Jump to content

Recommended Posts

Hi

 

I am new to php and programming in general and was wondering could someone help me with a question I have?  Below is a bit of code I adapted from looking through the internet.  I am using it to reterieve user information from a database.  What I want to know is how can I also add a 'Delete' function for each user that the list displays?  I know its probably easy but its wrecking my head!! ???

 

               

<?php
include "../config.php";

mysql_connect($server, $db_user, $db_pass) or die (mysql_error());
$result = mysql_db_query($database, "select * from $table order by id desc") or die (mysql_error());

if (mysql_num_rows($result)) {
   echo "Registered Members:<ul>";
   while ($qry = mysql_fetch_array($result)) {
      echo "<li>$qry[username] | <a href='$qry[website]' target='_blank'>$qry[website]</a></li>";
   }
}
?>

 

Thanks for any help in advance

 

Regards

Will

Link to comment
https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/
Share on other sites

Just use a query to display the users in a list and then add a link to the word "Delete" so it would look sort of like this:

echo "$username | $website | <a href='delete.php?username=$username'>Delete</a>";

 

This would be delete.php:

<?php

$username = $_GET['username'];

$delete = mysql_query("DELETE  FROM table WHERE username = $username") or die("Error: ".mysql_error());

echo "The user has been deleted";

?>

Some things to be aware of.  Google  "SQL Injection" and be aware of the risks.  Also, make sure any delete or update statements you send to the db have a WHERE clause.  Otherwise it'll delete or update the whole table.

 

SQL Injection vulnerabilities may not be too important for your current project (especially if you're doing it to learn php), but it's good to be aware of it and develop good practices to defend against it while you're still learning.

It's always better to over-sanitize data than to rely only on the php functions. 

 

That is not necessarily true. It is better to know what you are getting yourself into than to "over sanitize".

 

PHP provides a wonderful function called get_magic_quotes_gpc

http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php

 

What this does is tell you if your server is setup to automatically escape data from a form, if it is than you are free and clear on the injection. A good method to sanitize data would be something like this:

 

<?php
function clean($val) {
    return get_magic_quotes_gpc()?$val:mysql_real_escape_string($val);
}

foreach ($_POST as $key => $val) {
       $_POST[$key] = clean($val);
}
?>

 

That way if the data is already escaped it does not double escape it which makes for cleaner data and you know your data will be escaped properly.

 

EDIT: Modified the quote, it is always good to learn about how and why you are doing something. Just the over-sanitizing part is what can get you into trouble =)

Also, remember that the php functions, like mysql_real_escape_string, help... but it's no excuse to not read up and learn all you can about it.  It's always better to over-sanitize data than to rely only on the php functions. 

 

That is not necessarily true. It is better to know what you are getting yourself into than to "over sanitize".

 

PHP provides a wonderful function called get_magic_quotes_gpc

http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php

 

What this does is tell you if your server is setup to automatically escape data from a form, if it is than you are free and clear on the injection. A good method to sanitize data would be something like this:

 

That way if the data is already escaped it does not double escape it which makes for cleaner data and you know your data will be escaped properly.

 

While I agree, I do think it's good to know how to sanitize data and what get_magic_quotes_gpc is doing before one should rely on it.  Though I usually sanitize data myself, maybe I'm just over paranoid. 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.