Listing table data with an option to delete each individual item.

Re: Listing table data with an option to delete each individual item.

i find it best to do thing with id numbers. the table you have shown
will obviously have a primary key for each record. so in php you do the
sql statement something like

$result = mysql_query("se lect id, name, age, sex from people",$db);
if ($myrow = mysql_fetch_arr ay($result))
{
make the table header information here. ie: titles, name ages sex...
and a row for action
do
{
echo "<tr>
$id =$myrow['id']
<td>$myrow['name']</td>
<td>$myrow['age']</td>
<td>$myrow['sex']</td>
<td><a href = 'delete.php?id= $id>delete</a></td>";

}
while ($myrow = mysql_fetch_arr ay($result))
}

then you make another page that essentially has two or three lines or
modify delete.php in the link fo $_SERVER[PHP_SELF] which come back to
the page you are looking at.

$id = $_GET['id'];
$result = mysql_query("de lete from people where id=$id",$db);
header("Refresh : 0; http://full url/whateverfirstpa gewascalled.php ");

hope this helps, php took me 3 days of looking at examples to learn. do
a few online tutorials and www.php.net is the bible. good luck

Sean Barton

Re: Listing table data with an option to delete each individual item.

Thanks Sean........... ..it helped a lot.

Re: Listing table data with an option to delete each individual item.

Sean Barton wrote:[color=blue]
> i find it best to do thing with id numbers. the table you have shown
> will obviously have a primary key for each record. so in php you do the
> sql statement something like
>
> $result = mysql_query("se lect id, name, age, sex from people",$db);
> if ($myrow = mysql_fetch_arr ay($result))
> {
> make the table header information here. ie: titles, name ages sex...
> and a row for action
> do
> {
> echo "<tr>
> $id =$myrow['id']
> <td>$myrow['name']</td>
> <td>$myrow['age']</td>
> <td>$myrow['sex']</td>
> <td><a href = 'delete.php?id= $id>delete</a></td>";
>
> }
> while ($myrow = mysql_fetch_arr ay($result))
> }
>
> then you make another page that essentially has two or three lines or
> modify delete.php in the link fo $_SERVER[PHP_SELF] which come back to
> the page you are looking at.
>
> $id = $_GET['id'];
> $result = mysql_query("de lete from people where id=$id",$db);
> header("Refresh : 0; http://full url/whateverfirstpa gewascalled.php ");
>
> hope this helps, php took me 3 days of looking at examples to learn. do
> a few online tutorials and www.php.net is the bible. good luck
>
> Sean Barton
>[/color]

You need to be VERY careful on this one. You aren't validating the data.

For instance - what happens if I type in the browser:

http://www.example.com/delete.php?id=5 +OR+1%3d1

Your query ends up as "delete from people where id=5 or 1=1";

Google for 'sql injection".

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Listing table data with an option to delete each individual item.

Message-ID: <F-qdnc_NlcIkrHveR Vn-iA@comcast.com> from Jerry Stuckle
contained the following:
[color=blue]
>You need to be VERY careful on this one. You aren't validating the data.
>
>For instance - what happens if I type in the browser:
>
> http://www.example.com/delete.php?id=5+OR+1%3d1
>
>Your query ends up as "delete from people where id=5 or 1=1";
>
>Google for 'sql injection".[/color]

Also, I would avoid having links that delete files altogether. If a
search engine ever makes it to that page all your data will be deleted.

I usually make the table a form and use checkboxes
echo "<input type ='checkbox' name='del[]'value=$id>";

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Listing table data with an option to delete each individual item.

Geoff Berrow wrote:[color=blue]
> Message-ID: <F-qdnc_NlcIkrHveR Vn-iA@comcast.com> from Jerry Stuckle
> contained the following:
>
>[color=green]
>>You need to be VERY careful on this one. You aren't validating the data.
>>
>>For instance - what happens if I type in the browser:
>>
>> http://www.example.com/delete.php?id=5+OR+1%3d1
>>
>>Your query ends up as "delete from people where id=5 or 1=1";
>>
>>Google for 'sql injection".[/color]
>
>
> Also, I would avoid having links that delete files altogether. If a
> search engine ever makes it to that page all your data will be deleted.
>
> I usually make the table a form and use checkboxes
> echo "<input type ='checkbox' name='del[]'value=$id>";
>
> Name all the boxes 'del[]' When posted the items to be deleted will be
> in an array and you can loop through it and delete them.
>[/color]

Geoff,

And what happens if I come along and post a form back to your page with:

<input type ='checkbox' name='del[]' value="1 OR 42=42">

ALWAYS validate incoming data - even if it's from a checkbox!
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Listing table data with an option to delete each individual item.

