...

View Full Version : Can't delete by id in mysql



elrando
10-26-2009, 04:40 PM
Hello, i found this snippit i've been trying to fix to delete links i put on my site. (I am working on an admin section) I want it to delete by id specifically, it does delete but it deletes in order the links were put in the database.

Here's the code for delete.php (lists all the links)

<?php
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("localhost","root","");

//select which database you want to edit
mysql_select_db("links");

//display all the links
$result = mysql_query("select * from links order by id");

//run the while loop that grabs all links
while($row=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id = $row['id'];
$title = $row['title'];
$url = $row['url'];

//make the title a link
echo "<a target=_blank href='$url'>$title</a>&nbsp;&nbsp;&nbsp;&nbsp;<a href='delete_now.php?cmd=delete&id=$id'>Delete</a>";
echo "<br>";
}

?>

Here's the code for delete_now.php (deletes the links from the database)


<?php
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("localhost","root","");

//select which database you want to edit
mysql_select_db("links");

//If cmd has not been initialized
if(!isset($cmd))
{
//display all the links
$result = mysql_query("select * from links order by id");

//run the while loop that grabs all links
while($row=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id = $row['id'];
$title = $row['title'];
$url = $row['url'];


}
}

if($_GET["cmd"]=="delete")
{
$sql = "DELETE FROM links WHERE id=$id";
$result = mysql_query($sql);
header("location: delete.php");
//echo "Row deleted!";

}

?>

I am new to php any help would be appreciated.
Thanks,
Randy.

tomws
10-26-2009, 05:12 PM
You need to fetch the id from the GET string before you attempt your delete. Something like this:

if($_GET["cmd"]=="delete")
{
$id = $_GET['id'];
$sql = "DELETE FROM links WHERE id=$id";
$result = mysql_query($sql);
header("location: delete.php");
//echo "Row deleted!";

}


There are several security issues with your code. 1) You're open to SQL injection, and 2) you don't confirm the delete request is coming from someone authorized to delete records, meaning anyone who stumbles across these pages can delete at will.

Also, the whole if (!isset... section of delete_now appears to be completely useless unless I'm missing something.

Fou-Lu
10-26-2009, 05:15 PM
This is relying on an old old directive called register_globals. This will be officially terminated as of PHP6.
Fix:


<?php
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("localhost","root","") or die('Could not connect to database!');

//select which database you want to edit
mysql_select_db("links");

//If cmd has not been initialized
/* This entire block is not necessary.
if(!isset($cmd))
{
//display all the links
$result = mysql_query("select * from links order by id");

//run the while loop that grabs all links
while($row=mysql_fetch_array($result))
{
//grab the title and the ID of the news
$id = $row['id'];
$title = $row['title'];
$url = $row['url'];


}
}*/

if(isset($_GET['cmd']) && $_GET["cmd"] == "delete")
{
// I'm assuming that $id is an integer value, likely auto-increment in origin
$sql = "DELETE FROM links WHERE id=" . (int)$_GET['id'];
// This should be error checked:

if (false !== @mysql_query($sql))
{
header("location: delete.php");
}
// Maybe add an error page?
else
{
header('Location: errorpage.php');
}
}

?>

abduraooft
10-26-2009, 05:21 PM
$result = mysql_query($sql);
Always add proper error checks to your code while development, say for your query, changing it like

$result = mysql_query($sql) or die(mysql_error()); would have shown you the issues.

elrando
10-26-2009, 06:53 PM
Thank you guys for helping me out. I appreciate it, I guess I have a long way to go before I reach the level of anyone here. Thanks Fou-Lu I used your code, it works perfectly.

I'll have more questions soon.

Randy.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum