Page 1 of 3 123 LastLast
Results 1 to 16 of 41

Thread: How can i delete database value using an html page in php?

  1. #1
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    How can i delete database value using an html page in php?

    my code is
    <?php
    //@session_start();
    if(isset($_POST["delete"]))
    {
    include("connection.php");
    //$nid=$_SESSION["newsid"];
    //$query=mysql_query("delete from news where id='".$nid."'");
    $d=$_POST['details'];
    $query=mysql_query("delete from news where details='".$d."'");
    }
    header("location:news_list.php");
    ?>

  2. #2
    Senior Member
    Join Date
    Dec 2012
    Location
    Oxfordshire
    Posts
    272
    Thanks
    3
    Thanked
    18 times in 17 posts
    • phil4's system
      • Motherboard:
      • Asus Sabertooth Z77
      • CPU:
      • Core i7-3770K @ 4.6Ghz
      • Memory:
      • 16Gb Corsair Dominator Platinum @ 1866Mhz
      • Storage:
      • OS: OCZ Vertex 4 256Gb, Data: 3Tb Seagate HDD, Cache: OCZ Agility 4 128Gb
      • Graphics card(s):
      • 2 x EVGA GTX 680 SC
      • PSU:
      • 750W Corsair Pro Series AX
      • Case:
      • Corsair Obsidian 650D Black
      • Operating System:
      • Windows 7 Ultimate 64Bit
      • Monitor(s):
      • 2 x Dell U2410 Ultrasharp
      • Internet:
      • Plusnet Fibre Unlimited 76/20

    Re: How can i delete database value using an html page in php?

    What's the problem with your code? Did you get an error? What was it?

  3. #3
    Technojunkie
    Join Date
    May 2004
    Location
    Up North
    Posts
    2,580
    Thanks
    239
    Thanked
    213 times in 138 posts

    Re: How can i delete database value using an html page in php?

    You should at least put any posted variables through mysql_real_escape_string first:

    Code:
    $query=mysql_query("delete from news where details='" . mysql_real_escape_string($d) . "'");
    otherwise you're vulnerable to a whole host of SQL injection attacks.
    Last edited by mikerr; 03-04-2013 at 12:42 PM.
    Chrome & Firefox addons for BBC News
    Follow me @twitter

  4. #4
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    Quote Originally Posted by phil4 View Post
    What's the problem with your code? Did you get an error? What was it?
    I am not getting any error.bt i cannt delete the data.pls help me.

  5. #5
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    i am not getting any error.bt i cannt delete the data.pls help me.it is urgent.

  6. #6
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    I want to delete content uging it's id.
    $d=$_POST['details'];
    $query=mysql_query("delete from news where details='".$d."'");
    the above code is written just to knw if its work.
    am new to php.so i cannt understand"You should at least put any posted variables through mysql_real_escape_string first:"this.please explain it with an example.

  7. #7
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: How can i delete database value using an html page in php?

    Quote Originally Posted by devimohan1988 View Post
    You should at least put any posted variables through mysql_real_escape_string first:"this.please explain it with an example.
    How are you learning to program, is it just from a tutorial or a book?

    I'd strongly advise against PHP, its a vile language, all the awfulness of C syntax, with truly awful performance, but mostly, it breeds such bad practices.



    So you know in SQL you put your values in single quotes such as ('example') this means that if your able to pass in an argument like:

    BadHorribleSite.php?id='); DROP TABLE Users; --

    So this will make your SQL string look a bit funny, it closes the parenthsys of your insert values, uses a semicolon to signify new command, drops a table (deletes it) then uses another semicolon to say new command and the 'comment' character, this means that any other sql you were running will now not be executed (to prevent a syntax error).

    PHP is a flawed language by design, so badly that this practice is still going on in 2013.
    throw new ArgumentException (String, String, Exception)

  8. #8
    Not a good person scaryjim's Avatar
    Join Date
    Jan 2009
    Location
    Gateshead
    Posts
    15,196
    Thanks
    1,230
    Thanked
    2,291 times in 1,874 posts
    • scaryjim's system
      • Motherboard:
      • Dell Inspiron
      • CPU:
      • Core i5 8250U
      • Memory:
      • 2x 4GB DDR4 2666
      • Storage:
      • 128GB M.2 SSD + 1TB HDD
      • Graphics card(s):
      • Radeon R5 230
      • PSU:
      • Battery/Dell brick
      • Case:
      • Dell Inspiron 5570
      • Operating System:
      • Windows 10
      • Monitor(s):
      • 15" 1080p laptop panel

    Re: How can i delete database value using an html page in php?

    to be fair to PHP it does have much better ways to do this, but no-one teaches them.

