delete record in database-php

Question

I got this code in my administration.php:

<?php
include("conn.php");
session_start();

if(!isset($_SESSION['user'])){
header("location:index.php");
exit();
}
if(isset($_REQUEST['user'])){   
mysql_query("DELETE FROM tblru WHERE user=" . $_REQUEST['user']);
if(mysql_affected_rows($con)>0){
header("location:administration.php");
exit();
}
else{
echo "ERROR in deleting the user!";
}
}
?>

I got this code on the body:

<?php
$result=mysql_query("SELECT * FROM tblru");
if(mysql_num_rows($result)>0)
{       
while($row=mysql_fetch_array($result)){
echo "<tr bgcolor='#999999'>
<td>" . $row[0] . "</td>
<td>" . $row[1] . "</td>
<td align='center'><a href='administration.php?user=" . $row[0]."' onClick=\"return confirm('Confirm Deletion of Registered User?');\"><font color='#FFFFFF'>Delete</font></a></td></tr>";

    }
}

?>

i keep getting error in deleteing records, can anyone check this out why it always displays like that

When you click on delete and it goes to `administration.php`, what's the URL you see in the address bar? — AyB, Feb 09 '14 at 05:18
http://localhost/wdev/administration.php?user=johnmichael i get this url — Divine Grace Blanza, Feb 09 '14 at 05:19
Plus I don't know why you're using sessions, there's nothing assigned to one. — Funk Forty Niner, Feb 09 '14 at 05:19
`mysql_query("DELETE FROM tblru WHERE user='" . $_REQUEST['user'] . "'");` — Funk Forty Niner, Feb 09 '14 at 05:20
replace this ... mysql_query("DELETE FROM tblru WHERE user= ' " . $_REQUEST['user'] . " ' "); — Zeeshan, Feb 09 '14 at 05:20
And you really shouldn't be using your code in the state it's in. [**SQL injection**](http://stackoverflow.com/q/60174/) is imminent. — Funk Forty Niner, Feb 09 '14 at 05:22

score 1 · Answer 1 · answered Feb 09 '14 at 05:19

It also seems that you query isnt correct.

instead of

"DELETE FROM tblru WHERE user=" . $_REQUEST['user']

you should write

"DELETE FROM tblru WHERE user='" . $_REQUEST['user'] . "'"

because user is a varchar/string and not a number (that is my guess).

If you could post some kind of error (DB/Code?), then we would also know where to search.

score 1 · Accepted Answer · answered Feb 09 '14 at 05:22

try this below....

<?php
include("conn.php");
session_start();

if(!isset($_SESSION['user'])){
header("location:index.php");
exit();
}
if(isset($_REQUEST['user'])){
mysql_query("DELETE FROM tblru WHERE user= '" . $_REQUEST['user'] . "'");
if(mysql_affected_rows($con)>0){
header("location:administration.php");
exit();
}
else{
echo "ERROR in deleting the user!";
}
}
?>

if you want to use secure code that can not disturb from user then use below( SQL INJECTION)

<?php
include("conn.php");
session_start();

    if(!isset($_SESSION['user'])){
    header("location:index.php");
    exit();
    }
    if(isset($_REQUEST['user'])){
    mysql_query("DELETE FROM tblru WHERE user= '" . mysql_real_escape_string($_REQUEST['user']) . "'");
    if(mysql_affected_rows($con)>0){
    header("location:administration.php");
    exit();
    }
    else{
    echo "ERROR in deleting the user!";
    }
    }
    ?>

http://stackoverflow.com/q/60174/ – Funk Forty Niner Feb 09 '14 at 05:23 — Funk Forty Niner, Feb 09 '14 at 05:23

score 0 · Answer 3 · answered Feb 09 '14 at 05:14

0

You shall connect to database first. Use mysqli rather than mysql. It is a better approach. Look at the example on http://www.php.net/manual/en/mysqli.quickstart.connections.php or on http://il1.php.net/function.mysql-connect.

Good luck.

answered Feb 09 '14 at 05:14

Eitan

1,286
2
16
55

delete record in database-php

3 Answers3

Linked