Help !! i 'm making a forum in php so i have an error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
newstart
Forum Newbie
Posts: 2
Joined: Mon Oct 04, 2010 6:16 pm

Help !! i 'm making a forum in php so i have an error

Post by newstart »

hello !
i am a new user and i need your help to check my code
i am making a forum and i reached to page delete user
and i don't know what's the error so please help me because
i should finish it in two days (it is my homework)
this my code please any one read my topics
help me :D
<?
include('classes/config.php');//page process

$content.="delete user";
$title="Delete";
if (isset($_GET['DELETE']))
{
if($_GET['DELETE']==2)
{
header('Location: userlist.php');
}
else
{
$sql="Delete from `user` where `userID`='".$_GET['ID']."' ";
$query_res=mysql_query($sql,$connect);
if($query_res)
$content="the query is succeed";
}
}
else
{
$content = 'Are you sure you want to delete this account ?<br>';
$content .= '<a href="'.$_SERVER["PHP_SELF"].'"?DELETE=1&ID="'.$_GET["ID"].'">Continue</a><br><br>';
$content .= '<a href='.$_SERVER['PHP_SELF'].'?DELETE=2>Go Back </a><br><br>';
}
include('classes/layout.php');
?>
where the content is variable in layout page which i includes in this page
newstart
Forum Newbie
Posts: 2
Joined: Mon Oct 04, 2010 6:16 pm

Re: Help !! i 'm making a forum in php so i have an error

Post by newstart »

and the error that they have to delete user
when user press delete put no thing happened :(
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Help !! i 'm making a forum in php so i have an error

Post by social_experiment »

Code: Select all

<?php $content .= '<a href="'.$_SERVER["PHP_SELF"].'"?DELETE=1&ID="'.$_GET["ID"].'">Continue</a><br><br>';
 ?>
If you click this link, what does the query string look like? The id should be hardcoded in because in it's current form, a person can delete any record they want by simply changing the value of 'ID' in the query string.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Post Reply