Problems with Deleting rows

[Shadowing]

 

I use this this same exact delete for users to delete their own account with no problem

for some reason this code below is deleting all my rows in each table

 

 

<?php 
if(isset($_POST['delete'])) {
                                                                      // this is a check box you need to check in order to confirm
 		if(empty($_POST['confirm'])){ 

 			echo "You need to check confirm";

}else{			

mysql_query("DELETE FROM `users` WHERE `goauld`= ".(int)($_POST['delete_goauld']));
mysql_query("DELETE FROM `game` WHERE `goauld`= ".(int)($_POST['delete_goauld']));

echo "$delete_goauld was deleted<br />\n";
}	
}
?> 

[scootstah]

Have you checked that $_POST['delete_goauld'] is set?

[MasterACE14]

I've got a feeling you've got the $_POST name wrong, all three containing 'delete' should either be 'delete_goauld'(including the isset()) or all three should be 'delete' ?

[scootstah]

I've got a feeling you've got the $_POST name wrong, all three containing 'delete' should either be 'delete_goauld'(including the isset()) or all three should be 'delete' ?

 

Maybe "delete" is the submit button or something.

[Shadowing]

This is driving me crazy lol. i cant believe i have this problem.

can you guys please see if you see any errors in this

what this code is for is to beable to delete users from  with in my site

i changed the Delete_goauld to dg

 

<php 

if(isset($_POST['delete'])) {

				$check6 = "SELECT goauld,monitor FROM users WHERE goauld='".mysql_real_escape_string($_POST['dg'])."'";
				$check5 = mysql_query($check6) or die(mysql_error());
				$check4 = mysql_fetch_array($check5);

        	if(empty($check4['goauld'])){

        	       		echo "Account doesnt exist";
       	}else{	
        	       		
       		if(empty($_POST['confirm'])){ 
			echo "You need to check confirm";
        	
       	}else{
 	        	
        	if(!empty($check4['monitor'])){

        			echo "You cant delete Mods or Admins";		
}else{			

	mysql_query("DELETE FROM `users` WHERE `goauld`= ".(int)($_POST['dg']));

	}

     }
}	
}

    <td align="center" class="cell"><input type="text" name="dg"  id="dg" /></td>
  </tr>
  <tr>
    <td colspan="2" align="right" class="cell"><input type="checkbox" name="confirm" id="confirm"> Confirm</td>
  
    <td colspan="2" align="right" class="cell"><input type="submit" name="delete" id="delete" value="Delete" /></td>
  </tr>
        <tr>	


?>

[Shadowing]

if i get rid of this

 

<?php        	

if(empty($check4['goauld'])){

        	       		echo "Account doesnt exist";
       	}else{	?>

 

and leave the field blank it deletes all names. how is that even possible

[PFMaBiSmAd]

What is your goauld column defined as and what are some of the values in it?

[Shadowing]

just names like Baal or anubis

 

i went on the extreme i just deleted all html and php on the page accept this code and it still does it. so that rules that out on anything conflicting with it.

 

im using this same code to let users delete their own accounts and it works fine but im using id which are numbers

so the (int) could be causing my issue? cuase im not using numbers

 

 <?php mysql_query("DELETE FROM `users` WHERE `id`= ".(int)($_SESSION['user_id'])); ?>

 

i dont know what else i can use besides (int)

[PFMaBiSmAd]

Since you goauld values are strings, you must compare the $_POST value as a string -

 

DELETE FROM `users` WHERE `goauld`= '{$_POST['gd']}'"

 

You'll need to escape $_POST['gd'] at some point prior to putting it's value into the query to prevent sql injection and to prevent any goauld name that may contain special sql characters from breaking the query.

 

Rather than typing the goauld name into an input field, why don't you make a select menu from the current goauld names in the database?

[coupe-r]

As a test, do this:

 

$user_id = (int)($_SESSION['user_id'];

$sql = "DELETE FROM users WHERE id = '".$user_id."'";

echo $sql;

 

Take the SQL code in your browser and run it in your mysql query analyzer.  See if you get any errors there.  Thats what I do when I get stuck.

[Shadowing]

that gave me a

Parse error: syntax error, unexpected ';' in C:\Software\XAMPP\xampp\htdocs\stargate\Users\test.php on line 4

 

coupe-r

 

 

a drop box would make things slower i would think. im setting it up where it auto fills in the persons name when you click ban on a profile

 

is their no other way to delete a row?

 

i tried to escape it but couldnt get the format right with it

 

 

[Pikachu2000]

The code you last posted can't be the actual code you're using. Post the actual code by copying and pasting it.

[Shadowing]

ya my last code i posted was me showing the code i use to let users delete their accounts and that it works great.