    If you are trying to teach yourself to program, don't use PHP. Learn to program in something else, then come back to PHP and work out how to put the good practice you learned in something else to practice.

    If you're trying to hack something together in PHP just to see if it works, don't. Learn how to do it properly, so that you know whether it works even if you don't try it. Ideally, learn how to do it as part of a proper course on programming.

    Google "SQL Injection", and spend at least a day just learning about what it is and why it is bad. Then Google "PHP Parameterized Query" and learn how to do it properly in PHP (take a couple of hours over this).

    And, if you don't mind - tell us what you are trying to achieve and why. That will make it much easier for us to give good advice about what you should do next

  9. #9
    Funking Prink! Raz316's Avatar
    Join Date
    Jul 2003
    Location
    Deal, Kent, UK
    Posts
    2,978
    Thanks
    130
    Thanked
    62 times in 52 posts

    Re: How can i delete database value using an html page in php?

    Might I suggest that if you want people to take their time to help you, you can at the very least take the time to write properly? And maybe give some background as to why you are requesting help?

    Asking in a "pls help me.it is urgent." fashion is really rude in my opinion.

  10. #10
    Senior Member
    Join Date
    Dec 2012
    Location
    Oxfordshire
    Posts
    272
    Thanks
    3
    Thanked
    18 times in 17 posts
    • phil4's system
      • Motherboard:
      • Asus Sabertooth Z77
      • CPU:
      • Core i7-3770K @ 4.6Ghz
      • Memory:
      • 16Gb Corsair Dominator Platinum @ 1866Mhz
      • Storage:
      • OS: OCZ Vertex 4 256Gb, Data: 3Tb Seagate HDD, Cache: OCZ Agility 4 128Gb
      • Graphics card(s):
      • 2 x EVGA GTX 680 SC
      • PSU:
      • 750W Corsair Pro Series AX
      • Case:
      • Corsair Obsidian 650D Black
      • Operating System:
      • Windows 7 Ultimate 64Bit
      • Monitor(s):
      • 2 x Dell U2410 Ultrasharp
      • Internet:
      • Plusnet Fibre Unlimited 76/20

    Re: How can i delete database value using an html page in php?

    As others had told you about SQL injection I'll try and help a little on the other bit.

    If you didn't get any errors it's very hard to say what's wrong.... It could be your DB user doesn't have permission to delete, or that the ID you are passing in doesn't actually exist. Or you are connected to the wrong DB. Try to write out your sql that's running and then run by hand against the DB, check return codes in the PHP etc.

    As Raz says, your manner of asking isn't the best, language aside I'd question the urgency of taking several days to respond and tell us it's urgent.

    Also as said by those above, and which I perhaps agree with and be even more extreme: if you don't know about SQL injection, can't figure out this problem and in general are new to this then you should NOT be allowed to write a website that's connected to a DB for anything apart from offline (local) learning an testing. Your mention of urgency suggests this may be Jon related and there is no way this should be done in such a commercial environment!

  11. #11
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    i am doing training n php.nw its my project time.that's y i asked ur help.i think it is the problem in session code.the code is given below.

    <?php
    session_start();
    $id=$_GET["id"];
    $_SESSION["id"]=$id;

    if($_GET['nID')
    {
    $newsid=$_GET["nID"];
    $_SESSION["newsid"]=$newsid;
    }
    ?>

  12. #12
    HEXUS.social member Agent's Avatar
    Join Date
    Jul 2003
    Location
    Internet
    Posts
    19,168
    Thanks
    735
    Thanked
    1,607 times in 1,045 posts

    Re: How can i delete database value using an html page in php?

    Look, you're not providing any of the information we need to help you find a fix. Read over what people have said: We need error messages, info about the database, the project and so on....

    You can keep posting similar bits of code over and over again, but the result will be the same. Plus there is an error on line 6 - you're not closing the square bracket.
    Quote Originally Posted by Saracen View Post
    And by trying to force me to like small pants, they've alienated me.

  13. #13
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,164
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts

    Re: How can i delete database value using an html page in php?

    Quote Originally Posted by devimohan1988 View Post
    i am doing training n php.nw its my project time.that's y i asked ur help.i think it is the problem in session code.the code is given below.
    You typing on a phone keypad or something?

    Programming is the art of making a set of simple easy to follow instructions for some complex task.

    Ask yourself is the information you've provided here enough, have you been as helpful as you could be.

