Deletion Script is not working

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mdmartiny1977
Forum Newbie
Posts: 16
Joined: Fri Jan 14, 2011 12:05 am
Location: Michigan, USA
Contact:

Deletion Script is not working

Post by mdmartiny1977 »

Hello Everyone.

I am trying to figure out why this delete script does not want to work. I click on the delete user and all it does it take me back to the page to pick a person to delete from the database.

When I run the sql in the database it deletes the user with no problem

This is the show_user_del.php page. This is the verification page to make sure you are deleting the right person

Code: Select all

<?php

if (!$_POST[id]) {
	header ("LOCATION: pick_user.php");
	exit;
}

require('../includes/auth_user.php');

//build and issue query
$sql = "SELECT * FROM $table WHERE id = '$_POST[id]'";
$result = mysql_query($sql, $connection) or die(mysql_error());

while ($row = mysql_fetch_array($result)) {
	$id = $row['id'];
	$f_name = $row['f_name'];
	$l_name = $row['l_name'];
	$username = $row['username'];
	$password = $row['password'];
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Add Classified Ad</title>
</head>
<body>
<h2><em>Delete user from Database</em></h2>
<h3>User being deleted <?php echo "$f_name $l_name"; ?></h3>
<form method="POST" action="do_delete_user.php">
<input type="hidden" name="id" value="<?php echo "$_POST[id]"; ?>" />
<input type="hidden" name="f_name" value="<?php echo "$f_name"; ?>" />
<input type="hidden" name="l_name" value="<?php echo "$l_name"; ?>" />
<p> <strong>Name:</strong> <?php echo "$f_name $l_name"; ?>
   </p>
   <p> <strong>Username:</strong> <?php echo "$username"; ?>
   </p>
   <p> <strong>Password:</strong> <?php echo "$password"; ?>
   </p>
   <p>
      <input type="submit" name="submit" id="name" value="Delete User" />
   </p>
</form>
<p><a href="../admin_menu.php">Return to Administration Menu</a></p>
</body>
</html>


Here is the do_delete_user.php page. Obviously the page that actually does the deleting. As I mentioned before all it does is reroute back to the pick_user.php page. without removing the person from the database

Code: Select all

<?php

if (!$_POST[id]) {
	header ("LOCATION: pick_user.php");
	exit;
}
require('../includes/auth_user.php');

$sql = "DELETE FROM $table WHERE id='$_POST[id]'";
$result = mysql_query($sql, $connection) or die(mysql_error());
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<h1>User has been removed</h1>
<?php echo "$sql"; ?><?php echo "$result"; ?>
<h2><em>User <?php echo "$_POST[f_name] $_POST[l_name]"; ?> has been deleted
      from the <?php echo "$table"; ?> table</em></h2>
<p><a href="pick_user.php">Delete another person</a></p>
<p><a href="../admin_menu.php">Administration Menu</a></p>
</body>
</html>
I echo the query to see what it was looking for and this is what I get
DELETE FROM auth_users WHERE id=''

Please someone help me
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Deletion Script is not working

Post by social_experiment »

Looks like $_POST['id'] isn't being set.

Code: Select all

<input type="hidden" name="id" value="<?php echo "$_POST[id]"; ?>" />
How is the show_user_del page accessed?
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
mdmartiny1977
Forum Newbie
Posts: 16
Joined: Fri Jan 14, 2011 12:05 am
Location: Michigan, USA
Contact:

Re: Deletion Script is not working

Post by mdmartiny1977 »

Through a page called pick_user.php

Here is the code

Code: Select all

<?php

require('../includes/auth_user.php');

$connection = mysql_connect($host, $username, $dbpassword) or die (mysql_error());
$db = mysql_select_db ($dbname, $connection) or die (mysql_error());

$sql = "SELECT * FROM $table";

if(!$connection) die("You do not have a valid SQL connection.");
	$result = mysql_query($sql, $connection);
	if(!$result) {
	  echo "<p>There was an error processing the following SQL statement.</p><p>".$sql."</p>";
	  }

//check the humber of results
$num = mysql_num_rows($result);