 

 

the code im using now is this "i cut the html out"

 

 <?php if(isset($_POST['delete'])) {

				$check6 = "SELECT goauld,monitor FROM users WHERE goauld='".mysql_real_escape_string($_POST['dg'])."'";
				$check5 = mysql_query($check6) or die(mysql_error());
				$check4 = mysql_fetch_array($check5);


        	       		
       		if(empty($_POST['confirm'])){ 
			echo "You need to check confirm";
        	
       	}else{
 	        	
        	if(!empty($check4['monitor'])){

        			echo "You cant delete Mods or Admins";		
}else{			

	mysql_query("DELETE FROM `users` WHERE `goauld`= ".(int)($_POST['dg']));
	mysql_query("DELETE FROM `game` WHERE `goauld`= ".(int)($_POST['dg']));


     }
}	
}

    <td align="center" class="cell">Delete Goa'uld</td>
    
    <td align="center" class="cell"><input type="text" name="dg"  id="dg" /></td>
  </tr>
  <tr>
    <td colspan="2" align="right" class="cell"><input type="checkbox" name="confirm" id="confirm"> Confirm</td>
  
    <td colspan="2" align="right" class="cell"><input type="submit" name="delete" id="delete" value="Delete" /></td>
  </tr>
        <tr>	


?>

 

 

 

 

 

and here is the full page of code but didnt want to bother anyone with it specially since i deleted everything but the code in question and it still deletes all rows

 

 

[Pikachu2000]

In the SELECT query, you treat $_POST['dg'] as a string, and in the DELETE queries you cast it as an integer. Which is it, and what is its value supposed to be? Have you echoed the query strings to make sure they contain the values you'd expect them to contain?

[Shadowing]

ok steping down to major basics lol

cause i have created accounts a million times in the last 5 hours

i have deleted everything but this code and it deletes all rows in both the tables

i have two users one is baal the other is anubis

 

 

<? require("safe.php"); ?>

<html>
<body>

<?php	

if(isset($_POST['delete'])) {

        	       		
	mysql_query("DELETE FROM `users` WHERE `goauld`= ".(int)($_POST['dg']));
	mysql_query("DELETE FROM `game` WHERE `goauld`= ".(int)($_POST['dg']));
    
}	

?>

<table width="350" border="0" cellpadding="2" cellspacing="2" class="table">
   <form method="post" action="">

<tr>
    <td align="center" class="cell">Delete Goa'uld</td>
    
    <td align="center" class="cell"><input type="text" name="dg"  id="dg" /></td>
</tr>
<tr>
    <td colspan="2" align="right" class="cell"><input type="checkbox" name="confirm" id="confirm"> Confirm</td>
  
    <td colspan="2" align="right" class="cell"><input type="submit" name="delete" id="delete" value="Delete" /></td>
</tr>
<tr>
</tr>
  	</form>
</table>
</body>
</html> ?>

[Pikachu2000]

If the values are strings, why are you casting the $_POST array elements as integers?

[Shadowing]

i guess i dont understand

 

$_POST is only for numbers?

[Pikachu2000]

No. You are casting the string values as integers. What do you think prepending (int) to a variable does? That shows me that you haven't echoed the query strings, as was previously recommended. Echoing things is the number one step to debugging.

[Shadowing]

alright thanks for breaking it further down with me so i can understand this

I echo it and i got the number 1

 

not sure what that means

i thought it meant yes the record exist

and 0 it doesnt

 

<?php	

if(isset($_POST['delete'])) {

$test =	mysql_query("DELETE FROM `game` WHERE `goauld`= ".(int)($_POST['dg']));
    
	echo $test;
}	

?>

[Shadowing]

oh wait i think i know what you are saying now

 

so im turning input into 1 meaning yes

 

so im saying delete from game where goauld is yes

 

so delete all rows a goauld is at

 

lol is that right?

[Drummin]

What is your goauld column defined as and what are some of the values in it?

just names like Baal or anubis

Since you goauld values are strings, you must compare the $_POST value as a string -

 

DELETE FROM `users` WHERE `goauld`= '{$_POST['gd']}'"

 

You'll need to escape $_POST['gd'] at some point prior to putting it's value into the query to prevent sql injection and to prevent any goauld name that may contain special sql characters from breaking the query.

 

Rather than typing the goauld name into an input field, why don't you make a select menu from the current goauld names in the database?

 

<?php 
if(isset($_POST['delete'])) {
// this is a check box you need to check in order to confirm
if(empty($_POST['confirm'])){ 
	echo "You need to check confirm";
}else{			
		   
mysql_query("DELETE FROM `users` WHERE `goauld`= '".mysql_real_escape_string($_POST['gd'])."'");
mysql_query("DELETE FROM `users` WHERE `goauld`= '".mysql_real_escape_string($_POST['gd'])."'");

echo "$delete_goauld was deleted<br />\n";
}	
}
?>

[kleb]

why dont you run your checks first after if( $_POST['delete'])  before you run the MYSQL QUERY.it will make things easier that way

[Shadowing]

thanks alot Drummin that works

 

Hey kleb

 

I thought my checks are after the post delete and before the mysql query?

 

if there is a better order i should be doing this in id like to know