When a was creating a little code in php/mysql I wanted to know how to build a php form to delete an item from database.
The first code is index.php the goal of the script is to gather information about the visitor's of my website because users who want to deface my website.
<?php
$getting_ips = mysql_query("SELECT * FROM ip_capture_module");
if ($getting_ips) {
while ($row = mysql_fetch_array($getting_ips)) {
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><strong><? echo $row['country']; ?></strong></td>
<td><?php echo $row['browser']; ?></td>
<td><?php echo $row['ipaddr']; ?></td>
<td><?php echo $row['method']; ?></td>
<td><strong><?php echo $row['sploit']; ?></strong></td>
<td><?php echo $row['date']; ?></td>
<td>delete</td>
</tr>
<?php
// The Second Code is capture.php
#------------------------------------------------------------------------------------------
...
....
mysql_query("INSERT INTO ip_capture_module(country,browser,ipaddr,method,date) VALUES(
'$country_name',
'$browser',
'$ip',
'$method',
CURRENT_TIMESTAMP())") or die ("<br>Error in inserting in IP: ".mysql_error()."<br>");
if(isset($_POST['delete'])){
//INSERT CODE HERE TO CONNECT TO DATABASE
//DO MORE ERROR CHECKING NECESSARY
mysql_query("DELETE FROM `table` WHERE row='value' LIMIT 1");
//OR YOU CAN USE MYSQLI
$mysqli->query("DELETE FROM `table` WHERE row='value' LIMIT 1");
mysql_close();
//MYSQLI AGAIN
mysqli_close();
exit();
}
I can't give you anymore since your question was so broad. Try using PHP.NET for more info.
DELETE FROM `table` WHERE `some_row`='row_value'
This is the best i can do, since you haven't given enought informations to help you more
Related
I have a database of contributors and I want to delete some of them from my database using php. I wrote the code but it gives errors. I think I linked php and html in a wrong way. once I delete I want to stay in the same page. Also I would like to know if I can make my code more secure. However, this page is accessed by one user who has a username and password and should enter an OTP.
Here is the code :
<?php
/* Delete button */
if(isset($_POST['delete']))
{
$query = "DELETE FROM contributors WHERE id='".$_GET['id']."' ";
$search_result = filterTable($query);
}
function filterTable($query)
{
$connect = mysqli_connect("localhost", "root", "", "volunteedbzlfqf");
$filter_Result = mysqli_query($connect, $query);
return $filter_Result;
}
?>
<!DOCTYPE html>
<html>
<table>
<?php while($row = mysqli_fetch_array($search_result)):?>
<tr>
<td><?php echo $row['id'];?></td>
<td><?php echo $row['password'];?></td>
<td><?php echo $row['fname'];?></td>
<td><?php echo $row['lname'];?></td>
<td><?php echo $row['gender'];?></td>
<td><?php echo $row['phone'];?></td>
<td><?php echo $row['email'];?></td>
<td><?php echo $row['DOB'];?></td>
<td><?php echo $row['city'];?></td>
<td><?php echo $row['degree'];?></td>
<td><?php echo $row['major'];?></td>
<td><?php echo $row['service'];?></td>
<td><?php echo $row['hours'];?></td>
<td><?php echo $row['hrPrice'];?></td>
<td><button name="modify" id="<?php.$row['id'].?>">#</button></td>
<td><button name="delete" id="<?php.$row['id'].?>">X</button></td>
</tr>
<?php endwhile;?>
</table>
</html>
When go inside delete:
if(isset($_POST['delete']))
{
$query = "DELETE FROM contributors WHERE id='".$_GET['id']."' ";
$search_result = filterTable($query);
}
U can check if user is logged or not (the mistake is i know the URL and put like url/table/randomIdToDelete in postman and can delete your database.
if(isset($_POST['delete']))
{
if(!isset($_SESSION['user']){
return;
}
$query = "DELETE FROM contributors WHERE id='".$_GET['id']."' ";
$search_result = filterTable($query);
}
You can use ajax for this in wordpress. See this example link
I have two tables "personal_trainer" and "training_plan". PersonalTrainerID is a foreign key in training_plan. I want to display that when a trainer logs in with their email and password, only the training plans that apply to that ID appears.
