Ptsface12 Posted July 20, 2011 Share Posted July 20, 2011 Hello, I currently have a piece of code, that works when it doesn't check if the buttons been pressed. However, when put into ISSET the code doesn't work, and the MySQL echos back You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1 My full code is: <? session_start(); if(!session_is_registered(username)){ header("location:../index.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PS3Panda • Housekeeping • Home</title> <link href="styles/layout.css" rel="stylesheet" type="text/css" /> <link href="styles/wysiwyg.css" rel="stylesheet" type="text/css" /> <!-- Theme Start --> <link href="themes/blue/styles.css" rel="stylesheet" type="text/css" /> <!-- Theme End --> </head> <?php if ((isset($_GET['action']))&&($_GET['action'] == 'delete')) { $user_id = (int) $_GET['id']; include 'config.php'; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $query = mysql_query("SELECT username FROM users WHERE id='$user_id'"); $row = mysql_fetch_assoc($query); } If(isset($_POST['delete'])) { $user_id = (int) $_GET['id']; include 'config.php'; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $result = mysql_query("DELETE FROM users WHERE id='$user_id'"); $return = mysql_query($result) or die(mysql_error()); echo $return; } ?> <body id="homepage"> <div id="header"> <a href="" title=""><img SRC="img/cp_logo.png" alt="Control Panel" class="logo" /></a> <div id="searcharea"> <p class="left smltxt"><a href="#" title="">Advanced</a></p> <input type="text" class="searchbox" value="Search control panel..." onclick="if (this.value =='Search-2520control-2520panel..-2E'){this.value=''}"/> <input type="submit" value="Search" class="searchbtn" /> </div> </div> <!-- Top Breadcrumb Start --> <div id="breadcrumb"> <ul> <li><img SRC="img/icons/icon_breadcrumb.png" alt="Location" /></li> <li><strong>Location:</strong></li> <li><a href="#" title="">Manage Users</a></li> <li>/</li> <li class="current">Delete <?php echo $row['username']; ?></li> </ul> </div> <!-- Top Breadcrumb End --> <!-- Right Side/Main Content Start --> <div id="rightside"> <!-- Status Bar Start --><!-- Status Bar End --> <!-- Red Status Bar Start --><!-- Red Status Bar End --> <!-- Green Status Bar Start --><!-- Green Status Bar End --> <!-- Blue Status Bar Start --><!-- Blue Status Bar End --> <!-- Content Box Start --> <div class="contentcontainer"> <div class="headings alt"> <h2>Delete <?php echo $row['username']; ?>?</h2> </div> <div class="contentbox"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="2%"> </td> <td width="98%">You have decided to delete <?php echo $row['username']; ?>, would you like to delete them from the database?</td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="submit" class="btn" value="Delete User" id="delete" name="delete" /><a href="manageusers.php"> <input type="submit" class="btnalt" value="Return to last page" id="return" name="return"/> </a></form></td> </tr> </table> </div> </div> <!-- Content Box End --> <!-- Graphs Box Start --><!-- Graphs Box End --> <!-- Alternative Content Box Start --><!-- Alternative Content Box End --> <div style="clear:both;"></div> <!-- Content Box Start --><!-- Content Box End --> <div id="footer"> © Copyright 2011 PS3Panda</div> </div> <!-- Right Side/Main Content End --> <!-- Left Dark Bar Start --> <?php include 'sidebar.php'; ?> <!-- Left Dark Bar End --> <!-- Notifications Box/Pop-Up Start --> <div id="notificationsbox"> <h4>Notifications</h4> <ul> <?php include 'notifypop.php'; ?> </ul> <p class="loadmore"><a href="#" title="">Load more notifications</a></p> </div> <!-- Notifications Box/Pop-Up End --> <script type="text/javascript" SRC="http://dwpe.googlecode.com/svn/trunk/_shared/EnhanceJS/enhance.js"></script> <script type='text/javascript' SRC="http://dwpe.googlecode.com/svn/trunk/charting/js/excanvas.js"></script> <script type='text/javascript' SRC="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> <script type='text/javascript' SRC="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.6/jquery-ui.min.js"></script> <script type='text/javascript' SRC="scripts/jquery.wysiwyg.js"></script> <script type='text/javascript' SRC="scripts/visualize.jQuery.js"></script> <script type="text/javascript" SRC="scripts/functions.js"></script> <!--[if IE 6]> <script type='text/javascript' src='scripts/png_fix.js'></script> <script type='text/javascript'> DD_belatedPNG.fix('img, .notifycount, .selected'); </script> <![endif]--></body> </html> The code we're looking at is: <?php if ((isset($_GET['action']))&&($_GET['action'] == 'delete')) { $user_id = (int) $_GET['id']; include 'config.php'; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $query = mysql_query("SELECT username FROM users WHERE id='$user_id'"); $row = mysql_fetch_assoc($query); } If(isset($_POST['delete'])) { $user_id = (int) $_GET['id']; include 'config.php'; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $result = mysql_query("DELETE FROM users WHERE id='$user_id'"); $return = mysql_query($result) or die(mysql_error()); echo $return; } ?> Any help is most appreciated! Best Wishes, Ptsface12 Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 Hello, Does anybody understand this problem? best wishes, Ptsface12 Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 the main issue that I see here is that you are running your delete query twice, which will cause an error since it won't be able to find that id twice.. $result = mysql_query("DELETE FROM users WHERE id='$user_id'"); //you run it here $return = mysql_query($result) or die(mysql_error()); //and again here remove one of these 2 lines.. Quote Link to comment Share on other sites More sharing options...
