|
-
Mar 25th, 2008, 05:11 AM
#1
Thread Starter
New Member
 [RESOLVED] deleting rows - MySQL-PHP
Hi guys.
Having a mysterious problem here...
Code:
$con = mysql_connect("localhost","username","password"); //connect to the mysql service
if (!$con) //if there is no connection;
{
die('Could not connect: ' . mysql_error()); //provide error
}
mysql_select_db("radio", $con); //select which database we want to use
$rem = $_POST['remuser'];
if ($rem=="")
{
echo "Please select a user to remove. <a href='admin.php?sel=destroy'>Try again</a>";
}
else
{
mysql_query("DELETE FROM 'accounts' WHERE username='$rem'"); //delete row from database
echo "Removed " . $rem;
}
See that MySQL query? Apparantly something is wrong with that. I have google'd for the past week or so looking at how everybody else on the internet removes entries from databases, and its the same as how i'm doing it (with variations, of course - most of which i've tried).
Echoing the contents of $rem after the mysql query returns a user i have selected on a previous form to remove (drop down form, code below), which means, AFAIK, the form is working as it should.
Code:
$blank = "";
$con = mysql_connect("localhost","username","password"); //connect to the mysql service
if (!$con) //if there is no connection;
{
die('Could not connect: ' . mysql_error()); //provide error
}
mysql_select_db("radio", $con); //select which database we want to use
$query="SELECT username FROM accounts";
/* You can add order by clause to the sql statement if the names are to be displayed in alphabetical order */
$result = mysql_query ($query);
echo "Select a user to remove:<br> <form name='remuser' action='admin-destroy.php' method='post'> <select name='remuser'>Remove User</option>";
// printing the list box select command
while($nt=mysql_fetch_array($result)){//Array or records stored in $nt
if ($nt[username]=="radmin") {
echo "<option value=$blank></option>";
}
else {
echo "<option value=$nt[username]>$nt[username]</option>";
}
/* Option values are added by looping through the array */
}
echo "</select> <input type='submit' value='Remove'/>";// Closing of list box
}
Does anybody have any ideas as to why rows wont be deleted?
php 5.2.5
mysql 5.0.51
-
Mar 25th, 2008, 06:44 AM
#2
Re: deleting rows - MySQL-PHP
It might be the quotes around the table name accounts. Calling mysql_error(); if the query returns 0 will show you if there are any error messages.
Also, you need to escape your variables before inserting them into your query. As it stands at the moment someone could wipe your entire table of users with an SQL string in 'remuser'. You should really be using PDO or mysqli as these support parametrized queries that escape the variables on your behalf.
-
Mar 25th, 2008, 09:07 AM
#3
Thread Starter
New Member
Re: deleting rows - MySQL-PHP
What the...
I am sure that i have tried that multiple times :P
Obviously not :P
It worked. Thanks a bunch! 
Security Vuln: Yeah, i'm just getting the thing to work first - my policy when coding is 1) work 2) secure 3) optimise :P
Thanks again
-
Mar 25th, 2008, 12:46 PM
#4
Re: [RESOLVED] deleting rows - MySQL-PHP
Your policy is flawed. Security should never be bolted on - it should be integrated into your code.
-
Mar 25th, 2008, 07:33 PM
#5
Re: [RESOLVED] deleting rows - MySQL-PHP
If you need to quote identifiers in MySQL, use backticks (`). That said, you shouldn't give your tables names that need quoting anyway.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
