I have an administration panel that has a page allowing the administrators to delete rows from the database. Each row they can delete has an associated image stored in a directory on the server. The image path is stored in the database as well.
What I need is when a user deletes a row from the table, I would like it to delete the image as well.
Here is my PHP to delete the row from the table:
include('includes/temp.config.php');
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
// get the 'id' variable from the URL
$id = $_GET['id'];
// delete record from database
if ($stmt = $link->prepare("DELETE FROM templates WHERE id = ? LIMIT 1"))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
else
{
echo "ERROR: could not prepare SQL statement.";
}
$link->close();
// redirect user after delete is successful
header("Location: edit.php");
}
else
// if the 'id' variable isn't set, redirect the user
{
header("Location: edit.php");
}
But I don't even know where to start to delete the associated image... Any help would be greatly appreciated.
How about the unlink function?
I would ask the user to specify the image, select the image path from the database, delete the image from the file system with the image path I just retrieved and then delete the row from the database.
<?php
require __DIR__ . "/config.php";
if( isset($_GET['id'])){
$id=$_GET['id'];
$res=mysql_query("SELECT image FROM register where id= '$id'");
$row=mysql_fetch_array($res);
$delete="delete from register where id= '$id'";
$de = mysql_query( $delete);
unlink("upload/".$row['image']);
if($de)
{
header("location:login.php");
}
else
{
echo "error";
}
}
?>
Related
I m trying to code a deletation page, but when i type id and username and click delete, it gives me the message "success" even if the id and/or username not exist in database and if i type correct id and username is delete from database
with message "success" how to fix this please? thank you
<?php require ('server.php');?>
<?php
$uniqueid=$_GET['uniqueid'];
$username=$_GET['username'];
if(isset($_GET['uniqueid'], $_GET['username'])){
$sql= "DELETE FROM users WHERE uniqueid='$uniqueid' AND username='$username'";
if($sql)
echo "succces";
}
else {
echo 'ERROR';
}
mysqli_close($db);
?>
let's break down you code :
you are using mysqli, you may have to look into the use PDO instead
it have a way bigger database list interaction whereas mysqli only
got one.
you have no statement for running your sql statment, for now $sql is justplain text
the fix way for you code:
<?php
$uniqueid=$_GET['uniqueid'];
$username=$_GET['username'];
if(isset($_GET['uniqueid'], $_GET['username']))
{
$sql= $BD->("DELETE FROM users WHERE uniqueid='$uniqueid' AND username='$username'");
/*$BD is you connection to the database*/
if($sql) echo "succces";
else
{
echo 'ERROR';
}
}
else
{
echo 'no id or username';
}
$sql->closeCursor();?>
I want to delete some rows from my table. But when I click delete, this just show me a blank page. I'm sure about id value and my db connection.
This is my code:
// connect to the database
include('connect-db.php');
// confirm that the 'id' variable has been set
if (isset($_GET['id']) && is_numeric($_GET['id'])) {
// get the 'id' variable from the URL
$id = $_GET['id'];
// delete record from database
if ($stmt = $mysqli->prepare("DELETE FROM my_table WHERE id = ? LIMIT 1")) {
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
} else {
echo "ERROR: could not prepare SQL statement.";
}
$mysqli->close();
// redirect user after delete is successful
header("Location: Dashboard.php");
} else {
// if the 'id' variable isn't set, redirect the user
header("Location: Dashboard.php");
}
There is a similar question MySQLi Prepared Statement not executing
. Basically, you can try running the SQL directly in the database to see if you get any errors. Also confirm that the database user has delete permissions and that the id is stored as an integer in your database.
First I'd suggest you use the $_POST method, you can read more about it GET vs. POST.
Try using bindValue() instead of bindParam(), I believe something else needs to be declared for bindParam() I forget (I'm new at PHP too).
I've listed a list of rows from my mySQL database onto an admin page. I now simply want to add an icon beside each row giving the user the option to delete the row in question.
