guru62 Posted March 28, 2012 Share Posted March 28, 2012 hello im trying to delete a user from users table by using a button. This is my code: $sql= "SELECT user_name FROM users"; $result = mysql_query($sql); if(!$result) { echo 'Users could not be displayed, please try again later.' . mysql_error(); } else { if(mysql_num_rows($result) == 0) { echo 'There are no users.'; } else { echo '<table border="1"> <tr> <th>Users</th> <th>Delete user and their posts?</th> </tr>'; while ($row = mysql_fetch_array($result)) { if($_SERVER['REQUEST_METHOD'] != 'POST') { echo '<form method="post" action=""><tr>'; echo '<td class="leftpart">'; echo $row['user_name']; echo '</td>'; echo '<td class="rightpart"><form method="post" action=""><input type="submit" name="delete" value="DELETE - '. $row['user_name'] .' "></form></td>'; echo '</tr>'; } else { $sql="DELETE FROM users WHERE user_name = " . mysql_real_escape_string(($_POST['delete']); } } } } When I click the button, it does not delete the record, any ideas? Quote Link to comment Share on other sites More sharing options...
smerny Posted March 28, 2012 Share Posted March 28, 2012 value="DELETE - '. $row['user_name'] .' WHERE user_name = " . mysql_real_escape_string(($_POST['delete']); unless the user names are all "DELETE - someUserName", you'll want to remove the "DELETE - " part from the value Quote Link to comment Share on other sites More sharing options...
guru62 Posted March 28, 2012 Author Share Posted March 28, 2012 no luck, i want to use button to select the user that is displayed and delete their record but im having trouble in running the mysql query, here is my updated code, the delete query is at the bottom: $sql= "SELECT user_name FROM users"; $result = mysql_query($sql); if(!$result) { echo 'Users could not be displayed, please try again later.' . mysql_error(); } else { if(mysql_num_rows($result) == 0) { echo 'There are no users.'; } else { echo '<table border="1"> <tr> <th>Users</th> <th>Delete user and their posts?</th> </tr>'; while ($row = mysql_fetch_array($result)) { if($_SERVER['REQUEST_METHOD'] != 'POST') { echo '<form method="post" action=""><tr>'; echo '<td class="leftpart">'; echo $row['user_name']; echo '</td>'; echo '<td class="rightpart"><form method="post" action=""><input type="submit" name="delete" value="DELETE - '. $row['user_name'] .' "></form></td>'; echo '</tr>'; } else { $sql="DELETE FROM users WHERE user_name = " . mysql_real_escape_string($_GET['user_name']); } } } } Quote Link to comment Share on other sites More sharing options...
Jessica Posted March 28, 2012 Share Posted March 28, 2012 The immediate problem is you never run that query, you just assign it to a string value. You will need to add in a lot of error checking and data sanitation as well but that's the first problem, you never run it. Quote Link to comment Share on other sites More sharing options...
smerny Posted March 28, 2012 Share Posted March 28, 2012 i just looked at the code more and there are so many problems i'm not sure where to start.. couple other big things that stick out to me.. there is a check on request method for each row in the table? why? a button loads the page, so there is no point in putting the delete in the loop. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.