    Also what is the training you're doing?
    throw new ArgumentException (String, String, Exception)

  14. #14
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    Really sorry.

    i jst completed php course n g.tech.nw i gt a project.
    it s a company web site.
    they need to enter images and news and want update it also.
    so i created a database named display and table named news.
    table has 2 fields id,details.
    i can insert the data on database.
    In admin side i created news.php(to insert values),news_list.php(list all the news inserted in database with its id.).this page contains the delete button.it is connected to news_delete.php.
    bt on clicking the button it will remain in the same page.cannt delete the data.and control not moving to the delete page.
    news_list.php

    <?php
    include("admin.php");
    include("connection.php");
    $sql=mysql_query("select * from news order by id");
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Untitled Document</title>
    </head>

    <body>
    <!--<form name="frm" action="news_delete.php" method="post">-->
    <div align="center" style="width:700px; height:auto; float:left;border:solid 1px #DCDCDC; margin-top:20px;"><!--main div-->

    <div align="center" style="width:700px; height:auto; float:left;border:solid 1px #DCDCDC;">
    <div align="center" style="width:50px; height:auto; float:left;border:solid 1px #DCDCDC;">NO</div>
    <div align="center" style="width:300px; height:auto; float:left;border:solid 1px #DCDCDC;">NEWS</div>
    </div>

    <div align="center" style="width:300px; height:auto; float:left;border:solid 1px #DCDCDC;">
    <?php
    if($sql>0)
    {
    while($row=mysql_fetch_array($sql))
    {
    $id=$row['id'];
    $msg=$row['details'];
    ?>


    <div align="center" style="width:700px; height:auto; float:left;border:solid 1px #DCDCDC;">
    <div align="center" style="width:50px; height:auto; float:left;border:solid 1px #DCDCDC;"><?php echo $id?></div>
    <div align="center" style="width:300px; height:auto; float:left;border:solid 1px #DCDCDC;"><?php echo $msg?></div>
    <div align="center" style="width:100px; height:auto; float:left;border:solid 1px #DCDCDC;"><button onclick="window.location.href='news_edit.php'">EDIT</button></div>
    <!--<div align="center" style="width:100px; height:auto; float:left;border:solid 1px #DCDCDC;"><button onclick="window.location.href='news_delete.php'">DELETE</button></div>-->
    <div align="center" style="width:50px; height:auto; float:left;border:solid 1px #DCDCDC;"><a href="news_delete.php?id=$id">delete</a></div>
    <!--<div align="center" style="width:50px; height:auto; float:left;border:solid 1px #DCDCDC;"><input name="delete" type="submit" value="DELETE"/></div>
    -->
    <?php
    }
    }
    ?>
    </div>

    </div>


    <div align="center" style="width:100px; height:auto; float:left; margin-left:550px;"><a href="news.php">ADD NEW</a></div>
    </div><!--main div ends-->
    <!--</form>-->
    </body>
    </html>

    news_delete.php


    <?php
    session_start();
    if(isset($_POST["delete"]))
    {
    include("connection.php");

    $nid=$_SESSION['newsid'];
    $query=mysql_query("delete from news where id='".$nid."'");

    }

    header("location:news_list.php");
    ?>


    session.php

    <?php
    session_start();
    $id=$_GET["id"];
    $_SESSION["id"]=$id;

    if($_GET['nID'])
    {
    $newsid=$_GET["nID"];
    $_SESSION["newsid"]=$newsid;
    }
    ?>


    what is the problem?
    if it is the problem withn session code or something else,please help me to find it out.

  15. #15
    Technojunkie
    Join Date
    May 2004
    Location
    Up North
    Posts
    2,580
    Thanks
    239
    Thanked
    213 times in 138 posts

    Re: How can i delete database value using an html page in php?

    - you are still not cleaning your inputs - we aren't saying this for fun your know,
    if you don't your website will be easily hacked and you'll lose all your data.


    A simple first defence is to insert this line before mysql_query line in news_delete :

    $nid= mysql_real_escape_string($nid);

    and a similar line whenever part of a query is coming from user input or passed by a webpage.

    Please read this:
    http://www.php.net/manual/en/securit...-injection.php
    on why this is important.

    Oh and if you've commented out the form and its fields, there's no point testing for them later
    Last edited by mikerr; 10-04-2013 at 10:55 AM.
    Chrome & Firefox addons for BBC News
    Follow me @twitter

  16. #16
    Registered+
    Join Date
    Apr 2013
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: How can i delete database value using an html page in php?

    i cannt get you.
    i add $nid= mysql_real_escape_string($nid);
    still it is not working.
    wht is the problem?

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •