Jump to content

Deleting SQL rows using PHP Commands

mrcarmine

By mrcarmine
in PHP Coding Help

 Share

Recommended Posts

mrcarmine Newbie

mrcarmine

Posted
Posted

Hello, I am trying to delete a row using php commands, please have a look whats wrong with my code.

 

 

// Perform deletion.

function delete_process() {

 

 

 

$res = mydb_connect();

if (!$res)

echo "Connection Unsuccessful!";

 

else {

$pk = $_POST["pk"];

$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "record deleted!";

 

echo "<p>";

present_list();

 

 

I keep getting the error message:

 

Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\student\*********\CRUD01\CustomerIndex1.php on line 163
 

 

*Asterisks added for discretion.

 

I think I have not got the correct table name for a start, where do I find this?

 

Link to comment
https://forums.phpfreaks.com/topic/178037-deleting-sql-rows-using-php-commands/
Share on other sites
waynew Advanced Member

waynew

Posted
Posted

Also, what are you doing here?

 

$pk = $_POST["pk"];
$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

 

Basically if $_POST is "hi", your query is going to look like:

 

DELETE FROM $Cur WHERE hi = hi

 

Your syntax is also wrong. You should be doing something like this:

 

$pk = $_POST['pk'];
$query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

 

You should also note that your script is open to SQL injection attacks. So you should really use the function mysql_real_escape_string() to clean data coming in from external sources ($_GET and $_POST)

 

$pk = mysql_real_escape_string($_POST['pk']);
$query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

mrcarmine Newbie

mrcarmine

Posted
  • Author
Posted

Also, what are you doing here?

 

$pk = $_POST["pk"];
$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

 

Basically if $_POST is "hi", your query is going to look like:

 

DELETE FROM $Cur WHERE hi = hi

 

Your syntax is also wrong. You should be doing something like this:

 

$pk = $_POST['pk'];
$query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

 

You should also note that your script is open to SQL injection attacks. So you should really use the function mysql_real_escape_string() to clean data coming in from external sources ($_GET and $_POST)

 

$pk = mysql_real_escape_string($_POST['pk']);
$query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

 

 

Thanks for the headsup on SQL injections and its remedy, I really appreciate that.

 

This may sound stupid but I dont know how to find the table name, can you locate it for me, here is the full script:

 

<html>

<head>

<title>Customers</title>

</head>

<body>

 

<h1>Customers</h1>

 

<?php

 

 

 

// Incorporate application-specific database connection functions.

require "./DBConn.inc";

 

// Display contents of table

function present_list()

{

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$cur = mydb_exec( $res, "select * from customers order by name" ); 

if (!$cur)

echo "Query failed.";

else {

echo "<p><table border=1>";

echo "<tr><th>NAME</th><th>ADDRESS</th><th>PHONE</th><th></th></tr>";

while (odbc_fetch_row($cur)) {

$pk = odbc_result($cur, "name"); // obtain primary key

echo "<tr>";

echo "<td>" . $pk . "</td>";

echo "<td>" . odbc_result($cur, "address") . "</td>";

echo "<td>" . odbc_result($cur, "phone") . "</td>";

echo "<td>";

$encodedPK = urlencode($pk);

echo " <a href=\"CustomerIndex.php?command=update&pk=$encodedPK\">Update</a>";

echo " <a href=\"CustomerIndex.php?command=delete&pk=$encodedPK\">Delete</a>";

echo "</td>";

echo "</tr>";

    }

    echo  "</table>";

echo  "<a href=\"CustomerIndex.php?command=insert\">New</a>";

}

}

}

 

// Display form contents

function present_form_body() {

?>

Name: <input type="text" name="name" value="<?php echo $GLOBALS['_name'] ?>">

<p>Address: <textarea name="address" rows="5" cols="60"><?php echo $GLOBALS['_address'] ?></textarea>

<p>Phone: <input type="textbox" name="phone" value="<?php echo $GLOBALS['_phone'] ?>">