//if results are found loop through them and make a form selection block
if ($num < 1){
	$display_block = "<p><em>Sorry! No results.</em></p>";
} else {
	while ($row = mysql_fetch_array($result)) {
	$id = $row['id'];
	$f_name = $row['f_name'];
	$l_name = $row['l_name'];
	$option_block .="<option value=\"$id\">$f_name $l_name</option>";
}

//create the entire form block
$display_block = "<FORM METHOD=\"POST\" ACTION=\"show_user_del.php\">
<p><strong>User Names:</strong>
<select name=\"id\">
$option_block
</select>
<input type=\"submit\" name=\"submit\" Value=\"Get User\"></p>
</form>";
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Classified Added</title>
</head>
<body>
<div>
   <h2>Delete A User</h2>
   <p>Select from the list below to delete the user.</p>
   <?php echo "$display_block"; ?> <br />
   <p><a href="../admin_menu.php">Administration Menu</a></p>
</div>
</body>
</html>
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Deletion Script is not working

Post by Mordred »

ACTION=\"show_user_del.php\" means the id is passed to THAT script, not do_delete_user.php

Also, go read about sql injection and mysql_real_escape_string.
mdmartiny1977
Forum Newbie
Posts: 16
Joined: Fri Jan 14, 2011 12:05 am
Location: Michigan, USA
Contact:

Re: Deletion Script is not working

Post by mdmartiny1977 »

Mordred wrote:ACTION=\"show_user_del.php\" means the id is passed to THAT script, not do_delete_user.php

Also, go read about sql injection and mysql_real_escape_string.
The way delete script works is

pick user --> show user --> delete user
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Deletion Script is not working

Post by social_experiment »

Code: Select all

<?php 
$sql = "SELECT * FROM $table WHERE id = '$_POST[id]'";
//
while ($row = mysql_fetch_array($result)) {
        $id = $row['id'];
 }
?>
<!-- append value of $id to the page -->
<form method="POST" action="do_delete_user.php?id=<?php $id; ?>">
You have to append the value of $id to your action attribute (see above) value (I'm guessing that the value of $id will be the same as $_POST['id']). On your do_delete_user page modify your code like this

Code: Select all

$sql = "DELETE FROM $table WHERE id='" . mysql_real_escape_string($_GET['id']) . "' ";
Now the value of $_GET['id'] is retrieved from the query string and your record should be deleted. Make sure you check the value of $_GET['id'] and use mysql_real_escape_string() on all input values.
Hth.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
mdmartiny1977
Forum Newbie
Posts: 16
Joined: Fri Jan 14, 2011 12:05 am
Location: Michigan, USA
Contact:

Re: Deletion Script is not working

Post by mdmartiny1977 »

social_experiment wrote:

Code: Select all

<?php 
$sql = "SELECT * FROM $table WHERE id = '$_POST[id]'";
//
while ($row = mysql_fetch_array($result)) {
        $id = $row['id'];
 }
?>
<!-- append value of $id to the page -->
<form method="POST" action="do_delete_user.php?id=<?php $id; ?>">
You have to append the value of $id to your action attribute (see above) value (I'm guessing that the value of $id will be the same as $_POST['id']). On your do_delete_user page modify your code like this

Code: Select all

$sql = "DELETE FROM $table WHERE id='" . mysql_real_escape_string($_GET['id']) . "' ";
Now the value of $_GET['id'] is retrieved from the query string and your record should be deleted. Make sure you check the value of $_GET['id'] and use mysql_real_escape_string() on all input values.
Hth.
I copied and pasted what you wrote and I get the same result
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: Deletion Script is not working

Post by social_experiment »

Code: Select all

<form method="POST" action="do_delete_user.php?id=<?php echo $id; ?>">
Try adding an 'echo' in the statement above
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
mdmartiny1977
Forum Newbie
Posts: 16
Joined: Fri Jan 14, 2011 12:05 am
Location: Michigan, USA
Contact:

Re: Deletion Script is not working

Post by mdmartiny1977 »

Yay!!!! That worked :D

Thank you for your help with this problem :D
Post Reply