Listing table data with an option to delete each individual item.

i find it best to do thing with id numbers. the table you have shown
will obviously have a primary key for each record. so in php you do the
sql statement something like

$result = mysql_query("select id, name, age, sex from people",$db);
if ($myrow = mysql_fetch_array($result))
{
make the table header information here. ie: titles, name ages sex...
and a row for action
do
{
echo "<tr>
$id =$myrow['id']
<td>$myrow['name']</td>
<td>$myrow['age']</td>
<td>$myrow['sex']</td>
<td><a href = 'delete.php?id=$id>delete</a></td>";

}
while ($myrow = mysql_fetch_array($result))
}

then you make another page that essentially has two or three lines or
modify delete.php in the link fo $_SERVER[PHP_SELF] which come back to
the page you are looking at.

$id = $_GET['id'];
$result = mysql_query("delete from people where id=$id",$db);
header("Refresh: 0; http://full url/whateverfirstpagewascalled.php");

hope this helps, php took me 3 days of looking at examples to learn. do
a few online tutorials and www.php.net is the bible. good luck

Sean Barton

Thanks Sean.............it helped a lot.

Sean Barton wrote:

i find it best to do thing with id numbers. the table you have shown
will obviously have a primary key for each record. so in php you do the
sql statement something like

$result = mysql_query("select id, name, age, sex from people",$db);
if ($myrow = mysql_fetch_array($result))
{
make the table header information here. ie: titles, name ages sex...
and a row for action
do
{
echo "<tr>
$id =$myrow['id']
<td>$myrow['name']</td>
<td>$myrow['age']</td>
<td>$myrow['sex']</td>
<td><a href = 'delete.php?id=$id>delete</a></td>";

}
while ($myrow = mysql_fetch_array($result))
}

then you make another page that essentially has two or three lines or
modify delete.php in the link fo $_SERVER[PHP_SELF] which come back to
the page you are looking at.

$id = $_GET['id'];
$result = mysql_query("delete from people where id=$id",$db);
header("Refresh: 0; http://full url/whateverfirstpagewascalled.php");

hope this helps, php took me 3 days of looking at examples to learn. do
a few online tutorials and www.php.net is the bible. good luck

Sean Barton

You need to be VERY careful on this one. You aren't validating the data.

For instance - what happens if I type in the browser:

http://www.example.com/delete.php?id=5+OR+1%3d1

Your query ends up as "delete from people where id=5 or 1=1";

Google for 'sql injection".

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Message-ID: <F-********************@comcast.com> from Jerry Stuckle
contained the following:

You need to be VERY careful on this one. You aren't validating the data.

For instance - what happens if I type in the browser:

http://www.example.com/delete.php?id=5+OR+1%3d1

Your query ends up as "delete from people where id=5 or 1=1";

Google for 'sql injection".

Also, I would avoid having links that delete files altogether. If a
search engine ever makes it to that page all your data will be deleted.

I usually make the table a form and use checkboxes
echo "<input type ='checkbox' name='del[]'value=$id>";

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Geoff Berrow wrote:

Message-ID: <F-********************@comcast.com> from Jerry Stuckle
contained the following:

You need to be VERY careful on this one. You aren't validating the data.

For instance - what happens if I type in the browser:

http://www.example.com/delete.php?id=5+OR+1%3d1

Your query ends up as "delete from people where id=5 or 1=1";

Google for 'sql injection".

Also, I would avoid having links that delete files altogether. If a
search engine ever makes it to that page all your data will be deleted.

I usually make the table a form and use checkboxes
echo "<input type ='checkbox' name='del[]'value=$id>";

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

Geoff,

And what happens if I come along and post a form back to your page with:

<input type ='checkbox' name='del[]' value="1 OR 42=42">

ALWAYS validate incoming data - even if it's from a checkbox!
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Thanks for all the feedback guys...........now I'm just scared! LOL.
I have bought a large book on PHP and studying when I can. I will look
at validating my stuff, I'm new so this will take a little while. But
my pages, directories, are password protected and reject(direct)
spiders not to crawl the site.