Maq Posted July 20, 2011 Share Posted July 20, 2011 Does anybody understand this problem? Please give adequate time for people to answer your question. I believe what is happening is that since you're calling mysql_query twice, the second call is trying to execute a query on a resource id (1). $result = mysql_query("DELETE FROM users WHERE id='$user_id'"); Now $result is the resource id, which in your particular error message is 1. You're calling mysql_query() again on $result, passing in 1: $return = mysql_query($result) or die(mysql_error()); which is an invalid query. Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 Oh right, cheers guys. I was actually told by another member in another thread to run that script to echo back any mysql problems. But like I said, thanks! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 yeah you can use the line that has the or die(mysql_error()) to debug your query, just remove the first line so there is only one query being executed .. Quote Link to comment Share on other sites More sharing options...
Maq Posted July 20, 2011 Share Posted July 20, 2011 I typically like to create a pure String for the query, that way you can echo exactly what you're passing in: $query = "DELETE FROM users WHERE id='$user_id'"; $return = mysql_query($query) or die(mysql_error()); I would also take a look at this article to learn how to handle mysql exceptions properly: http://www.phpfreaks.com/blog/or-die-must-die Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 Hey, Thanks for that. But for some reason, I run the query now, and it just refreshes the page but doesn't delete it. If I run the SAME query out of the !isset, it'll delete, but won't delete if it's in the isset. Best Wishes, Ptsface12 Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 your isset condition needs to be met in order for the query to run, is it being met and this is happening? Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 Hello, Thanks for the reply. Would you like me to post my current code? Best Wishes, Ptsface12 Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 if the answer to the question that I asked is a yes, then yes post the new code please Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 <? session_start(); if(!session_is_registered(username)){ header("location:../index.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>PS3Panda • Housekeeping • Home</title> <link href="styles/layout.css" rel="stylesheet" type="text/css" /> <link href="styles/wysiwyg.css" rel="stylesheet" type="text/css" /> <!-- Theme Start --> <link href="themes/blue/styles.css" rel="stylesheet" type="text/css" /> <!-- Theme End --> </head> <?php include 'config.php'; $user_id = (int) $_GET['id']; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $query = mysql_query("SELECT username FROM users WHERE id='$user_id'"); $row = mysql_fetch_assoc($query); ?> <body id="homepage"> <div id="header"> <a href="" title=""><img SRC="img/cp_logo.png" alt="Control Panel" class="logo" /></a> <div id="searcharea"> <p class="left smltxt"><a href="#" title="">Advanced</a></p> <input type="text" class="searchbox" value="Search control panel..." onclick="if (this.value =='Search-2520control-2520panel..-2E'){this.value=''}"/> <input type="submit" value="Search" class="searchbtn" /> </div> </div> <!-- Top Breadcrumb Start --> <div id="breadcrumb"> <ul> <li><img SRC="img/icons/icon_breadcrumb.png" alt="Location" /></li> <li><strong>Location:</strong></li> <li><a href="#" title="">Manage Users</a></li> <li>/</li> <li class="current">Delete <?php echo $row['username']; ?></li> </ul> </div> <!-- Top Breadcrumb End --> <!-- Right Side/Main Content Start --> <div id="rightside"> <!-- Status Bar Start --><!-- Status Bar End --> <!-- Red Status Bar Start --><!-- Red Status Bar End --> <!-- Green Status Bar Start --><!-- Green Status Bar End --> <!-- Blue Status Bar Start --><!-- Blue Status Bar End --> <!-- Content Box Start --> <div class="contentcontainer"> <div class="headings alt"> <h2>Delete <?php echo $row['username']; ?>?