Page 1 of 1

HELP ME FIND ERROR TO DELETE RECORD

Posted: Wed Oct 01, 2008 9:25 pm
by happy_boy
I am unable to delete the record with following Code . WHERE IS ERROR in it ????

<?php
$host="localhost";
$username="username";
$password="mypassword";
$db_name="mydb";
$tbl_name="articles";

$id=$_GET['id'];
$cid = mysql_connect($host,$username,$password);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

if ($task=="del") {

$SQL = " DELETE FROM articles ";
$SQL = $SQL . " WHERE id = $id ";
mysql_db_query($db_name, $SQL, $cid);

}


?>
<html>
<head>
<title>Edit Lyrics</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<div align="center">
<table width="700" border="0">
<tr>
<td bgcolor="#0099CC"><p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
</tr>
<tr>
<td><table width="100%" border="0" align="center">
<tr>
<td width="18%" align="center" valign="top">&nbsp;</td>
<td width="64%" align="center" valign="top"><p align="left">&nbsp;<?

$SQL = " SELECT * FROM $tbl_name ";
$retid = mysql_db_query($db_name, $SQL, $cid);
if (!$retid) { echo( mysql_error()); }
else {
echo ("<P><TABLE CELLPADDING=4>\n");
while ($row = mysql_fetch_array($retid)) {
$headline = $row["headline"];
$description = $row["description"];
$id = $row["id"];

echo ("<TR>");
echo ("<TD>$headline</TD>\n");

echo ("<TD><A HREF=\"manageedit.php?id=$id\">Edit</A></TD>");
echo ("<TD><A HREF=\"delete.php?id=$id&task=del\">Delete</A></TD>");
echo ("</TR>");
}
echo ("</TABLE>");
}
?>
</p>
<p>
</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
<td width="18%" align="center" valign="top">&nbsp;</td>
</tr>
</table></td>
</tr>
<tr>
<td bgcolor="#0099CC">&nbsp;</td>
</tr>
</table>
</div>
</body>
</html>

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Wed Oct 01, 2008 11:38 pm
by pcoder
First of all check your delete $SQL before passing it to the mysql_db_query().
And try to run it in PHPMYADMIN.

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Thu Oct 02, 2008 12:47 am
by The_Anomaly
The fact that you're sticking a GET value directly into your query is the classic example of SQL Injection. Escape it, or you have probably the most well-known security flaw, in the most well known format.

Are you getting an error? Is your conditional even running? You say that if $task is equal to "del," then run the query--but I don't see $task defined anywhere.

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Thu Oct 02, 2008 8:19 pm
by happy_boy
if ($task=="del") {

$SQL = " DELETE FROM articles WHERE id = $id ";

// $SQL = $SQL . " WHERE id = $id ";
mysql_db_query($db_name, $SQL, $cid);


}

This condition is not being executed. Any alternative to run it

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Thu Oct 02, 2008 8:20 pm
by happy_boy
pcoder wrote:First of all check your delete $SQL before passing it to the mysql_db_query().
And try to run it in PHPMYADMIN.
Not being executed in program
if ($task=="del") {

$SQL = " DELETE FROM articles WHERE id = $id ";

// $SQL = $SQL . " WHERE id = $id ";
mysql_db_query($db_name, $SQL, $cid);


}

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Fri Oct 03, 2008 8:58 am
by ironhamster88

Code: Select all

mysql_connect('localhost', 'username', 'password');
mysql_select_db('db_name');
 
if(tsk == 'del') {
    $id = mysql_real_escape_string($_GET['id']);
 
    $query = "DELETE FROM articles WHERE id = '$id'";
    $result = mysql_query($query);
}
simple, but effective.

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Tue Oct 07, 2008 11:39 pm
by happy_boy
Still Unable to Delete record.

Same Script is used in another program of mine it is working fine.

Re: HELP ME FIND ERROR TO DELETE RECORD

Posted: Wed Oct 08, 2008 11:53 pm
by happy_boy
<?php
$host="localhost";
$username="user";
$password="rmypwd";
$db_name="mydb";
$tbl_name="articles";

$cmd=$_GET["cmd"];
$id=$_GET['id'];

$cid = mysql_connect($host,$username,$password);
if (!$cid) { echo("ERROR: " . mysql_error() . "\n"); }

mysql_select_db('db_name');

if($cmd=='del')
{
// mysql_query("DELETE from $tbl_name WHERE id=$id ");
$sql=("DELETE from $tbl_name WHERE id='$id'");
mysql_query($sql);
print $sql;
echo("User Deleted Successfully&cmd='none'");
exit();

}


?>
<html>
<head>
<title>Edit Lyrics</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<div align="center">
<table width="700" border="0">
<tr>
<td bgcolor="#0099CC"><p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
</tr>
<tr>
<td><table width="100%" border="0" align="center">
<tr>
<td width="18%" align="center" valign="top">&nbsp;</td>
<td width="64%" align="center" valign="top"><p align="left">&nbsp;<?

$SQL = " SELECT * FROM $tbl_name ";
$retid = mysql_db_query($db_name, $SQL, $cid);
if (!$retid) { echo( mysql_error()); }
else {
echo ("<P><TABLE CELLPADDING=4>\n");
while ($row = mysql_fetch_array($retid)) {
$headline = $row["headline"];
$description = $row["description"];
$id = $row["id"];

echo ("<TR>");
echo ("<TD>$headline</TD>\n");
echo($cmd);
echo ("<TD><A HREF=\"manageedit.php?id=$id\">Edit</A></TD>");
echo ("<TD><A HREF=\"delete.php?id=$id&cmd=del\">Delete</A></TD>");
// echo ("<TD><A HREF=\"delete.php?&cmd=del&id\">Delete</A></TD>");
echo ("</TR>");
}
echo ("</TABLE>");
}
?>
</p>
<p>
</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p></td>
<td width="18%" align="center" valign="top">&nbsp;</td>
</tr>
</table></td>
</tr>
<tr>
<td bgcolor="#0099CC">&nbsp;</td>
</tr>
</table>
</div>
</body>
</html>
This is the message I get After executing the command

DELETE from articles WHERE id='69'User Deleted Successfully&cmd='none'

However The record still exists in the database I am using php 4.47 version on server

I made following changes to above program


$cmd=$_GET["cmd"];
$id=$_GET['id'];

if($cmd=='del')
{
$sql=("DELETE from $tbl_name WHERE id='$id'");
mysql_query($sql);
print $sql;
echo("User Deleted Successfully&cmd='none'");
exit();

}



echo ("<TD><A HREF=\"delete.php?id=$id&cmd=del\">Delete</A></TD>");
I need a solution for this Very important. I dont know why UPDATE and DELETE COMMAND NOT WORKING