SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Sep 2013
    Posts
    4
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    delete not working

    PHP Code:
    <?php
     
     
    $con 
    mysql_connect'localhost''root''' );
    $db =  mysql_select_db'regis123' );
     


    if(isset(
    $_POST['sub']))
    {
        
    $sql2="delete from stud where firstname='$_POST[hidden]'";
        
    mysql_query($sql2);
            print 
    ' deleted successfully';
        
    }

    ?>
     <table width="508" border="1">
      <tr>
        <td width="10"><strong>&nbsp;FIRSTNAME</strong></td>
        <td width="30"><strong>&nbsp;LASTNAME</strong></td> 
        <td width="35"><strong>&nbsp;EMAILID</strong></td>
        <td width="30"><strong>&nbsp;DOB</strong></td>
        <td width="20"><strong>&nbsp;GENDER</strong></td>
        <td width="71"><strong>&nbsp;ADDRESS</strong></td>
        <td width="10"><strong>&nbsp;stand</strong></td>
        <td width="10"><strong>&nbsp;PHONE</strong></td>
        </tr>'
    <?php

    $sql 
    "select * from stud";
    $query mysql_query$sql );

    while( 
    $row mysql_fetch_assoc($query) )
    {
    print
    '<form action="sdisplay.php" method="POST">';
    print
    '<tr><td>'.$row["firstname"].'</td>';
    print
    '<td>'.$row["lastname"].'</td>';
    print
    '<td>'.$row["emailid"].'</td>';
    print
    '<td>'.$row["dob"].'</td>';
    print
    '<td>'.$row["gender"].'</td>';
    print
    '<td>'.$row["addr"].'</td>';
    print
    '<td>'.$row["stand"].'</td>';
    print
    '<td>'.$row["phone"].'</td>

    <td><input type=submit value=delete name="sub" /></td>
    <input type=hidden name=hidden value='
    .$row["firstname"].'/></form>';
    }
     
    ?>
    this is my code
    it is retreiving the info frm database and displaying bt deleting the entries is not working
    plz helpme
    Last edited by SpacePhoenix; Oct 1, 2013 at 22:30. Reason: placed php tags around php code

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,998
    Mentioned
    100 Post(s)
    Tagged
    0 Thread(s)
    Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn't tie you down so much to a particular database server software.

    Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,036
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)
    As this is "localhost" I'm guessing this is for learning purposes only, but ....
    If not using PDO you really should at least be using mysqli and not deprecated mysql
    Deleting by first name sounds like a poor choice to me, IMHO a unique id would be better
    Never trust user supplied input
    Because the submit input is inside a while loop I'm guessing there will be more than one, yet I don't see where the inputs have a unique id.
    How will the script know which one is the one clicked on?

  4. #4
    SitePoint Evangelist
    Join Date
    Oct 2005
    Location
    Michigan, USA
    Posts
    434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I agree that there are some hazards in this code waiting to do some bad stuff. But if you just want to figure this out for now and learn what's going on, print out the query to see what it's trying to do. That should help you see what isn't right.

    Change
    PHP Code:
        $sql2="delete from stud where firstname='$_POST[hidden]'";
        
    mysql_query($sql2); 
    to
    PHP Code:
        $sql2="delete from stud where firstname='$_POST[hidden]'";
        echo 
    $sql2;
        
    mysql_query($sql2); 
    Let us know what it shows.
    - Robert

  5. #5
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    4,998
    Mentioned
    100 Post(s)
    Tagged
    0 Thread(s)
    @heena.sol ;

    Have a read through this SitePoint article which explains how to migrate over from the old (and now deprecated) mysql_* extension over to PDO. Deleting by firstname is a very, very bad idea, say you've got 50 people in the database with the firstname John and another 50 with the firstname David. If you go and delete by firstname David and John, you'll end up deleting 100 people from the database when you probably only meant to delete two people, one called John and another called David.

    By using an interger field (a length of 11 should cover any number of new members - very few websites will have in excess of 99,999,999,999 members) set as an auto increment you'll have a value that is unique. A members email address will also serve as a unique id provided that you ensure that no registrant can use an email address that already exists in either the registration or user tables. The use of email however does have a disadvantage as a person might change email address in the future.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •