deleting rec

Question

jemz -1 Master Poster

13 Years Ago

Hi,

can i ask some help on how to delete records in database.im using wampserver...

I retrieve all rows and display it on the table which is php code and i want to delete rows if i will click the delete in the table...is this possible?please help me...

<?php
   print "<table border='1'>";	
     while($row = mysql_fetch_array($rlist))
	{
	  print "<tr>";			    
            print "<td>" .$row['firstname']. "</td>";
	    print "<td>" .$row['lastname']. "</td>";
            print "<td>"."delete"."</td>";
	  print "</tr>";
	}	
	  print "</table>";
	
				
				
?>

php

Edited 13 Years Ago by jemz because: n/a

5 Contributors
51 Replies
253 Views
2 Weeks Discussion Span
Latest Post 13 Years Ago Latest Post by jemz

diafol

13 Years Ago

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Edited 13 Years Ago by diafol because: n/a

vibhaJ commented: mysaltyhash is a nice idea..! +9

karthik_ppts commented: useful post +6

diafol

13 Years Ago

I told you that it's a function within a function.

Try this to see what I mean:

function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();

It won't work.

Edited 13 Years Ago by diafol because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

jemz -1 Master Poster · Answer 1 · 2011-09-12T10:43:30+00:00

make the delete text a link with the row id as a querystring parameter:
delete.php?id=$row_id
However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:
delete.php?id=$row_id&conf=$conf
You can base the $conf on the row_id and a 'salt':
$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");
I tend to use both (session protection and conf value).
The receiving page (delete.php):
$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, thank you for the reply,

can you show me how to use this in my link i am confuse...what is equal to 32?is conf a php function?im just a beginner i hope you can help me...more power to you always.

diafol · Answer 2 · 2011-09-12T12:31:22+00:00

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

jemz -1 Master Poster · Answer 3 · 2011-09-13T10:47:49+00:00

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().
If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.
echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
or if you've got it all in html:
<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi ardav,

Okay i will try this and i will write again if i have doubt.thank you alsor for your suggestion...but can i ask some links in tutorial because i could not buy books...thank you.more power to you always...

karthik_ppts 81 Posting Pro · Answer 4 · 2011-09-13T11:17:50+00:00

http://www.daniweb.com/web-development/php/threads/367896

jemz -1 Master Poster · Answer 5 · 2011-09-14T22:26:32+00:00

make the delete text a link with the row id as a querystring parameter:
delete.php?id=$row_id
However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:
delete.php?id=$row_id&conf=$conf
You can base the $conf on the row_id and a 'salt':
$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");
I tend to use both (session protection and conf value).
The receiving page (delete.php):
$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, please help me i am confuse with your code..

con.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from mytbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

			
 ?>

delete.php

I am confuse with the salt1 and salt2

<?php 
	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
    delelete($id);
 }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...

Thanks in advance!

diafol · Answer 6 · 2011-09-15T00:53:46+00:00

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

jemz -1 Master Poster · Answer 7 · 2011-09-16T21:55:46+00:00

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.
Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.
if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
These comparison operators simply check to see if the data from the querystring (url parameters) are valid:
isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there
You often need to include these first, otherwise checking for certain values of missing variables can throw errors.
strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)
$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.
Changing the email value in your php-derived delete link will give you a completely different md5 hash
e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give
ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give
732eaf8e5089b25e05e645a7f4ce0558
Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

jemz -1 Master Poster · Answer 8 · 2011-09-16T21:56:03+00:00

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.
Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.
if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
These comparison operators simply check to see if the data from the querystring (url parameters) are valid:
isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there
You often need to include these first, otherwise checking for certain values of missing variables can throw errors.
strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)
$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.
Changing the email value in your php-derived delete link will give you a completely different md5 hash
e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give
ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give
732eaf8e5089b25e05e645a7f4ce0558
Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

Thanks in advance

Best Regards!

diafol · Answer 9 · 2011-09-16T22:04:49+00:00

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:

e.g.

hash("sha512", "mysaltyhash1anothersaltyhash")

a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff

hash("whirlpool", "mysaltyhash1anothersaltyhash")

d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798

I think I already posted a link for a choice of different types:

http://diafol.org/md5.php

jemz -1 Master Poster · Answer 10 · 2011-09-17T19:08:11+00:00

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:
e.g.
hash("sha512", "mysaltyhash1anothersaltyhash")
a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff
hash("whirlpool", "mysaltyhash1anothersaltyhash")
d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798
I think I already posted a link for a choice of different types:
http://diafol.org/md5.php

hi ardav,

Thank you for the reply, yes i already went to the page that you give me...are you the one who make the page?...regarding on my problem i give a try on this, and i will write again and post my code if i get problem...Thank you ardav.more power to you always....