<p><input type="submit" value="Submit">

<?php

}

 

// Display blank form for user to insert.

function present_insert_form() {

echo "<form method=\"post\" action=\"CustomerIndex.php?command=insert_process\">";

present_form_body();

echo "</form>";

}

 

// Process insertion request from $POST form contents

function insert_process() {

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$query = "insert into customers(name, address, phone) values (";

$query .= "'" . $_POST["name"] . "', ";

$query .= "'" . $_POST["address"] . "', ";

$query .= "'" . $_POST["phone"] . "'";

$query .= ")";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "Your details have been recorded!";

}

echo "<p>";

present_list();

}

 

// Display form for user to update, with default values set

// from row specified by the primary key

function present_update_form() {

// Obtain details about row specified in pk

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$pk = $_GET["pk"];

$query = "select * from customers where name='$pk'";

// echo $query;

$cur = mydb_exec( $res, $query ); 

if (!$cur)

echo "Query failed.";

else {

if (odbc_fetch_row($cur)) {

echo "<form method=\"post\" action=\"CustomerIndex.php?command=update_process\">";

$GLOBALS["_name"] = odbc_result($cur, "name"); // obtain row/column values

$GLOBALS["_address"] = odbc_result($cur, "address");

$GLOBALS["_phone"] = odbc_result($cur, "phone");

// Display form body

present_form_body();

echo "<input type=\"hidden\" name=\"pk\" value=\"$pk\">";

echo "</form>";

    } else

echo "Unable to retrieve record.";

}

}

}

 

// Perform update based on $POST form contents

function update_process() {

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$pk = $_POST["pk"];

$query = "update customers set ";

$query .= "name = '" . $_POST["name"] . "', ";

$query .= "address = '" . $_POST["address"] . "', ";

$query .= "phone = '" . $_POST["phone"] . "' ";

$query .= "where name = '$pk'";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "Your changes have been recorded!";

}

echo "<p>";

present_list();

}

 

// Ask user if he or she is sure about this...

function present_delete_confirmation() {

$pk = $_GET["pk"];

echo "Are you sure you wish to delete '$pk'?";

echo "<p><a href=\"CustomerIndex.php?command=delete_confirmed&pk=$pk\">Yes</a> ";

echo "<a href=\"CustomerIndex.php\">No</a>";

}

 

// Perform deletion.

function delete_process() {

 

 

 

$res = mydb_connect();

if (!$res)

echo "Connection Unsuccessful!";

 

else {

$pk = $_POST["pk"];

$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "record deleted!";

 

echo "<p>";

present_list();

 

 

 

}

 

// The '@' symbol before the line ensures that no warning will be

// displayed if $_GET["command"] doesn't exist yet.

@ $command = $_GET["command"];

 

switch ($command) {

case "insert":

present_insert_form();

break;

case "insert_process":

insert_process();

break;

case "update":

present_update_form();

break;

case "update_process":

update_process();

break;

case "delete":

present_delete_confirmation();

break;

case "delete_confirmed":

delete_process();

break;

default:

present_list();

}

 

?>

 

</body>

</html>

 

 

 

 

Is it 'customers'?

ialsoagree Newbie

ialsoagree

Posted
Posted

Just wanted to make the original poster aware, the corrections people have posted are right and should be used.

 

However, your original problem was related to the way you included an array into a string:

 

$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

 

To break it down, you have your string opening with a double quote:

 

"DELETE FROM $Cur WHERE $pk = $_POST["

 

Then you abruptly end your string in the middle of declaring an array! You can't use a double quote to refer to the array index because this tells PHP to stop the current string, not to search for an array index as a string. Instead, you should address the index using single quotes:

 

$query = "DELETE FROM $Cur WHERE $pk = $_POST['pk']  ";

 

Also, it's worth pointing out that anytime you use double quotes, you're telling PHP to parse the string for variables and classes.