However, I am having trouble understanding the logic. I have coded it so that all the information from the training_plan table appears, I cannot created it such that only the rows that apply to the ID are visible to the user. I have made this by the simple sql statement "SELECT * from training_plan". There is a filter textbox to search the table that doesn't effect the code if you're wondering.
I have commented the code to try make it easier to understand. Any help would be greatly appreciated!
<?php
if (isset($_POST['search'])) /*This code allows the filter textbox to search the db */
{
$valueToSearch = $_POST['ValueToSearch'];
$query = "select * from training_plan WHERE concat('trainingPlanID', `personalTrainerID`, `clientID`, `trainingType`, `exercise1`, `exercise2`, `exercise3`, `exercise4`, `exercise5`, `exercise6`, 'reps', 'sets', 'description')like'%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * from training_plan WHERE PersonalTrainerID= (SELECT personalTrainerID FROM personal_trainer WHERE email=$_SESSION['user'])"; /*The error that is displayed is 'syntax error, unexpected string after ['*/
$search_result = filterTable($query);
}
function filterTable($query)
{
$connect = mysqli_connect("localhost:3308","root","","fypdatabase");
$filter_Result = mysqli_query($connect, $query);
return $filter_Result;
}
?>
<?php /*This displays the data in a table but so far outputs all of the table data */
while($row = mysqli_fetch_array($search_result))
{
?>
<tr>
<td><?php echo $row["trainingPlanID"]; ?></td>
<td><?php echo $row["personalTrainerID"]; ?></td>
<td><?php echo $row["clientID"]; ?></td>
<td><?php echo $row["trainingType"]; ?></td>
<td><?php echo $row["exercise1"]; ?></td>
<td><?php echo $row["exercise2"]; ?></td>
<td><?php echo $row["exercise3"]; ?></td>
<td><?php echo $row["exercise4"]; ?></td>
<td><?php echo $row["exercise5"]; ?></td>
<td><?php echo $row["exercise6"]; ?></td>
<td><?php echo $row["reps"]; ?></td>
<td><?php echo $row["sets"]; ?></td>
<td><?php echo $row["description"]; ?></td>
<td>
Delete
</td>
<td>
Update
</td>
</tr>
<?php
Change your query to:
$query = "SELECT * from training_plan WHERE PersonalTrainerID = (SELECT personalTrainerID FROM personal_trainer WHERE email='".$_SESSION['user']."')";
i have a table with id, name, address, sector, financiar, link
on the link i when i press it i want to show me 2 tables from the id of row selected, ex: id 1.
http://postimg.org/image/khelg1m0z/
and the result: http://s28.postimg.org/srvcwj065/Capture2.jpg
now it's a static page with search clause where by id 1, but i need an automatically link show by id on each row.
<?php
include "connect.php";
$sql = "select * from studenti where id='1'";
$query = mysql_query($sql) or die (mysql_error());
?>
<table width="70%" cellpadding="5" cellspace="5">
<tr><td>Id</td>
<td>Nume</td>
<td>Localitate</td>
<td>Judet</td>
<td>Sector Financiar</td>
<td>Link</td></tr>
<?php while ($row = mysql_fetch_array($query)) { ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['nume']; ?></td>
<td><?php echo $row['localitate']; ?></td>
<td><?php echo $row['judet']; ?></td>
<td><?php echo $row['sector_financiar']; ?></td>
<td><?php echo $row['link']; ?></td>
<?php } ?>
</table>
<?php
include "connect.php";
$sql1 = "select * from certificari where id='1' ";
$query = mysql_query($sql1) or die (mysql_error());
?>
<table width="70%" cellpadding="5" cellspace="5">
<tr><td>Id</td>
<td>Denumire certificare</td>
<td>Serie si numar certificare</td>
<td>Data certificarii</td>
<td>Valabilitate certificare</td>
<td>Sector Financiar</td></tr>
<?php while ($row = mysql_fetch_array($query)) { ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['nume']; ?></td>
<td><?php echo $row['serie_numar']; ?></td>
<td><?php echo $row['data']; ?></td>
<td><?php echo $row['valabilitate']; ?></td>
<td><?php echo $row['sector_financiar']; ?></td>
<?php } ?>
</table>
You should not use the mysql_ functions since they are depricated and are very vulnerable to SQL injection attacks. Instead, I will use MySQLi in this answer, but you could also use PDO if you want to.