Best Regards!

diafol · Answer 11 · 2011-09-17T20:28:44+00:00

Yep twas my page. :)

Stefano Mtangoo 455 Senior Poster · Answer 12 · 2011-09-17T22:21:49+00:00

just to add on what Ardav have sone, ask password and verify the user is authentic before any update/delete of data!

jemz -1 Master Poster · Answer 13 · 2011-09-21T16:16:49+00:00

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().
If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.
echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
or if you've got it all in html:
<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi, Ardav.

Sorry for the late reply.....i get an erro in my delete.php
it says that Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\edit\delete.php on line 25

here is the code.

<?php 

	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";

  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['idno'] . $salt2))
   {
     $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $conf = sha2("mysaltyhash" . $row_id . "anothersaltyhash");
						echo '<tr>';
						echo '  <td>' . $row['idno'] . '</td>';
						echo '  <td>' . $row['username'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
				
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

i change the md5 hash into sha2 because when i insert it i use sha2 in my register.php

Please help what should i do in the error...

Thaks in advance,

diafol · Answer 14 · 2011-09-21T17:13:46+00:00

$result = list_rec();

that function seems to have returned a true/false or 1/0

jemz -1 Master Poster · Answer 15 · 2011-09-21T21:56:55+00:00

$result = list_rec();
that function seems to have returned a true/false or 1/0

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...

Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27

it's in my while loop,the $conf where should i put this

$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");

Thanks in advance...

Stefano Mtangoo 455 Senior Poster · Answer 16 · 2011-09-21T22:49:46+00:00

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...
Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27
it's in my while loop,the $conf where should i put this
$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");
Thanks in advance...

There is no such function in PHP

$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)

http://www.php.net/manual/en/function.hash.php#104770

diafol · Answer 17 · 2011-09-22T02:15:59+00:00

I concur with evstefemd - have a look at my hash page again, and you'll see the code:

jemz -1 Master Poster · Answer 18 · 2011-09-22T11:02:55+00:00

There is no such function in PHP
$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)
http://www.php.net/manual/en/function.hash.php#104770

@ardav and @evstevemd

sir,i already change but i get an error.
this is the erro.Warning: hash() [function.hash]: Unknown hashing algorithm: sha2 in C:\wamp\www\edit\edit.php on line 29

this is my whole code

conDB.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from reg_tbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

		function register($txtuser,$email,$password)
		{
      
      
			$sql= "insert into reg_tbl
			values(default,'$txtuser','$email',sha2('$password',256))";
			
			mysql_query($sql);	
			
			 
			return 'Succesfully Registered';	
	   
		}	
 ?>

edit.php

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
    
	 $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha2',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row&conf=$conf\">delete</a>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...Thank you in advance.

diafol · Answer 19 · 2011-09-22T12:41:25+00:00

>sha2

I've never seen this hash, isn't it sha256?

jemz -1 Master Poster · Answer 20 · 2011-09-22T13:46:05+00:00

>sha2
I've never seen this hash, isn't it sha256?

Hi,ardav..Thank you for the reply,it's working now there is no error but i could not delete the data...

while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"delete.php?id=$row&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>

Thank you in advance.
Best Regards.

diafol · Answer 21 · 2011-09-22T21:37:37+00:00

delelete($id);

what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

jemz -1 Master Poster · Answer 22 · 2011-09-23T11:03:25+00:00

delelete($id);
what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

Hello ardav,

sir still it would not delete.i change the function delelete($id) to delete($id)

please help me on this...Thank you in advance.

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
     
	 $id=$_GET['id']; 
         delete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"?id=$input&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

jemz -1 Master Poster · Answer 23 · 2011-09-23T21:15:25+00:00

I told you that it's a function within a function.
Try this to see what I mean:
function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();
It won't work.

Hi ardav,

Thank you for this but what should i do in order to delete?...i have no idea on this...by the way sir in php calling function in the inside a function will not work?....Thank you in advance and i am hoping for your positive response.

Best Regards,

diafol · Answer 24 · 2011-09-23T21:48:02+00:00

My mistake, I thought the delete() function was inside the list_rec() - just the way your code was indented. Ignore my last post.

Stefano Mtangoo 455 Senior Poster · Answer 25 · 2011-09-23T23:09:15+00:00

>sha2
I've never seen this hash, isn't it sha256?

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

diafol · Answer 26 · 2011-09-23T23:27:36+00:00

Yep, just saw that:

...$_GET['conf'] == hash("sha256", $salt1 . $_GET['id'] . $salt2))...

try that

jemz -1 Master Poster · Answer 27 · 2011-09-23T23:58:35+00:00

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

hi evstevemd,

yes,thank you for your concern....