I am have been trying to setup this code to delete a row on the mysql database as well as the photo that was uploaded with it. It is working GREAT to remove the row data, but it will not get rid of the photo, and I cannot figure out what I am doing wrong. To simplify things, im using the variable $id which is the number of the row entered in the form which triggers this php file:
<?php
$host="localhost"; // Host name
$username="blahblah_plans"; // Mysql username
$password="password"; // Mysql password
$db_name="blahtbl_name"; // Database name
$tbl_name="plans"; // Table name
// Connect to server and select databse.
$conn = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// get value of id that sent from address bar
$id=$_GET['idnum'];
$compositesql="SELECT composite FROM plans WHERE ID ='$id'";
$compositeresult = mysql_query($compositesql) or die(mysql_error());
$compositefilename = "/composite/" + $compositeresult;
$unlink = unlink($compositefilename);
if($unlink) {
echo 'Successfully deleted file: ';
echo $compositefilename;
} else {
echo 'Error deleting file: ';
echo $compositefilename;
}
// Delete data in mysql from row that has this id
$sql="DELETE FROM $tbl_name WHERE ID ='$id'";
$result = mysql_query($sql);
if($result){
header("location:planentry.php");
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
?>
Make sure the path is right, $compositefilename = "/composite/" + $compositeresult; should be the path in the server, it most likely to be
$compositefilename = PATH_TO_YOUR_WEB_ROOT . "/composite/" . $compositeresult;
And php does not use + to concat strings.
The problem is that $compositeresult contains a resource rather than a result set. This line is what's causing it:
$compositeresult = mysql_query($compositesql) or die(mysql_error());
To fix that, store the resource on a variable, then store the result set on another variable, like this:
$compositequery = mysql_query($compositesql) or die(mysql_error());
$compositeresult = mysql_fetch_array($compositequery) or die(mysql_error());
Also, I highly recommend that you start using mysqli or PDO instead of mysql, since it's safer. Also, as xdazz said, PHP's concatenation operator is the dot, not the plus sign. So your $compositefilename should be declared as (note that $compositeresult is an array of data and therefore should have its correct key explicitly written):
$compositefilename = "/composite/" . $compositeresult['composite'];
Related
I am trying to delete an item from my database but it isnt working.
I thought I had it working but it was deleting the first item in the database but not the item selected.
Here is what I have.
A link to delete.php then I have this for delete.php
<?php
ob_start();
include_once('../mysql_connect.php');
// contact to database
$host = "localhost";
$username = "admin";
$password = "password";
$database="database";
$tbl_name="new_equip";
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");
// get value of id that sent from address bar
$id=$_GET['id'];
// Delete data in mysql from row that has this id
$sql="DELETE FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);
// if successfully deleted
if($result){
echo "Deleted Successfully";
echo "<BR>";
echo "<a href='inventory.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
?>
I know this is probably something simple and I have been searching and trying everything I can find, but I cannot seem to get it working. I believe the delete.php link needs to have the item number in it. Here is what the link is
"delete.php?id=<?php echo $eid; ?>"
I also have this on the top of the delete.php
<?php
$eid = (int) $_GET['id'];
if ($eid < 1)
?>
Do not put the GET directly in your variable that might cause SQL Injections
Do not use mysql... use mysqli instead!
Format your code more
Than back to the main problem:
Echo your $id to see if it is the correct one ;) I could not see some other problem at your code.
I am getting the following errors:
Warning: unlink() [function.unlink]: Invalid argument in
C:\xampp\htdocs\SH\owner\delete_img.php
on line 11
and
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near
'* FROM img_homestay WHERE imgid='"73"'' at line 1
This is my code for delete image. My images have own imgid. I want to delete it using their imgid.
<?php
// This is a sample code in case you wish to check the username from a mysql db table
$link=mysql_connect("localhost", "root","")or die("could not connect");
$db=mysql_select_db("sh",$link) or die ("could not select database");
$imgid = $_GET['imgid'];
// sending query
$select=mysql_query("SELECT location FROM img_homestay WHERE imgid='$imgid'");
$img=mysql_fetch_array($select);
unlink($img['location']);
$result=mysql_query("DELETE * FROM img_homestay WHERE imgid='$imgid'")
or die(mysql_error());
header("Location: editimage1.php");
?>
This is the link of one of the pictures I want to delete:
/SH/owner../data/img1.jpg
From the comment. It's been edited.
Your query should be DELETE FROM. Remove the * from your query.
The full query: DELETE FROM img_homestay WHERE imgid='$imgid'
Also, you can either remove the $result = part from your query, or do this.
if($result) {
//Successfully deleted image.
}
Also, your code is highly susceptible to SQL injection. You are passing in raw user input into your SQL query. At the very least, you should be escaping out quotations, but it is highly recommended that you also use the MYSQLI or PDO set of functions for database connections and queries.
You may also need to need check your permissions for the folder that you are trying to remove the file from. Ideally, folders which house images should be set to chmod 755.
http://mattbango.com/notebook/code/prepared-statements-in-php-and-mysqli/
This link is a very basic introduction to prepared statements, and also provides links for further reading.
EDIT: Full snippet.
<?php
// This is a sample code in case you wish to check the username from a mysql db table
$link=mysql_connect("localhost", "root","")or die("could not connect");
$db=mysql_select_db("sh",$link) or die ("could not select database");
$imgid = $_GET['imgid'];
$imgid = mysql_real_escape_string($imgid);
$path= $_SERVER['DOCUMENT_ROOT'].'/owner../data/';
// sending query
$select=mysql_query("SELECT location FROM img_homestay WHERE imgid='$imgid'");
$img=mysql_fetch_array($select);
unlink($path.$img['location']);
$result=mysql_query("DELETE FROM img_homestay WHERE imgid='$imgid'") or die(mysql_error());
//Check to see if the query can run
if($result) {
header("Location: editimage1.php");
} else {
//Query failed. Display an error message here.
}
?>
<?php
// This is a sample code in case you wish to check the username from a mysql db table
$link=mysql_connect("localhost", "root","")or die("could not connect");
$db=mysql_select_db("sh",$link) or die ("could not select database");
$imgid = $_GET['imgid'];
$path= $_SERVER['DOCUMENT_ROOT'].'/owner../data/';
// sending query
$select=mysql_query("SELECT location FROM img_homestay WHERE imgid='$imgid'");
$img=mysql_fetch_array($select);
unlink($path.$img['location']);
$result=mysql_query("DELETE FROM img_homestay WHERE imgid='$imgid'") or die(mysql_error());
header("Location: editimage1.php");
?>
This type of error basically needs debugging.
First check whether problem is related to unlink() function or in Sql connectivety.
Create another php file n check whether its working for static path
<?php
$path='/SH/owner../data/img1.jpg'; // update it as per your filepath..path should be from root
if(unlink($path))
{
echo "Deleted file ";
}
else
{
echo "Not Able to Delete File";
}
?>
Lets see what it retruns.
As Part Written by 9997 regarding database connection and query execution seems perfectly fine.
I know this has been asked hundreds of times, however, I couldn't find how this specific error applied to many of the other examples.
I have many form fields on a PHP page and they update into my database just fine when I hit submit, until I use http://somewebsite.net in one of the fields.
The field I post my form, field flightaware is posted to bijwerkvlucht_post.php as flightaware='$flightaware'.
I do not get the above error message when I test with plain text or remove the http:// . Thus deducing that it is an issue related to http:// in the wording.
How would I fix the code to resolve this particular issue?
The code on the post page:
<?php
$host="localhost"; // Host name
$username="xxxxx"; // Mysql username
$password="xxxxx"; // Mysql password
$db_name="xxxxx"; // Database name
$tbl_name="tbl_vluchtgegevens"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// update data in mysql database
$sql="UPDATE $tbl_name SET reisID='$reisID', vertrekdatum2='$vertrekdatum2',
vertrektijd='$vertrektijd', vertrektijdactueel='$vertrektijdactueel',
vertrekluchthaven='$vertrekluchthaven', aankomstdatum2='$aankomstdatum2',
aankomsttijd='$aankomsttijd', aankomstluchthaven='$aankomstluchthaven',
luchtvaartmaatschappij='$luchtvaartmaatschappij', toestel='$toestel',
inschrijvingnmr='$inschrijvingnmr', vluchttijd='$vluchttijd',
vluchttijddec='$vluchttijddec',reisklasse='$reisklasse', stoel='$stoel', prijs='$prijs',
vluchtnmr='$vluchtnmr', vluchttype='$vluchttype', upgrade='$upgrade',
boekingcode='$boekingcode', eticketnmr='$eticketnmr', farecode='$farecode',
flightaware='$flightaware', route='$route' WHERE gegevenID='$id'";
$result=mysql_query($sql);
// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
}
else {
echo "ERROR";
}
?>
Hi there doing a small project with databases ( don't have too much experience with them). I'm working with mySQL and php, having a little bit of trouble with the php and posting the info from the HTML form to the database.
Here is the code:
<?php
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="tags"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// get data that sent from form
$s_name=$_GET['name'];
$s_system=$_GET['system'];
$s_cate=$_GET['cate'];
$sql="INSERT INTO $tbl_name(name,system,cate)VALUES('$s_name', '$s_system', '$s_cate')";
$result=mysql_query($sql);
if($result){
echo "Successful<BR>";
echo "<a href=mainforum.php>View your topic</a>";
}
else {
echo "ERROR";
}
mysql_close();
?>
If anyone could help explain to me what I am doing wrong, much would very be appreciated.
THANKS
Here is a link to what I am trying to do:
http://socialsoftware.purchase.edu/roger-p.king/database2/enter_gamertag.html
u should use $_POST['variable'], not $_GET
because $_GET is variables array on the link
such as "http://example.com/?var=123", the value of $_GET['var'] is 123
the variable in form can get by $_POST['var'] or $_REQUEST['var']
$query = mysql_query("INSERT INTO '$tbl_name'(name,system,cate)VALUES('$s_name', '$s_system', '$s_cate')";
That should do, or if you do it your way in 2 lines,
$sql="INSERT INTO '$tbl_name'(name,system,cate)VALUES('$s_name', '$s_system', '$s_cate')";
$result=mysql_query($sql);
I want to retrieve or output data in the database but I kept on getting the error called "Resource ID".
Here is my code:
<?php
$host="localhost";
$username="root";
$password ="123192";
$db_name = "customers";
//Connecting to your Host
mysql_connect("$host","$username","$password") or die("Failed To Connect The server");
//Selecting your Database
mysql_select_db("$db_name") or die("Failed To Select The DB");
$name = $_REQUEST['customerName'];
echo 'WELCOME! <b>'.$name.'</b> We hope that you\'ll Enjoy your stay ';
$sql="SELECT Name FROM `people` WHERE id =2 && Name = 'Kyel'";
$rs=mysql_query($sql);
echo "$rs";
?>
If I need improvement regarding my code kindly tell me.
mysql_query() returns a resource. The to string (implicitly triggered by using echo to output it) of that is Resource ID # followed by the id.
A resource in PHP is only supposed to be used with other PHP functions. This includes but is not limited to file, curl, ftp handles, etc.
I could tell you to..
(a) use mysql_fetch_array() (or similar) or
(b) use PDO.
The latter is by far much better advice.
Try this instead of the echo statement:
$array = mysql_fetch_assoc($rs);
var_dump ($array);