</h2> </div> <div class="contentbox"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <?php If(isset($_POST['delete'])) { $user_id = (int) $_GET['id']; include 'config.php'; mysql_connect(localhost,$username, $password); @mysql_select_db($database) or die ("Unable to select Database"); $newquery = "DELETE FROM users WHERE id='$user_id'"; $return = mysql_query($newquery) or die(mysql_error()); } ?> <tr> <td width="2%"> </td> <td width="98%">You have decided to delete <?php echo $row['username']; ?>, would you like to delete them from the database?</td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td> </td> <td><form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="submit" class="btn" value="Delete User" id="delete" name="delete" /><a href="manageusers.php"> <input type="submit" class="btnalt" value="Return to last page" id="return" name="return"/> </a></form></td> </tr> </table> </div> </div> <!-- Content Box End --> <!-- Graphs Box Start --><!-- Graphs Box End --> <!-- Alternative Content Box Start --><!-- Alternative Content Box End --> <div style="clear:both;"></div> <!-- Content Box Start --><!-- Content Box End --> <div id="footer"> © Copyright 2011 PS3Panda</div> </div> <!-- Right Side/Main Content End --> <!-- Left Dark Bar Start --> <?php include 'sidebar.php'; ?> <!-- Left Dark Bar End --> <!-- Notifications Box/Pop-Up Start --> <div id="notificationsbox"> <h4>Notifications</h4> <ul> <?php include 'notifypop.php'; ?> </ul> <p class="loadmore"><a href="#" title="">Load more notifications</a></p> </div> <!-- Notifications Box/Pop-Up End --> <script type="text/javascript" SRC="http://dwpe.googlecode.com/svn/trunk/_shared/EnhanceJS/enhance.js"></script> <script type='text/javascript' SRC="http://dwpe.googlecode.com/svn/trunk/charting/js/excanvas.js"></script> <script type='text/javascript' SRC="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script> <script type='text/javascript' SRC="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.6/jquery-ui.min.js"></script> <script type='text/javascript' SRC="scripts/jquery.wysiwyg.js"></script> <script type='text/javascript' SRC="scripts/visualize.jQuery.js"></script> <script type="text/javascript" SRC="scripts/functions.js"></script> <!--[if IE 6]> <script type='text/javascript' src='scripts/png_fix.js'></script> <script type='text/javascript'> DD_belatedPNG.fix('img, .notifycount, .selected'); </script> <![endif]--></body> </html> Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 where is this $_POST['delete'] coming from? I don't even see a form on the code that you posted... Edit: also you are using session_is_registered..which is deprecated..change to session_start(); if(isset($_SESSION['username'])){ header("location:../index.php"); } Quote Link to comment Share on other sites More sharing options...
Ptsface12 Posted July 20, 2011 Author Share Posted July 20, 2011 Hello, It's slightly below that code <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="submit" class="btn" value="Delete User" id="delete" name="delete" /><a href="manageusers.php"> <input type="submit" class="btnalt" value="Return to last page" id="return" name="return"/> </a></form> Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted July 20, 2011 Share Posted July 20, 2011 Alright let's clean this up...don't capitalize the I's in your if statements..If should be if, simply for eticate.. Do not use $_SERVER['PHP_SELF']; as your form action, this can lead to XSS injection, you can google it if you want to learn more about it...in this case you will want to make the link a dynamic on with the correct id for what you are trying to do, since in your if conditional block you query depends on $_GET['id'], you will need to specify that in your code...you can make the action="script_name.php?id=$id" instead or something that doesn't involve PATH_INFO.. the code that you have should work if you make those changes..if not let us know...most likely what is happening is your query is actually running, but it isn't grabbing $_GET['id'] since you do not specify it in your form action Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted July 20, 2011 Share Posted July 20, 2011 There is a good post about PHP_SELF security if you are interested in to looking in that. http://www.mc2design.com/blog/php_self-safe-alternatives Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.