Here's my php delete link:
<i class="icon-circle-blank"></i>
And my delete.php file looks like:
<?php
require_once 'db.php';
global $con;
if(($_GET['action'] == 'delete') && isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "DELETE FROM quotes WHERE id = '$id'";
$query = mysqli_query($con, $sql);
}
header("location: http://localhost:81/logintest/home.php");
mysqli_close($con);
?>
From some reason when I click the link, the page just returns a blank page with no database rows being deleted. What am I overlooking?
Unless you're showing us a pseudo-code, this will not parse the PHP id variable:
delete.php?action=delete&id='$id'
you need either:
delete.php?action=delete&id=<?= $id ?>
or
delete.php?action=delete&id=<?php echo $id; ?>
Help with user deletion:
Hello I am creating a user creation system for a project of mine, I am still very new to PHP, my issue is getting the user from the MySQL database and then deleting it, I will show you my code below:
<?php
require_once("config/db.php");
if ($login->isUserLoggedIn() == true) {
if ($_SESSION['user_perm'] == 1) {
//Create Connection
$db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// Check connection
if ($db_connection->connect_error) {
die("Connection failed: " . $db_connection->connect_error);
}
$sql = "SELECT user_name FROM users";
$result = $db_connection->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo $row["user_name"];
$user_name_delete = $row["user_name"];
$_SESSION['user_name_delete'] = $user_name_delete;
echo 'Delete User<br>';
}
}
}
$db_connection->close(); ?>
On the deleteuser.php page my code is, note this was just a test:
<?php
echo $_SESSION['user_name_delete'];
?>
My issue with this is grabbing the user who you selected to delete as at the moment it only outputs the last user grabbed from the database.
Any help is much appreciated.
This value:
$_SESSION['user_name_delete']
Is going to contain only the last user in your data. Because you keep overwriting it in your loop:
$_SESSION['user_name_delete'] = $user_name_delete;
The short answer is... Don't use session state for this. (Really, you shouldn't use session state for much of anything unless you absolutely have to.) The identity of the user to be deleted should be included in the request to delete the user. In this case, you can add it to the link. Something like this:
echo 'Delete User<br>';
(Or whatever you use to identify the user in the data row.)
Then in deleteuser.php you can get that value from:
$_GET['id']
Validate the inputs, validate that the user is authorized to perform the delete, and then use that value in the WHERE clause of your DELETE query.
Get the users id and insert it into a delete query.
$id = $db->real_escape_string($_GET['id']);
$sql = "delete from users where id = " . $id; and then run the query to delete the user from the database.
I have a list of users with names and emails displayed for admins and users ON THE SAME PAGE....
If an admin views it it shows an extra column called "Action"
Which shows three links
Edit | Delete | Make Admin
--------------------------
I have the delete button grab information from that table row and move it into a link
Here is the setup
echo "
<td>
<a href='admin.php?action=deleteuser&username={$row['username']}'>Delete</a>
</td>";
Here it is in action:
admin.php?action=deleteuser&username=bob
I spaced it out for viewing purposes.....
Anyways
I want the site to somehow grab the information FROM the url and somehow delete the row where username is equal to "bob" or something like that
Any ways to do this? Please help out.
Also how would I make it secure since the page is accessible to anyone so if someone was to manually type that link they would delete it wouldn't they?
Maybe check if the user is admin before the link runs
Here is my check admin code
if (has_access($session_user_id, 1) === true) {
echo 'The user is an admin!';
}
Something like this in admin.php ?
function getLoginUserByCookie()
{
return isset($_COOKIE["loginusername"]) ? $_COOKIE["loginusername"] : "";
}
if(getLoginUserByCookie() != "admin")
{
header("Location: /login.php");
exit;
}
try {
$pdo = new PDO("mysql:host=localhost;dbname=mydatabase", "dbuser", "dbpass");
} catch (PDOException $e) {
echo $e->getMessage();
exit;
}
$strSQL = "DELETE FROM users WHERE (username=:username);";
$stmt = $pdo->prepare($strSQL);
$stmt->execute(array(
":username" => $_GET["username"]
));
/login.php is a big job, you might find some example to check login. And save loginusername in cookie.