Jump to content

Simple Delete Record

aeafisme23

By aeafisme23
in PHP Coding Help

 Share

Recommended Posts

aeafisme23 Member

aeafisme23

Posted
Posted

Database Structure:

tables: areacode, dealer, dealerinfo  (areacode is primary id as it's unique)

 

test link:  http://thegreatestsave.org/ut/search.php    (574 and 765 are the only working ones i put for test purposes)

 

Search input box used to find all records in areacode put in. I added delete and edit (both not working, but focusing on delete unless you are so leet you want to throw a forum thread my way)

 

I am unsure of how to pass the variables to the delete_record.php to successfully delete that individual record so i will paste the code for the 2 pages.

 

search.php  partial code (referencing the part i dont know how to pass the variable correctly in bold)

 

//table background color = row_color variable.........
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\">
[b]<a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";[/b]
echo "</table></center>";

 

search.php Complete Code

<?php

//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');

//search variable = data in search box or url
if(isset($_GET['search']))
{
$search = $_GET['search'];
}

//trim whitespace from variable
$search = trim($search);
$search = preg_replace('/\s+/', ' ', $search);

//seperate multiple keywords into array space delimited
$keywords = explode(" ", $search);

//Clean empty arrays so they don't get every row as result
$keywords = array_diff($keywords, array(""));

//Set the MySQL query
if ($search == NULL or $search == '%'){
} else {
for ($i=0; $i<count($keywords); $i++) {
$query = "SELECT * FROM dealer WHERE areacode = '$keywords[$i]'";
}

//Store the results in a variable or die if query fails
$result = mysql_query($query) or die(mysql_error());
}
if ($search == NULL or $search == '%'){
} else {
//Count the rows retrived
$count = mysql_num_rows($result);
}

echo "<html>";
echo "<head>";
echo "<title>search</title>";
echo "</head>";
echo "<body onLoad=\"self.focus();document.searchform.search.focus()\">";
echo "<center>";
echo "<br /><form name=\"searchform\" method=\"GET\" action=\"search.php\">";
echo "<input type=\"text\" name=\"search\" size=\"20\" TABINDEX=\"1\" />";
echo " <input type=\"submit\" value=\"Search\" />";
echo "</form>";
//If search variable is null do nothing, else print it.
if ($search == NULL) {
} else {
echo "You searched for <b><FONT COLOR=\"blue\">";
foreach($keywords as $value) {
   print "$value ";
}
echo "</font></b>";
}
echo "<p> </p><br />";
echo "</center>";

//If users doesn't enter anything into search box tell them to.
if ($search == NULL){
echo "<center><b><FONT COLOR=\"red\">Please enter a search parameter to continue.</font></b><br /></center>";
} elseif ($search == '%'){
echo "<center><b><FONT COLOR=\"red\">Please enter a search parameter to continue.</font></b><br /></center>";
//If no results are returned print it
} elseif ($count <= 0){
echo "<center><b><FONT COLOR=\"red\">Your query returned no results from the database.</font></b><br /></center>";
//ELSE print the data in a table
} else {
//Table header
echo "<center><table width=\"680\" id=\"search\" bgcolor=\"#AAAAAA\">";
echo "<tr>";
echo "<td width=\"100\" valign=\"top\"><b>Area Code</b></td>";
echo "<td width=\"150\" valign=\"top\"><b>Dealer</b></td>";
echo "<td width=\"300\" valign=\"top\"><b>Dealer Info</b></td>";
echo "<td width=\"65\" valign=\"top\"> </td><td width=\"65\" valign=\"top\"> </td><tr>";
echo "</table></center>";

//Colors for alternation of row color on results table
$color1 = "#d5d5d5";
$color2 = "#e5e5e5";
//While there are rows, print it.
while($row = mysql_fetch_array($result))
{
//Row color alternates for each row
$row_color = ($row_count % 2) ? $color1 : $color2;
//table background color = row_color variable
echo "<center><table width=\"680\" bgcolor=".$row_color.">";
echo "<tr>";
echo "<td width=\"100\" valign=\"top\">".$row['areacode']."</td>";
echo "<td width=\"150\" valign=\"top\">".$row['dealer']."</td>";
echo "<td width=\"300\" valign=\"top\">".$row['dealerinfo']."</td>";
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\"><a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";
echo "</table></center>";
$row_count++;
//end while
}
//end if
}

echo "</body>";
echo "</html>";
if ($search == NULL or $search == '%') {
} else {
//clear memory
mysql_free_result($result);
}
?>

 

 

 

delete_record.php (all kinds of messed up)

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>United Truck Parts - Delete Results</title>
</head>

<body>
<?php
//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');

$keywords = $_GET['keywords'];

// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

?>

you deleted results <?php echo $search ; ?>
</body>
</html>

 

 

 

Link to comment
Share on other sites
websiterepairguys Newbie

websiterepairguys

Posted
Posted 

[code]
//table background color = row_color variable.........
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\">
[b]<a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";[/b]
echo "</table></center>";

[/code]

 

Your error is the link to delete.  You should use urlencode to encode the keywords.

 

<a href=\"delete_record.php?keywords=".urlencode($keywords)."\">Delete</a>

 

 

But I would like to add that this is bad design.  You should consider using primary keys (autonumber field in mysql)

 

<a href=\"delete_record.php?id=$id\">Delete</a>

 

Another problem.  Your code is screaming SQL Injection attack.  Google that phrase.

 

I could delete all the records in your table with a simply change to the url for delete_record.php

 


$keywords = $_GET['keywords'];

// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

 

$keywords variable needs to be escaped like this:

 

 


$keywords = mysql_escape_string($_GET['keywords']);
// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

 

Link to comment
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

Ok so i changed the structure a little bit of my database and added a auto incremented field called id and then changed this on:

(I think on search.php -above- i am not passing it to the delete page, check the url if your new to this post to see demo. Thanks so much for a response already!

 

search.php

 

<a href=\"delete_record.php?id='$id'\">Delete</a>

 

and changed this on

delete_records.php 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>United Truck Parts - Delete Results</title>
</head>

<body>
<?php
//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');


$keywords = mysql_escape_string($_GET['id']);
// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE id = '$id'") or die(mysql_error());


?>

you deleted results <?php echo $search ; ?>
</body>
</html>

 

 

Link to comment
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

Changed it and still when i hover over "delete" on search.php the status bar of a browser says delete_record.php?id=

 

For whatever reason it's saying that the id is null for that when in reality checking my database it is very clear that each record has an id. Did i miss something in search.php to make sure the id is declared?

Link to comment
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

mysql_query("DELETE FROM dealer WHERE id=$id");mysql_close($con);

 

 

that is the only thing in delete_record.php that it shows id.

 

I think there is something wrong with the search.php but i cant locate it for the life of me. If anyone need more info or to repost all the code let me know. Thanks everyone for the re-posts.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.