Thanks for all the feedback guys........... now I'm just scared! LOL.
I have bought a large book on PHP and studying when I can. I will look
at validating my stuff, I'm new so this will take a little while. But
my pages, directories, are password protected and reject(direct)
spiders not to crawl the site.

Again, thanks a lot guys!

-Lag.

Re: Listing table data with an option to delete each individual item.

May I ask........what did you mean when you say.........
"make the table header information here. ie: titles, name ages sex...
and a row for action"

Thanks.

Re: Listing table data with an option to delete each individual item.

to make the information appear in a standard form you need to put
everything in a table. header is simply a way of saying do your titles
here. ie:

Table
Name Sex Age Action
---------------------------------------------------------
bob M 20 Delete


the rows above the data is the header.

also i have one concern. your not storing age in a database are you??
be wary that age is a number and needs to be updated every year. what
you need to be storing is date of birth and working out the age from
there if you want to. it saves a lot of database errors in the future.

as my peers suggested validate everything. there is a variable in
$_SERVER called 'HTTP_REFERER' i think it may help. validate who is
calling the page and nobody but the page you want can access the delete
function.

dont delete anything from the database. modify the table while it is
still small. add in a checkbox field called active and set default to
yes. then modify your query for the page you want so. select * from
people where active=yes;

Good Luck

Sean Barton

Re: Listing table data with an option to delete each individual item.

Thank you very much Sean..........I promise I will not ask a question
of you again until I understand PHP a little more. LOL.

Have a good day.

-Lag.

Re: Listing table data with an option to delete each individual item.

its no problem, ive only been doing it a couple of months and im no
expert. work through a couple of php/ mysql examples online. they
really helped me. and dont forget that www.php.net wont bite although
www.mysql.com might!

regards
Sean Barton

Re: Listing table data with an option to delete each individual item.

LOL

Re: Listing table data with an option to delete each individual item.

On 2006-02-06, Sean Barton <barton.sean@gm ail.com> wrote:[color=blue]
> to make the information appear in a standard form you need to put
> everything in a table. header is simply a way of saying do your titles
> here. ie:
>
> Table
> Name Sex Age Action
> ---------------------------------------------------------
> bob M 20 Delete
>
>
> the rows above the data is the header.
>
> also i have one concern. your not storing age in a database are you??
> be wary that age is a number and needs to be updated every year. what
> you need to be storing is date of birth and working out the age from
> there if you want to. it saves a lot of database errors in the future.
>
> as my peers suggested validate everything. there is a variable in
> $_SERVER called 'HTTP_REFERER' i think it may help.[/color]

don't trust it. it's easy to fake.
[color=blue]
> validate who is calling the page and nobody
> but the page you want can access the delete
> function.[/color]

HTTP_AUTH_USER
HTTP_AUTH_PASSW ORD
[color=blue]
> dont delete anything from the database. modify the table while it is
> still small. add in a checkbox field called active and set default to
> yes. then modify your query for the page you want so. select * from
> people where active=yes;[/color]


--

Bye.
Jasen

Re: Listing table data with an option to delete each individual item.

Message-ID: <db2dnQWwkpylNn venZ2dnUVZ_tadn Z2d@comcast.com > from Jerry
Stuckle contained the following:
[color=blue][color=green]
>> Name all the boxes 'del[]' When posted the items to be deleted will be
>> in an array and you can loop through it and delete them.
>>[/color]
>
>Geoff,[/color]
[color=blue]
>
>And what happens if I come along and post a form back to your page with:
>
> <input type ='checkbox' name='del[]' value="1 OR 42=42">
>
>ALWAYS validate incoming data - even if it's from a checkbox![/color]

Jerry...you're not thinking this through. The person already has
permission to delete the data.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: Listing table data with an option to delete each individual item.

Geoff Berrow wrote:[color=blue]
> Message-ID: <db2dnQWwkpylNn venZ2dnUVZ_tadn Z2d@comcast.com > from Jerry
> Stuckle contained the following:
>
>[color=green][color=darkred]
>>>Name all the boxes 'del[]' When posted the items to be deleted will be
>>>in an array and you can loop through it and delete them.
>>>[/color]
>>
>>Geoff,[/color]
>
>[color=green]
>>And what happens if I come along and post a form back to your page with:
>>
>> <input type ='checkbox' name='del[]' value="1 OR 42=42">
>>
>>ALWAYS validate incoming data - even if it's from a checkbox![/color]
>
>
> Jerry...you're not thinking this through. The person already has
> permission to delete the data.
>[/color]

Geoff,

Oh, I'm thinking this through all right.

The case I cited would delete everything in the table. Does the person
have THAT right?


--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===