Jump to content

Simple Delete Record

aeafisme23

By aeafisme23
in PHP Coding Help

Recommended Posts

aeafisme23 Member

aeafisme23

Posted
Posted

Database Structure:

tables: areacode, dealer, dealerinfo  (areacode is primary id as it's unique)

 

test link:  http://thegreatestsave.org/ut/search.php    (574 and 765 are the only working ones i put for test purposes)

 

Search input box used to find all records in areacode put in. I added delete and edit (both not working, but focusing on delete unless you are so leet you want to throw a forum thread my way)

 

I am unsure of how to pass the variables to the delete_record.php to successfully delete that individual record so i will paste the code for the 2 pages.

 

search.php  partial code (referencing the part i dont know how to pass the variable correctly in bold)

 

//table background color = row_color variable.........
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\">
[b]<a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";[/b]
echo "</table></center>";

 

search.php Complete Code

<?php

//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');

//search variable = data in search box or url
if(isset($_GET['search']))
{
$search = $_GET['search'];
}

//trim whitespace from variable
$search = trim($search);
$search = preg_replace('/\s+/', ' ', $search);

//seperate multiple keywords into array space delimited
$keywords = explode(" ", $search);

//Clean empty arrays so they don't get every row as result
$keywords = array_diff($keywords, array(""));

//Set the MySQL query
if ($search == NULL or $search == '%'){
} else {
for ($i=0; $i<count($keywords); $i++) {
$query = "SELECT * FROM dealer WHERE areacode = '$keywords[$i]'";
}

//Store the results in a variable or die if query fails
$result = mysql_query($query) or die(mysql_error());
}
if ($search == NULL or $search == '%'){
} else {
//Count the rows retrived
$count = mysql_num_rows($result);
}

echo "<html>";
echo "<head>";
echo "<title>search</title>";
echo "</head>";
echo "<body onLoad=\"self.focus();document.searchform.search.focus()\">";
echo "<center>";
echo "<br /><form name=\"searchform\" method=\"GET\" action=\"search.php\">";
echo "<input type=\"text\" name=\"search\" size=\"20\" TABINDEX=\"1\" />";
echo " <input type=\"submit\" value=\"Search\" />";
echo "</form>";
//If search variable is null do nothing, else print it.
if ($search == NULL) {
} else {
echo "You searched for <b><FONT COLOR=\"blue\">";
foreach($keywords as $value) {
   print "$value ";
}
echo "</font></b>";
}
echo "<p> </p><br />";
echo "</center>";

//If users doesn't enter anything into search box tell them to.
if ($search == NULL){
echo "<center><b><FONT COLOR=\"red\">Please enter a search parameter to continue.</font></b><br /></center>";
} elseif ($search == '%'){
echo "<center><b><FONT COLOR=\"red\">Please enter a search parameter to continue.</font></b><br /></center>";
//If no results are returned print it
} elseif ($count <= 0){
echo "<center><b><FONT COLOR=\"red\">Your query returned no results from the database.</font></b><br /></center>";
//ELSE print the data in a table
} else {
//Table header
echo "<center><table width=\"680\" id=\"search\" bgcolor=\"#AAAAAA\">";
echo "<tr>";
echo "<td width=\"100\" valign=\"top\"><b>Area Code</b></td>";
echo "<td width=\"150\" valign=\"top\"><b>Dealer</b></td>";
echo "<td width=\"300\" valign=\"top\"><b>Dealer Info</b></td>";
echo "<td width=\"65\" valign=\"top\"> </td><td width=\"65\" valign=\"top\"> </td><tr>";
echo "</table></center>";

//Colors for alternation of row color on results table
$color1 = "#d5d5d5";
$color2 = "#e5e5e5";
//While there are rows, print it.
while($row = mysql_fetch_array($result))
{
//Row color alternates for each row
$row_color = ($row_count % 2) ? $color1 : $color2;
//table background color = row_color variable
echo "<center><table width=\"680\" bgcolor=".$row_color.">";
echo "<tr>";
echo "<td width=\"100\" valign=\"top\">".$row['areacode']."</td>";
echo "<td width=\"150\" valign=\"top\">".$row['dealer']."</td>";
echo "<td width=\"300\" valign=\"top\">".$row['dealerinfo']."</td>";
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\"><a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";
echo "</table></center>";
$row_count++;
//end while
}
//end if
}

echo "</body>";
echo "</html>";
if ($search == NULL or $search == '%') {
} else {
//clear memory
mysql_free_result($result);
}
?>

 

 

 

delete_record.php (all kinds of messed up)

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>United Truck Parts - Delete Results</title>
</head>

<body>
<?php
//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');

$keywords = $_GET['keywords'];

// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

?>

you deleted results <?php echo $search ; ?>
</body>
</html>

 

 

 

Link to comment
https://forums.phpfreaks.com/topic/77788-simple-delete-record/
Share on other sites
websiterepairguys Newbie

websiterepairguys

Posted
Posted 

[code]
//table background color = row_color variable.........
echo "<td width=\"65\" valign=\"top\"><a href=\"#\">Edit</a></td><td width=\"65\" valign=\"top\">
[b]<a href=\"delete_record.php?keywords='$keywords'\">Delete</a></td></tr>";[/b]
echo "</table></center>";

[/code]

 

Your error is the link to delete.  You should use urlencode to encode the keywords.

 

<a href=\"delete_record.php?keywords=".urlencode($keywords)."\">Delete</a>

 

 

But I would like to add that this is bad design.  You should consider using primary keys (autonumber field in mysql)

 

<a href=\"delete_record.php?id=$id\">Delete</a>

 

Another problem.  Your code is screaming SQL Injection attack.  Google that phrase.

 

I could delete all the records in your table with a simply change to the url for delete_record.php

 


$keywords = $_GET['keywords'];

// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

 

$keywords variable needs to be escaped like this:

 

 


$keywords = mysql_escape_string($_GET['keywords']);
// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE areacode = '$keywords'") or die(mysql_error());

 

Link to comment
https://forums.phpfreaks.com/topic/77788-simple-delete-record/#findComment-393751
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

Ok so i changed the structure a little bit of my database and added a auto incremented field called id and then changed this on:

(I think on search.php -above- i am not passing it to the delete page, check the url if your new to this post to see demo. Thanks so much for a response already!

 

search.php

 

<a href=\"delete_record.php?id='$id'\">Delete</a>

 

and changed this on

delete_records.php 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>United Truck Parts - Delete Results</title>
</head>

<body>
<?php
//Get variables from config.php to connect to mysql server
require 'config.php';

// connect to the mysql database server.
mysql_connect ($dbhost, $dbusername, $dbuserpass);
//select the database
mysql_select_db($dbname) or die('Cannot select database');


$keywords = mysql_escape_string($_GET['id']);
// Delete a row from a table
mysql_query("DELETE FROM dealer WHERE id = '$id'") or die(mysql_error());


?>

you deleted results <?php echo $search ; ?>
</body>
</html>

 

 

Link to comment
https://forums.phpfreaks.com/topic/77788-simple-delete-record/#findComment-393769
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

Changed it and still when i hover over "delete" on search.php the status bar of a browser says delete_record.php?id=

 

For whatever reason it's saying that the id is null for that when in reality checking my database it is very clear that each record has an id. Did i miss something in search.php to make sure the id is declared?

Link to comment
https://forums.phpfreaks.com/topic/77788-simple-delete-record/#findComment-393774
Share on other sites
aeafisme23 Member

aeafisme23

Posted
  • Author
Posted

mysql_query("DELETE FROM dealer WHERE id=$id");mysql_close($con);

 

 

that is the only thing in delete_record.php that it shows id.

 

I think there is something wrong with the search.php but i cant locate it for the life of me. If anyone need more info or to repost all the code let me know. Thanks everyone for the re-posts.

Link to comment
https://forums.phpfreaks.com/topic/77788-simple-delete-record/#findComment-393781
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.