 

So $_POST["pk"] tells PHP that inside this index reference you've included a PHP variable or class that you want PHP to parse. However, you actually haven't included a PHP variable or class, so you're wasting processing cycles because PHP has to parse a string that doesn't have any PHP in it. A reference to that index should look like $_POST['pk'] - the single quotes tell PHP not to parse the string and use it as is.

mrcarmine Newbie

mrcarmine

Posted
  • Author
Posted

Just wanted to make the original poster aware, the corrections people have posted are right and should be used.

 

However, your original problem was related to the way you included an array into a string:

 

$query = "DELETE FROM $Cur WHERE $pk = $_POST["pk"]  ";

 

To break it down, you have your string opening with a double quote:

 

"DELETE FROM $Cur WHERE $pk = $_POST["

 

Then you abruptly end your string in the middle of declaring an array! You can't use a double quote to refer to the array index because this tells PHP to stop the current string, not to search for an array index as a string. Instead, you should address the index using single quotes:

 

$query = "DELETE FROM $Cur WHERE $pk = $_POST['pk']  ";

 

Also, it's worth pointing out that anytime you use double quotes, you're telling PHP to parse the string for variables and classes.

 

So $_POST["pk"] tells PHP that inside this index reference you've included a PHP variable or class that you want PHP to parse. However, you actually haven't included a PHP variable or class, so you're wasting processing cycles because PHP has to parse a string that doesn't have any PHP in it. A reference to that index should look like $_POST['pk'] - the single quotes tell PHP not to parse the string and use it as is.

 

Since I am a bit of a rookie I do not really understand what you are saying, but I will only use single quotes in future, thanks for the advice.

 

I tried the code with the suggested remedie, but I am having this error now....

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to MySQL server on 'localhost' (10061) in D:\student\**********\CRUD01\CustomerIndex1.php on line 162

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in D:\student\**********\CRUD01\CustomerIndex1.php on line 162

 

Warning: odbc_exec() [function.odbc-exec]: SQL error: [Oracle][ODBC][Ora]ORA-00942: table or view does not exist , SQL state S0002 in SQLExecDirect in D:\student\**********\CRUD01\DBConn.inc on line 15

Operation failed.

 

 

This is my code.

 

 

<html>

<head>

<title>Customers</title>

</head>

<body>

 

<h1>Customers</h1>

 

<?php

 

 

 

// Incorporate application-specific database connection functions.

require "./DBConn.inc";

 

// Display contents of table

function present_list()

{

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$cur = mydb_exec( $res, "select * from customers order by name" ); 

if (!$cur)

echo "Query failed.";

else {

echo "<p><table border=1>";

echo "<tr><th>NAME</th><th>ADDRESS</th><th>PHONE</th><th></th></tr>";

while (odbc_fetch_row($cur)) {

$pk = odbc_result($cur, "name"); // obtain primary key

echo "<tr>";

echo "<td>" . $pk . "</td>";

echo "<td>" . odbc_result($cur, "address") . "</td>";

echo "<td>" . odbc_result($cur, "phone") . "</td>";

echo "<td>";

$encodedPK = urlencode($pk);

echo " <a href=\"CustomerIndex1.php?command=update&pk=$encodedPK\">Update</a>";

echo " <a href=\"CustomerIndex1.php?command=delete&pk=$encodedPK\">Delete</a>";

echo "</td>";

echo "</tr>";

    }

    echo  "</table>";

echo  "<a href=\"CustomerIndex1.php?command=insert\">New</a>";

}

}

}

 

// Display form contents

function present_form_body() {

?>

Name: <input type="text" name="name" value="<?php echo $GLOBALS['_name'] ?>">

<p>Address: <textarea name="address" rows="5" cols="60"><?php echo $GLOBALS['_address'] ?></textarea>

<p>Phone: <input type="textbox" name="phone" value="<?php echo $GLOBALS['_phone'] ?>">

<p><input type="submit" value="Submit">

<?php

}

 

// Display blank form for user to insert.

