Page 1 of 1

Help !! i 'm making a forum in php so i have an error

Posted: Mon Oct 04, 2010 6:32 pm
by newstart
hello !
i am a new user and i need your help to check my code
i am making a forum and i reached to page delete user
and i don't know what's the error so please help me because
i should finish it in two days (it is my homework)
this my code please any one read my topics
help me :D
<?
include('classes/config.php');//page process

$content.="delete user";
$title="Delete";
if (isset($_GET['DELETE']))
{
if($_GET['DELETE']==2)
{
header('Location: userlist.php');
}
else
{
$sql="Delete from `user` where `userID`='".$_GET['ID']."' ";
$query_res=mysql_query($sql,$connect);
if($query_res)
$content="the query is succeed";
}
}
else
{
$content = 'Are you sure you want to delete this account ?<br>';
$content .= '<a href="'.$_SERVER["PHP_SELF"].'"?DELETE=1&ID="'.$_GET["ID"].'">Continue</a><br><br>';
$content .= '<a href='.$_SERVER['PHP_SELF'].'?DELETE=2>Go Back </a><br><br>';
}
include('classes/layout.php');
?>
where the content is variable in layout page which i includes in this page

Re: Help !! i 'm making a forum in php so i have an error

Posted: Mon Oct 04, 2010 6:34 pm
by newstart
and the error that they have to delete user
when user press delete put no thing happened :(

Re: Help !! i 'm making a forum in php so i have an error

Posted: Tue Oct 05, 2010 12:53 am
by social_experiment

Code: Select all

<?php $content .= '<a href="'.$_SERVER["PHP_SELF"].'"?DELETE=1&ID="'.$_GET["ID"].'">Continue</a><br><br>';
 ?>
If you click this link, what does the query string look like? The id should be hardcoded in because in it's current form, a person can delete any record they want by simply changing the value of 'ID' in the query string.