Deleting a field.

[ForeverIrise]

I am trying my best to do a user interface script that with a click of a link it will remove a record from a table. This is what I have come up with so far.

PHP Code:

    $connection = mysql_connect($host, $user, $password) or die ("Error with the connection to server. ");
    $db = mysql_select_db($database, $connection) or die ("Could not connect to Database. ");
    $query = "SELECT * FROM tbllinks";
    $result = mysql_query($query) or die ("Query could not be executed. ");
                
                echo "<table>";        
    
    while ($row = mysql_fetch_array($result))
            {
                extract($row);
                echo "<tr><td>" . $linkURL . "</td><td>" . $linkName . "</td><td><a href=\"\">remove link</td></tr>";  
            }

                echo"</table>";
            mysql_close(); 


I would like it to be to where when the user clicks on the "remove link" link, it will delete that specified record. I know the SQL for that is something along the lines of..

PHP Code:


Delete From 'tbllinks' Where 'linkid' = $linkid 


..but don't know how to get it to how I want to get it.

If someone could please help me or point me in the right direction I would much appreciate it. Thank you for your time.

-Cesar

[Husain]

The href in the link tag is empty right now. Put this: nameofscript.php?do=remove&id=$linkid (replace bits in italics with actual values)

Then, this code will delete the link:

PHP Code:

if (isset($_GET['do']) AND $_GET['do'] == 'remove')
{
    // validate the link id here
    $sql = "DELETE FROM tablename WHERE linkid = " . $_GET['id'];
    // execute the query
} 


[meanweaver]

Code:

<?php if(isset($_GET['addjoke'])): //user wants to add a joke
?>


<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<label> Type Your Joke here: <br />
<textarea name="joketext" cols="40" rows="10">
</textarea></label><br />
<input type="submit" value="submit"  />

</form>
<?php else: //default page display

//connect to the database
$dbcnx = !@mysql_connect('localhost', 'root', 'password');
if ($dbcnx) {
	exit( 'unable to connect ');
	}
	//SELECT THE JOKES DATABASE
	if (!@mysql_select_db('ijdb')) {
	exit('cant connect to joke database');
}

//insert the data
if (isset($_POST['joketext'])) {
	$joketext = $_POST['joketext'];
	$sql = "INSERT INTO joke SET
	joketext='$joketext',
	jokedate=CURDATE()";
if(@mysql_query($sql)) {
    echo '<P> Your Joke Has been added</p>';
	} else {
	echo '<p> error adding Joke: ' .
		mysql_error() . '</p>';
		}
	}
	echo '<p>Here are all the jokes in the database</p>';
	
	
	
	//if data needs deleting then delete it
	//remove it from the database
if  (isset($_GET['deletejoke'])) {
	$jokeid = $_GET['deletejoke'];
	$sql = "DELETE FROM joke WHERE id=$jokeid";
if (@mysql_query($sql)) {
	echo'<p>The joke has been deleted</p>';
	}else{
	'<P> Error deleting joke: ' .
		mysql_error() . '</p>';
	  }
	}
		
		
	$result = @mysql_query('SELECT id, joketext FROM joke ORDER BY id DESC');
	if (!result){
	exit('<p>Error performing query: ' . mysql_error() . '</p>');
	}

		
		

	
	//display the jokes with delete option next to them
	while ($row = mysql_fetch_array($result)) {
	$jokeid = $row['id'];
	$joketext = $row['joketext'];
	//$email = $joke['email'];
	echo "<p>" . $joketext .
	' <a href="' . $_server['php_self'] .
	'?deletejoke=' . $jokeid . '">' .
	"Delete this joke</a></p>";
}
	
	
	
	
	
	
	endif;
	?>
	<?PHP
	//when clicked this will load this page
	//with the joke submission form displayed
	echo '<p><a href="' . $_SERVER['PHP_SELF'] . '?addjoke=1">Add a joke!</a> </p>';
	
	
	?>

[holmescreek]

If the delete record link is available to the public to delete the record your treading on a very bad security risk.

A simple example would be :

http://www.somewhere.com/deleterecord?id=123


Anyone could tinker with the id value and end up deleting every record in your database.

I would consider using a MD5 hash to "encrypt" your $id value and put it into the html for the link. Then, when the link is clicked, your php script decrypts the MD5 hash to ensure it is a valid value.