WillBoss Posted April 19, 2007 Share Posted April 19, 2007 Hi I am new to php and programming in general and was wondering could someone help me with a question I have? Below is a bit of code I adapted from looking through the internet. I am using it to reterieve user information from a database. What I want to know is how can I also add a 'Delete' function for each user that the list displays? I know its probably easy but its wrecking my head!! ??? <?php include "../config.php"; mysql_connect($server, $db_user, $db_pass) or die (mysql_error()); $result = mysql_db_query($database, "select * from $table order by id desc") or die (mysql_error()); if (mysql_num_rows($result)) { echo "Registered Members:<ul>"; while ($qry = mysql_fetch_array($result)) { echo "<li>$qry[username] | <a href='$qry[website]' target='_blank'>$qry[website]</a></li>"; } } ?> Thanks for any help in advance Regards Will Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/ Share on other sites More sharing options...
PC Nerd Posted April 19, 2007 Share Posted April 19, 2007 what do you meaen by belete function..... as in to delete the use or their website or wat, and where? Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233641 Share on other sites More sharing options...
WillBoss Posted April 19, 2007 Author Share Posted April 19, 2007 Hi I want to be to delete a user is I wish from the list. Eg: Michael Mouse | http://disney.com | Delete Minnie Mouse | http://disney.com | Delete Will Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233649 Share on other sites More sharing options...
Unholy Prayer Posted April 20, 2007 Share Posted April 20, 2007 Just use a query to display the users in a list and then add a link to the word "Delete" so it would look sort of like this: echo "$username | $website | <a href='delete.php?username=$username'>Delete</a>"; This would be delete.php: <?php $username = $_GET['username']; $delete = mysql_query("DELETE FROM table WHERE username = $username") or die("Error: ".mysql_error()); echo "The user has been deleted"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233664 Share on other sites More sharing options...
WillBoss Posted April 20, 2007 Author Share Posted April 20, 2007 Thanks very much Unholy , I'll try that Regards Will Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233815 Share on other sites More sharing options...
WillBoss Posted April 20, 2007 Author Share Posted April 20, 2007 Bingo, that did the trick Unholy. Had to do a little tweaking but I got it to work. Thanks a mill! Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233894 Share on other sites More sharing options...
Michael Lasky Posted April 20, 2007 Share Posted April 20, 2007 Some things to be aware of. Google "SQL Injection" and be aware of the risks. Also, make sure any delete or update statements you send to the db have a WHERE clause. Otherwise it'll delete or update the whole table. SQL Injection vulnerabilities may not be too important for your current project (especially if you're doing it to learn php), but it's good to be aware of it and develop good practices to defend against it while you're still learning. Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233969 Share on other sites More sharing options...
WillBoss Posted April 20, 2007 Author Share Posted April 20, 2007 Where can I read more about Sql Injection. It doesnt sound good! Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233977 Share on other sites More sharing options...
cmgmyr Posted April 20, 2007 Share Posted April 20, 2007 if you use this: $output = mysql_real_escape_string($input); It will clean up most of that sql injection Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233981 Share on other sites More sharing options...
WillBoss Posted April 20, 2007 Author Share Posted April 20, 2007 What does $output = mysql_real_escape_string($input); mean exactly? Will Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233984 Share on other sites More sharing options...
cmgmyr Posted April 20, 2007 Share Posted April 20, 2007 Well, what it does pretty much is take out anything that might "destroy" your initial query. You will have to read up on sql injections for a better understanding. Take a look at: http://www.unixwiz.net/techtips/sql-injection.html Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233992 Share on other sites More sharing options...
WillBoss Posted April 20, 2007 Author Share Posted April 20, 2007 Thanks for that! Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-233994 Share on other sites More sharing options...
Michael Lasky Posted April 20, 2007 Share Posted April 20, 2007 Also, remember that the php functions, like mysql_real_escape_string, help... but it's no excuse to not read up and learn all you can about it. It's always better to over-sanitize data than to rely only on the php functions. Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-234043 Share on other sites More sharing options...
per1os Posted April 20, 2007 Share Posted April 20, 2007 It's always better to over-sanitize data than to rely only on the php functions. That is not necessarily true. It is better to know what you are getting yourself into than to "over sanitize". PHP provides a wonderful function called get_magic_quotes_gpc http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php What this does is tell you if your server is setup to automatically escape data from a form, if it is than you are free and clear on the injection. A good method to sanitize data would be something like this: <?php function clean($val) { return get_magic_quotes_gpc()?$val:mysql_real_escape_string($val); } foreach ($_POST as $key => $val) { $_POST[$key] = clean($val); } ?> That way if the data is already escaped it does not double escape it which makes for cleaner data and you know your data will be escaped properly. EDIT: Modified the quote, it is always good to learn about how and why you are doing something. Just the over-sanitizing part is what can get you into trouble =) Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-234054 Share on other sites More sharing options...
Michael Lasky Posted April 20, 2007 Share Posted April 20, 2007 Also, remember that the php functions, like mysql_real_escape_string, help... but it's no excuse to not read up and learn all you can about it. It's always better to over-sanitize data than to rely only on the php functions. That is not necessarily true. It is better to know what you are getting yourself into than to "over sanitize". PHP provides a wonderful function called get_magic_quotes_gpc http://us2.php.net/manual/en/function.get-magic-quotes-gpc.php What this does is tell you if your server is setup to automatically escape data from a form, if it is than you are free and clear on the injection. A good method to sanitize data would be something like this: That way if the data is already escaped it does not double escape it which makes for cleaner data and you know your data will be escaped properly. While I agree, I do think it's good to know how to sanitize data and what get_magic_quotes_gpc is doing before one should rely on it. Though I usually sanitize data myself, maybe I'm just over paranoid. Quote Link to comment https://forums.phpfreaks.com/topic/47816-newbee-database-query-question/#findComment-234066 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.