To display records for different ID's based on what the user selects you can pass an ID in the page URL. When you link to the page you add the desired ID to the address like this:
Link
The value of the variable id will now be available in page.php as $_GET['id'].
The actual PHP in your page would then look something like the code below. I have left out some of your HTML for brevity, but you can just add it int.
//Connect to the DB. Might want to put this in your connect.php and include it.
$db = new mysqli('localhost', 'user', 'pass', 'db');
//Prepare the statement. The ? will be your ID.
$statment = $db->prepare("SELECT * FROM studenti WHERE id = ?");
//Bind the parameters, so that the first (and only) question mark is turned into your ID.
//The 'i' means integer, if you store the id as a string your should use 's' instead.
$statement->bind_param('i', $_GET['id']);
//Execute the query.
$statement->execute();
//Get the results.
$result = $statement->get_result();
//Iterate over it to create the output.
while ($row = $result->fetch_assoc()) {
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['nume']; ?></td>
<td><?php echo $row['localitate']; ?></td>
<td><?php echo $row['judet']; ?></td>
<td><?php echo $row['sector_financiar']; ?></td>
<td><?php echo $row['link']; ?></td>
</tr>
<?
}
//Then do the same thing for the table certificari.
//Note that you only need to connect to the DB once.
This beginners guide to MySQLi is very helpful if you need some more guidance.
I currently have made a page that shows all the users, but I just want to only display the currently logged in user, Please help me im begging you I spent 4 hours of nothing T_T im new at php and im very lost, im so hopeless right now
<?PHP
$customerquery=mysql_query("select * from customerinfo");
while($customerrows=mysql_fetch_array($customerquery)){
?>
<tr>
<td>Id</td><td>First Name</td><td>Last Name</td><td>Address</td><td>Contact No</td> <td>Username</td><td>Password</td><td>Edit</td>
</tr>
<tr>
<td><?PHP echo $customerrows['id'];?></td>
<td><?PHP echo $customerrows['fname'];?></td>
<td><?PHP echo $customerrows['lname'];?></td>
<td><?PHP echo $customerrows['address'];?></td>
<td><?PHP echo $customerrows['contactno'];?></td>
<td><?PHP echo $customerrows['username'];?></td>
<td><?PHP echo $customerrows['password'];?></td>
<td>edit</td>
</tr>
<?PHP } ?>
You need to specify a WHERE condition in your query. That will fetch only one row, so you will not need a while loop:
$id = (int) $_GET['id']; // assuming you pass user id in URL
$customerquery = mysql_query("select * from customerinfo WHERE id = $id");
$customerrows = mysql_fetch_array($customerquery);
// rest of your html
I've recently made a PHP, that should; if click a link delete a certain row within one of my MYSQL tables.
The script below has everything but the link [href=delete_ac.php?id etc...] leads to the page but when the page activates it echo ERROR instead of deleting the row.
<h1>Members</h1>
<table>
<tr>
<th>ID</th>
<th>Username</th>
<th>E-Mail Address</th>
<th></th>
</tr>
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td>delete</td>
</tr>
<?php endforeach; ?>
</table>
delete_ac.php
The script below is what should delete it but it isn't
<?php
require("../php/bp-connectionAdmin.php");
$id=$_GET['id'];
$query = "DELETE FROM `users` WHERE `id` = $id";
$result = mysql_query($query);
if ($result) {
echo "Successful";
} else {
echo "ERROR";
}
?>
Is the ID numeric only? Would the addition of quote marks around $id not help?
$query = "DELETE FROM `users` WHERE `id`='$id'";
mysql_query($query);
Not sure...but give it a go!
Put on the line after $query = "DELETE ..
An
echo "DELETE FROM `users` WHERE `id` = $id";
die;
Then you will see what goes wrong.
Personally i would remove the ', assuming that the id=integer, and you will have:
$query = "DELETE FROM users WHERE id=$id";
If not, try that echood query directly in your Database window and you will see what is wrong.
Most probably you should change your line into
$id=intval($_GET['id']);
which is also much more secure!