function present_insert_form() {

echo "<form method=\"post\" action=\"CustomerIndex1.php?command=insert_process\">";

present_form_body();

echo "</form>";

}

 

// Process insertion request from $POST form contents

function insert_process() {

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$query = "insert into customers(name, address, phone) values (";

$query .= "'" . $_POST["name"] . "', ";

$query .= "'" . $_POST["address"] . "', ";

$query .= "'" . $_POST["phone"] . "'";

$query .= ")";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "Your details have been recorded!";

}

echo "<p>";

present_list();

}

 

// Display form for user to update, with default values set

// from row specified by the primary key

function present_update_form() {

// Obtain details about row specified in pk

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$pk = $_GET["pk"];

$query = "select * from customers where name='$pk'";

// echo $query;

$cur = mydb_exec( $res, $query ); 

if (!$cur)

echo "Query failed.";

else {

if (odbc_fetch_row($cur)) {

echo "<form method=\"post\" action=\"CustomerIndex1.php?command=update_process\">";

$GLOBALS["_name"] = odbc_result($cur, "name"); // obtain row/column values

$GLOBALS["_address"] = odbc_result($cur, "address");

$GLOBALS["_phone"] = odbc_result($cur, "phone");

// Display form body

present_form_body();

echo "<input type=\"hidden\" name=\"pk\" value=\"$pk\">";

echo "</form>";

    } else

echo "Unable to retrieve record.";

}

}

}

 

// Perform update based on $POST form contents

function update_process() {

$res = mydb_connect();

if (!$res)

echo "Connection unsuccessful!";

else {

$pk = $_POST["pk"];

$query = "update customers set ";

$query .= "name = '" . $_POST["name"] . "', ";

$query .= "address = '" . $_POST["address"] . "', ";

$query .= "phone = '" . $_POST["phone"] . "' ";

$query .= "where name = '$pk'";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "Your changes have been recorded!";

}

echo "<p>";

present_list();

}

 

// Ask user if he or she is sure about this...

function present_delete_confirmation() {

$pk = $_GET["pk"];

echo "Are you sure you wish to delete '$pk'?";

echo "<p><a href=\"CustomerIndex1.php?command=delete_confirmed&pk=$pk\">Yes</a> ";

echo "<a href=\"CustomerIndex1.php\">No</a>";

}

 

// Perform deletion.

function delete_process() {

 

 

 

$res = mydb_connect();

if (!$res)

echo "Connection Unsuccessful!";

 

else {

$pk = mysql_real_escape_string($_POST['$pk']);

$query = "DELETE FROM TABLENAME WHERE COLUMN_NAME = '$pk'";

// echo $query; $cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "record deleted!";

 

}

 

echo "<p>";

present_list();

 

 

 

}

 

// The '@' symbol before the line ensures that no warning will be

// displayed if $_GET["command"] doesn't exist yet.

@ $command = $_GET["command"];

 

switch ($command) {

case "insert":

present_insert_form();

break;

case "insert_process":

insert_process();

break;

case "update":

present_update_form();

break;

case "update_process":

update_process();

break;

case "delete":

present_delete_confirmation();

break;

case "delete_confirmed":

delete_process();

break;

default:

present_list();

}

 

?>

 

</body>

</html>

mrcarmine Newbie

mrcarmine

Posted
  • Author
Posted

AHH, I think I have it working nearly, using this code:

 

 

// Perform deletion.

function delete_process() {

 

 

 

$res = mydb_connect();

if (!$res)

echo "Connection Unsuccessful!";

 

else {

$pk = $_POST['$pk'];

$query = "DELETE FROM customers WHERE name = '$pk'";

// echo $query;

$cur = mydb_exec( $res, $query); 

if (!$cur)

echo "Operation failed.";

else

echo "record deleted!";

 

}

 

echo "<p>";

present_list();

 

 

It gives me no errors and is giving me the message that the record has been deleted, but the only problem is the record is STILL THERE!!!!  :(

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.