Again, thanks a lot guys!

-Lag.

May I ask........what did you mean when you say.........
"make the table header information here. ie: titles, name ages sex...
and a row for action"

Thanks.

to make the information appear in a standard form you need to put
everything in a table. header is simply a way of saying do your titles
here. ie:

Table
Name Sex Age Action
---------------------------------------------------------
bob M 20 Delete
the rows above the data is the header.

also i have one concern. your not storing age in a database are you??
be wary that age is a number and needs to be updated every year. what
you need to be storing is date of birth and working out the age from
there if you want to. it saves a lot of database errors in the future.

as my peers suggested validate everything. there is a variable in
$_SERVER called 'HTTP_REFERER' i think it may help. validate who is
calling the page and nobody but the page you want can access the delete
function.

dont delete anything from the database. modify the table while it is
still small. add in a checkbox field called active and set default to
yes. then modify your query for the page you want so. select * from
people where active=yes;

Good Luck

Sean Barton

Thank you very much Sean..........I promise I will not ask a question
of you again until I understand PHP a little more. LOL.

Have a good day.

-Lag.

its no problem, ive only been doing it a couple of months and im no
expert. work through a couple of php/ mysql examples online. they
really helped me. and dont forget that www.php.net wont bite although
www.mysql.com might!

regards
Sean Barton

LOL

On 2006-02-06, Sean Barton <ba*********@gmail.com> wrote:

to make the information appear in a standard form you need to put
everything in a table. header is simply a way of saying do your titles
here. ie:

Table
Name Sex Age Action
---------------------------------------------------------
bob M 20 Delete
the rows above the data is the header.

also i have one concern. your not storing age in a database are you??
be wary that age is a number and needs to be updated every year. what
you need to be storing is date of birth and working out the age from
there if you want to. it saves a lot of database errors in the future.

as my peers suggested validate everything. there is a variable in
$_SERVER called 'HTTP_REFERER' i think it may help.
don't trust it. it's easy to fake.
validate who is calling the page and nobody
but the page you want can access the delete
function.
HTTP_AUTH_USER
HTTP_AUTH_PASSWORD
dont delete anything from the database. modify the table while it is
still small. add in a checkbox field called active and set default to
yes. then modify your query for the page you want so. select * from
people where active=yes;

--

Bye.
Jasen

Message-ID: <db******************************@comcast.com> from Jerry
Stuckle contained the following:

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

Geoff,

And what happens if I come along and post a form back to your page with:

<input type ='checkbox' name='del[]' value="1 OR 42=42">

ALWAYS validate incoming data - even if it's from a checkbox!

Jerry...you're not thinking this through. The person already has
permission to delete the data.

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Geoff Berrow wrote:

Message-ID: <db******************************@comcast.com> from Jerry
Stuckle contained the following:

Name all the boxes 'del[]' When posted the items to be deleted will be
in an array and you can loop through it and delete them.

Geoff,

And what happens if I come along and post a form back to your page with:

<input type ='checkbox' name='del[]' value="1 OR 42=42">

ALWAYS validate incoming data - even if it's from a checkbox!

Jerry...you're not thinking this through. The person already has
permission to delete the data.

Geoff,

Oh, I'm thinking this through all right.

The case I cited would delete everything in the table. Does the person
have THAT right?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Message-ID: <uP******************************@comcast.com> from Jerry
Stuckle contained the following:

Jerry...you're not thinking this through. The person already has
permission to delete the data.

Geoff,

Oh, I'm thinking this through all right.

The case I cited would delete everything in the table. Does the person
have THAT right?

Ah, you got me. <g> In fact, precisely that thought occurred to me right
after I pressed send.

Yes indeed, validation would be essential if we were dealing with a
subset of the data.

That neatly demonstrates how easy it is to overlook a weakness,
especially if a simple system is being extended. Good job we all back
up our data regularly eh? ;-)
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Thanks for all the info on my question!

Got it working......thanks again!