Mod-Jay Posted September 3, 2010 Share Posted September 3, 2010 Error: Deletes All the Tables Made.. Everything in the Database.. I want it to Delete The only 1 ITEM!! Code: <table border="2" cellspacing="0" cellpadding="5" class="tborder" width="80%"><tr><td>Name</td><td>Desc</td><td>Date Added</td><td>Edit</td><td>Delete</td></tr> <tr></tr> <?php $result = mysql_query("SELECT * FROM blog"); //the while loop while($r=mysql_fetch_array($result)) {$name=$r["name"];$desc=$r["descr"];$date=$r["date"];if(isset($_GET['action']) && $_GET['action'] == 'delete') {mysql_query("DELETE FROM blog WHERE name='". realEscape('name') ."'") or die(mysql_error());echo "News Deleted";}echo "<tr><td>News Name: $name</td><td>News Desc: $desc</td><td>Date Posted: $date</td><td><a href='edit.php'>Edit</a></td><td><a href='news.php?action=delete'>Delete</a></td></tr>";}?></table> Quote Link to comment Share on other sites More sharing options...
PradeepKr Posted September 3, 2010 Share Posted September 3, 2010 May be it is realEscape($r["name"]) and not realEscape('name') Quote Link to comment Share on other sites More sharing options...
Mod-Jay Posted September 3, 2010 Author Share Posted September 3, 2010 Atm , its with the "Delete" Everytime i click it on one Table, It Deletes All the Tables.. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 3, 2010 Share Posted September 3, 2010 Why do you have your DELETE query inside the while loop from the wildcard SELECT query? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 3, 2010 Share Posted September 3, 2010 It actually deletes all of the tables, or it deletes all of the records in the `blog` table? Quote Link to comment Share on other sites More sharing options...
PradeepKr Posted September 3, 2010 Share Posted September 3, 2010 Replace this if(isset($_GET['action']) && $_GET['action'] == 'delete') {mysql_query("DELETE FROM blog WHERE name='". realEscape('name') ."'") or die(mysql_error());echo "News Deleted";} with this if(isset($_GET['action']) && $_GET['action'] == 'delete') { $name = realEscape($r["name"]); if( isset($name) && $name != "") { $sql_delete = sprintf("DELETE FROM blog WHERE name='%s' ", realEscape($r["name"]) ); echo "SQL is |$sql_delete|"; //remove after debugging mysql_query("DELETE FROM blog WHERE name='". realEscape('name') ."'") or die(mysql_error()); echo "News Deleted"; } else { echo "name is empty"; }} Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted September 3, 2010 Share Posted September 3, 2010 You are retrieving everything with a SELECT query, looping through that data, deleting all the matching name= values, so, of course it is deleting everything... Remove the SELECT query and all the logic related to it. Why are you doing that in code that presumably is for deleting data from a table? Your code would need to receive a piece of unique data that identifies the row(s) that you do want to delete. Nothing in your posted code either makes a link/form that would provide that unique identifying data or makes use of that data if it was supplied. Quote Link to comment Share on other sites More sharing options...
Mod-Jay Posted September 3, 2010 Author Share Posted September 3, 2010 Replace this if(isset($_GET['action']) && $_GET['action'] == 'delete') {mysql_query("DELETE FROM blog WHERE name='". realEscape('name') ."'") or die(mysql_error());echo "News Deleted";} with this if(isset($_GET['action']) && $_GET['action'] == 'delete') { $name = realEscape($r["name"]); if( isset($name) && $name != "") { $sql_delete = sprintf("DELETE FROM blog WHERE name='%s' ", realEscape($r["name"]) ); echo "SQL is |$sql_delete|"; //remove after debugging mysql_query("DELETE FROM blog WHERE name='". realEscape('name') ."'") or die(mysql_error()); echo "News Deleted"; } else { echo "name is empty"; }} It didnt work.. Im having problems with it deleting everything.. i just want the delete to Delete that Just One im Deleting, If u have a Team-Veiwer Ill try to show u what i mean. EDIT Actully it did work.. It now Shows IT deleting Everything.. LOL.. Now how do i stop it? And make it Delete The Name Itself EDIT Now i Got it to Say its name.. it says correct name.. But it still Deletes them all ,I think it has Something to do With <td><a href='news.php?action=delete'>Delete $name</a></td> EDIT My Edited Code: <?php $result = mysql_query("SELECT * FROM blog"); //the while loop while($r=mysql_fetch_array($result)) {$id=$r["ID"];$name=$r["name"];$desc=$r["descr"];$date=$r["date"];if(isset($_GET['action']) && $_GET['action'] == 'delete') { $name = realEscape($r["name"]); if( isset($name) && $name != "") { $sql_delete = sprintf("DELETE FROM blog WHERE name='%s' ", realEscape($r["name"]) ); echo "SQL is |$sql_delete|"; //remove after debugging mysql_query("DELETE FROM blog WHERE name='". realEscape($name) ."'") or die(mysql_error()); echo "News Deleted"; } else { echo "name is empty"; }}echo "<tr><td>News Name: $name</td><td>News Desc: $desc</td><td>Date Posted: $date</td><td><a href='edit.php'>Edit</a></td><td><a href='news.php?action=delete'>Delete $name</a></td></tr>";}?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 3, 2010 Share Posted September 3, 2010 Where are you using this code to? Post your code here. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 3, 2010 Share Posted September 3, 2010 Change this: realEscape('name') to this: '$name'. WHERE name = name will match every record in the table. Also, its already been escaped once, so it doesn't need it again. Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 3, 2010 Share Posted September 3, 2010 Change this: realEscape('name') to this: '$name'. Why? Variables do not get parsed within single quotes! Quote Link to comment Share on other sites More sharing options...
