mail</b><br />";
echo "ID: <b>$id_c</b><br /><br />";
echo "<input type=\"submit\" name=\"delete_row\" class=\"btn\" value=\"Delete\" />";
echo "<hr />";
}
?>
</form>
And this is my user_delete.php
<?php
session_start();
include 'function.php';
include 'db_config.php';
$del=$_SESSION["del_user"];
$sql = "DELETE FROM users WHERE id_user = $del";
mysql_query($sql) or die(mysql_error());
if(mysql_affected_rows()>0)
{
header("Location:user_management.php");
}
else
{
echo "No";
}
mysql_close();
?>


In your while loop, you are overwriting the session variable del_user:
while ($record = mysql_fetch_array($result))
{
$id_c=$record['id_user'];
$mail=$record['mail'];
$_SESSION["del_user"]=$id_c;
This means that $_SESSION["del_user"] will always be the last record.


Pass your POST variable for email OR primary key of that table. Right now you are pchecking with session id. It will delete only your record every time.
$del = $_POST['email'];
$sql = "DELETE FROM users WHERE id_user = $del";

Related

how to set cookie from retrieve database value and send it to another page in php

i want to send the cookie to another page that store the id from database retrieve value .
the thing is it is send to the next page and also working. there is book record retrieve from database with image and one button . i have store the id of the book. but when it goes to next page it displays first book id no matter which book i select by the button
this is code where i set cookie
echo "<form action='issue.php' method='get'>";
while ($row= mysqli_fetch_array($result)) {
echo "<div id='img_div'> ";
echo "<img src='books/".$row['image']."'>";
// echo "</div>";<div id='text'>
echo " <table>";
echo "<tr><td> NAME</td><td> ".$row['name']."</td></tr>";
echo "<tr><td> AVAILABILITY</td><td> ".$row['availabilty']."</td></tr>";
echo "<tr><td> CATEGORY</td><td> ".$row['category']."</td></tr>";
echo "<tr><td colspan='2'>
<button type='submit' name='issue'>issue</button></td></tr>";
echo "</table>";
echo "</div><br/>";
if (isset($_GET['issue'])) {
# code...
$bookid=$row['isbn'];
setcookie("bid",$bookid);
if(!isset($_COOKIE['bid'])){
echo "COOKIE NOT SET";
}
else{
echo "COOKIE SET SUCCESSFULLY";
}
}
And this is code where i access the cookie next page
$id=$_SESSION['user']['username'];
$query = "select id from user_account where username='$id'";
$result=mysqli_query($con,$query);
$row= mysqli_fetch_assoc($result);
$uid=$row['id'];
// if (mysqli_num_rows($results) == 1) {
// $row= mysqli_fetch_assoc($results);
//
// }
$bookid=$_COOKIE['bid'];
echo "$uid";
echo "<br/>";
echo "$bookid";
$query = "INSERT INTO issue (bookid, userid)
VALUES ('$bookid', '$uid')";
mysqli_query($con, $query)or die(mysqli_error($con));

Why is the MYSQLi not updating the DB record but giving success message

I have cleaned my code a little to have the following as my form. But I'm having trouble sending the data and Updating from the new update.php. The form works ok retrieving the data and displaying it. But on submission I get the ok update message but the record isn't changed in the database any ideas.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures";
$result = $conn->query($sql)
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"] .">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>
update.php
<?php
include 'connectdb.php';
$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure='$wm' WHERE id='$id'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Have changed to Below and now get this error.
Error updating record: Unknown column 'sdada' in 'field list'. So it looks like its trying to use the form value $wm as a column header in the table rather than the input value.
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure=$wm WHERE id=$id";

$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
Maybe you have these the wrong way round? :D
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
By the way your query is vuln to MySQL injection, please consider using prepared statements

You realize that you switched your ID and WeightOrMeasure in the variable assignments from your $_POST data?
This results in an update query that can't find the ID but does not run into a problem. Thus telling you that the operation was successful

I figure out following possible problem in your code.
mysqli_query($conn, $sql); //should be $conn->query($sql);
and this line
$wm = $_POST['id']; //$_POST['WeightorMeasure'];
$id = $_POST['WeightorMeasure'];//$_POST['id'];
the order is wrong. I hope you already have $conn object created in dpconnect.php file.

Ok found the problem was a mixture of the above having $_POST["WeightorMeasure"]; and $_POST["id"]; mixed up but the most important factor was that the table I was posting from contained Multiple Rows and on _POST to update.php it didn't know what to do with all the different rows as the SQL was only dealing with one row. Once I sent single rows through the post it worked fine. Now to learn and add prepared statements as suggested.
update.php
<?php
include 'connectdb.php';
$wm = $_POST["WeightorMeasure"];
$id = $_POST["id"];
echo $wm . "<br>";
echo $id . "<br";
$sql = "UPDATE weightsmeasures SET WeightorMeasure=\"$wm\", id=
$idWHERE id= $id";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Manual single entry.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures WHERE id=11";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"].">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>

updating my database values through php

Hi I am trying to do a Registration that the users will put their name password and their answers to some questions and then an admin will manually answer to it if it's accepted.I did the system that loads their name password and answers in the database,and I also ran the things that will show the answers to the admin,but I can't figure a way to change a value just for one user not for all of them,I will leave you my codes and everything over here.
Here is my admin.viewapplications.php code
(Here,it shows everything fine,but I can't figure a way that the button to act just for one id not for all)
<?php
//include(__DIR__ . "/signup.php");
include("../resources/config.php");
//$name = $_POST['Name'];
//$mg = $_POST['MG'];
//$pg = $_POST['PG'];
//$rk = $_POST['RK'];
$sql = "SELECT id, name, tutorial, MG, PG, RK FROM rp_users WHERE tutorial = 2";
//$tutorial = "SELECT tutorial FROM rp_users";
$result = mysql_query($sql);
//$result2 = mysql_query($tutorial);
//$value = mysql_fetch_object($result2)
/*if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}*/
//if($value > 1)
//
while($row = mysql_fetch_array($result))
{
//$tutorial = row["tutorial"];
//f($tutorial == 2)
//}
$id = $row["id"];
$name = $row["name"];
$mg = $row["MG"];
$pg = $row["PG"];
$rk = $row["RK"];
echo "ID: " . $id."<br> <br>";
echo "Nume: " . $name."<br> <br>";
echo "MG: " . $mg."<br> <br>";
echo "PG: " . $pg."<br> <br>";
echo "RK: " . $rk."<br> <br>";
echo '<form action="./?p=applicationaccept" method="POST">';
echo '<input type="submit" name="accept" value="Accepta">';
echo '</form><br>';
echo '<form action="./?p=applicationdeny" method="POST">';
echo '<input type="submit" name="deny" value="Respinge">';
echo '</form><br> <br> <br>';
}
//}
//
?>
And here is my applicationaccept.php
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $id;
$sql = "UPDATE rp_users SET tutorial=0";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
/*while($row = mysql_fetch_array($result))
{
}*/
?>

I think what you want to do is a simple UPDATE to your MySQL database..
but make sure you format the PHP code you're using otherwise it'll give you an ERROR!
Also you have to use 'mysqli' now in PHP!
<?php
$someID = '1';
$sql = "UPDATE `rp_users` SET `tutorial`= '0' WHERE `id` = $someID";
$result = mysqli_query($link, $sql);
if($result)
{
echo "Success";
}
else
{
echo ("Error");
}
?>
BTW I forgot to mntion the '$link' is the connection to your database!

As of my understanding of your question if your form action is applicationaccept.php and you are trying to update for one user in applicationaccept.php file, try this:
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $_POST["id"]; // pass id as parameter in form
$sql = "UPDATE rp_users SET tutorial=0";// change this line to following line
$sql = "UPDATE rp_users SET tutorial=0 where id=$iduser";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
?>
Be aware your code is vulnerable