Mod-Jay Posted September 3, 2010 Author Share Posted September 3, 2010 Change this: realEscape('name') to this: '$name'. WHERE name = name will match every record in the table. Also, its already been escaped once, so it doesn't need it again. Didnt work.. I also have ID so if u got anything to match it with an id , lets hear it.. **EDIT** Edited Code So far.. <?php $result = mysql_query("SELECT * FROM blog"); //the while loop while($r=mysql_fetch_array($result)) {$id=$r["ID"];$name=$r["name"];$desc=$r["descr"];$date=$r["date"];if(isset($_GET['action']) && $_GET['action'] == 'delete') { $id = realEscape($r["ID"]); if( isset($id) && $id != "") { $sql_delete = sprintf("DELETE FROM blog WHERE ID='%s' ", realEscape($r["ID"]) ); echo "SQL is |$sql_delete|"; //remove after debugging mysql_query("DELETE FROM blog WHERE ID='$id'") or die(mysql_error()); echo "News Deleted"; } else { echo "name is empty"; }}echo "<tr><td>News Name: $name</td><td>News Desc: $desc</td><td>Date Posted: $date</td><td><a href='edit.php'>Edit</a></td><td><a href='news.php?action=delete'>Delete $name</a></td></tr>";}?> Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 3, 2010 Share Posted September 3, 2010 This should not be in your while loop if(isset($_GET['action']) && $_GET['action'] == 'delete') { $id = realEscape($r["ID"]); if( isset($id) && $id != "") { $sql_delete = sprintf("DELETE FROM blog WHERE ID='%s' ", realEscape($r["ID"]) ); echo "SQL is |$sql_delete|"; //remove after debugging mysql_query("DELETE FROM blog WHERE ID='$id'") or die(mysql_error()); echo "News Deleted"; } else { echo "name is empty"; }} Move it outside of the loop! You should pass the records id you want to delete within your link <a href='news.php?action=delete&id=$id'>Delete $name</a> Now change this if(isset($_GET['action']) && $_GET['action'] == 'delete') { $id = realEscape($r["ID"]); if( isset($id) && $id != "") { To if(isset($_GET['action']) && $_GET['action'] == 'delete') { $id = realEscape($r["ID"]); if( isset($_GET['id']) && is_numeric($_GET['id'])) { $id = (int) $_GET['id']; Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 3, 2010 Share Posted September 3, 2010 Change this: realEscape('name') to this: '$name'. Why? Variables do not get parsed within single quotes! You're right; I overlooked the string concatenation. The correct string would be (or would have been): "DELETE FROM blog WHERE name = '$name'"; Quote Link to comment Share on other sites More sharing options...
Mod-Jay Posted September 3, 2010 Author Share Posted September 3, 2010 THANK YOU IT WORKS 100% Thanks WILDTEEN88 @@@@ ALSO how do i make it do ORDER BY desc ? I added it , Got Error: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Users\cory\Desktop\xampp\htdocs\Starter Kit(2)\admincp\pages\news.php on line 40 Code: <?php $result = mysql_query("SELECT * FROM blog ORDER BY desc"); //the while loop while($r=mysql_fetch_array($result)) {$id=$r["ID"];$name=$r["name"];$desc=$r["descr"];$date=$r["date"];echo "<tr><td>News Name: $name</td><td>News Desc: $desc</td><td>Date Posted: $date</td><td><a href='edit.php'>Edit</a></td><td><a href='news.php?action=delete&id=$id'>Delete $name</a></td></tr>";}?> Line 40: while($r=mysql_fetch_array($result)) Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted September 3, 2010 Share Posted September 3, 2010 Just one more thing you can remove this line $id = realEscape($r["ID"]); I forgot to remove it. Quote Link to comment Share on other sites More sharing options...
PradeepKr Posted September 5, 2010 Share Posted September 5, 2010 descr not desc SELECT * FROM blog ORDER BY descr Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.