Delete item from mysql database then go back to last page

I have a page where I list items ( in this case businesses) that are pulled from a mysql database with php.
<?
include('config.php');
echo "<h3>Saved Businesses</h3>";
echo "<ul style='list-style-type:none;'>";
$result = mysql_query("SELECT * FROM `saved_biz` WHERE user_id = '$id'") or trigger_error(mysql_error());
while($row = mysql_fetch_array($result)){
foreach($row AS $key => $value) { $row[$key] = stripslashes($value); }
$business_id = $row['business_id'];
$result = mysql_query("SELECT * FROM `company` WHERE id = '$business_id'") or trigger_error(mysql_error());
while($row = mysql_fetch_array($result)){
$business_name = $row['name'];
}
echo "<li>" . nl2br( $business_name);
echo "<a href=deletesavedbiz.php?id={$row['id']}>Delete</a></li>";
echo "</tr>";
}
echo "</ul>";
?>
If the user decides to delete one of the businesses ( by clicking the "Delete" link ) he/she is then taken to deletesavedbiz.php and then, if successful, presented with a link to get back to the profile.php page that he/she was just on.
<?
include('config.php');
$id = (int) $_GET['id'];
mysql_query("DELETE FROM `saved_biz` WHERE `id` = '$id' ") ;
echo (mysql_affected_rows()) ? "Row deleted.<br /> " : "Nothing deleted.<br /> ";
?>
<a href='profile.php'>Back To Listing</a>
Now, what I want to do is have the php delete and then do like a php header redirect to profile.php without ever making the user click a link back. How can I accomplish this? Also, I'm fine with having the answer being javascript if it's not possible or not very clean in PHP.
Thanks for all help!

Do redirect in case your query returned TRUE.
function redirect($page = 'profile.php'){
header("Location: $page");
exit;
}
function your_query(){
include('config.php');
$id = (int) $_GET['id'];
//returns TRUE on success, FALSE otherwise
return mysql_query("DELETE FROM `saved_biz` WHERE `id` = '$id' ") ;
}
if ( your_query() ){
redirerct();
} else {
redirect('some_error_page.php');
}

header("Location: profile.php");
Put that at the bottom of your script that deletes the record.

To delete queries! I've tried with the posts already available. It didn't work.

My first page to delete queries selected by user query.php which is working absolutely fine:
<form method=post action="delete.php">
List of queries<br/>
<?php
$ebits = ini_get('error_reporting');
error_reporting($ebits ^ E_NOTICE);
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("testdb") or die(mysql_error());
echo "<br />";
$query = "select * from queries ";
$result = mysql_query($query) or die(mysql_error());
$count=mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
print "<input type='checkbox' name='Query[]' value=\"".$row['queryId']."\"> ";
echo " ". $row['name']." ". $row["address"]." ". $row["contactNo"]."
". $row["query"];
echo "<br />";
}
?>
<input type="submit" value="Delete" name="Delete">
<br/>
</form>
I've tried with following codes for second page delete.php but nothing seems to work.
Code1:
<?php
if($_POST['Delete'])
{
if(count($_POST['checkbox']) > 0) {
foreach($_POST['checkbox'] as $checkbox)
{
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE `queryId`= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
} else {
$NEW="Nothing to Delete";
}
}
?>
Code2:
<?php
if(($_POST['Delete']))
{
$count=array();
$count=$_POST['checkbox'];
for($i=0;$i<count($count);$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM queries WHERE queryId='$del_id' ";
$result = mysql_query($sql);
}
$NEW="Selected records Deleted";
}
var_dump($_POST['checkbox']);
var_dump($count);
?>

Your checkbox names are "Query", but you're accessing it as $_POST['checkbox']. This should be $_POST['Query'] instead.
EDIT checking from your updated code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}
Instead of this:
$del_id=$checkbox;
do this:
// if queryId is numeric
$del_id=intval($checkbox);
This makes sure that the value you're working with is numeric, instead of potential malicious input from your user. I'm going under the assumption that queryId is numeric. If it's not, then you need to do this:
// if queryId is not numeric:
$del_id = mysql_real_escape_string($checkbox);
Your DELETE syntax is incorrect:
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
You want just DELETE FROM. Also if the value for queryId is numeric, you don't need the quotes around it:
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
Finally, your MySQL error call doesn't do anything useful as is:
mysql_error();
Here's how you should do this, along with the rest of the code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id= intval($checkbox);
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
$result = mysql_query($sql);
if(!$result) {
echo "There was an error in the query: " . mysql_error();
}
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}

Categories