Hi,

can i ask some help on how to delete records in database.im using wampserver...

I retrieve all rows and display it on the table which is php code and i want to delete rows if i will click the delete in the table...is this possible?please help me...

<?php
   print "<table border='1'>";	
     while($row = mysql_fetch_array($rlist))
	{
	  print "<tr>";			    
            print "<td>" .$row['firstname']. "</td>";
	    print "<td>" .$row['lastname']. "</td>";
            print "<td>"."delete"."</td>";
	  print "</tr>";
	}	
	  print "</table>";
	
				
				
?>
Member Avatar for diafol

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}
commented: mysaltyhash is a nice idea..! +9
commented: useful post +6

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, thank you for the reply,

can you show me how to use this in my link i am confuse...what is equal to 32?is conf a php function?im just a beginner i hope you can help me...more power to you always.

Member Avatar for diafol

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi ardav,

Okay i will try this and i will write again if i have doubt.thank you alsor for your suggestion...but can i ask some links in tutorial because i could not buy books...thank you.more power to you always...

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, please help me i am confuse with your code..

con.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from mytbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

			
 ?>

delete.php

I am confuse with the salt1 and salt2

<?php 
	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
    delelete($id);
 }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...

Thanks in advance!

Member Avatar for diafol

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

Thanks in advance

Best Regards!

Member Avatar for diafol

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:

e.g.

hash("sha512", "mysaltyhash1anothersaltyhash")

a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff

hash("whirlpool", "mysaltyhash1anothersaltyhash")

d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798

I think I already posted a link for a choice of different types:

http://diafol.org/md5.php

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:

e.g.

hash("sha512", "mysaltyhash1anothersaltyhash")

a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff

hash("whirlpool", "mysaltyhash1anothersaltyhash")

d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798

I think I already posted a link for a choice of different types:

http://diafol.org/md5.php

hi ardav,

Thank you for the reply, yes i already went to the page that you give me...are you the one who make the page?...regarding on my problem i give a try on this, and i will write again and post my code if i get problem...Thank you ardav.more power to you always....


Best Regards!

Member Avatar for diafol

Yep twas my page. :)

just to add on what Ardav have sone, ask password and verify the user is authentic before any update/delete of data!

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi, Ardav.

Sorry for the late reply.....i get an erro in my delete.php
it says that Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\edit\delete.php on line 25


here is the code.

<?php 

	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";

  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['idno'] . $salt2))
   {
     $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $conf = sha2("mysaltyhash" . $row_id . "anothersaltyhash");
						echo '<tr>';
						echo '  <td>' . $row['idno'] . '</td>';
						echo '  <td>' . $row['username'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
				
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

i change the md5 hash into sha2 because when i insert it i use sha2 in my register.php

Please help what should i do in the error...

Thaks in advance,

Member Avatar for diafol

$result = list_rec();

that function seems to have returned a true/false or 1/0

$result = list_rec();

that function seems to have returned a true/false or 1/0

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...

Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27

it's in my while loop,the $conf where should i put this

$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");

Thanks in advance...

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...

Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27

it's in my while loop,the $conf where should i put this

$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");

Thanks in advance...

There is no such function in PHP

$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)

http://www.php.net/manual/en/function.hash.php#104770

Member Avatar for diafol

I concur with evstefemd - have a look at my hash page again, and you'll see the code:

There is no such function in PHP

$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)

http://www.php.net/manual/en/function.hash.php#104770

@ardav and @evstevemd

sir,i already change but i get an error.
this is the erro.Warning: hash() [function.hash]: Unknown hashing algorithm: sha2 in C:\wamp\www\edit\edit.php on line 29

this is my whole code

conDB.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from reg_tbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

		function register($txtuser,$email,$password)
		{
      
      
			$sql= "insert into reg_tbl
			values(default,'$txtuser','$email',sha2('$password',256))";
			
			mysql_query($sql);	
			
			 
			return 'Succesfully Registered';	
	   
		}	
 ?>

edit.php

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
    
	 $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha2',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row&conf=$conf\">delete</a>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...Thank you in advance.

Member Avatar for diafol

>sha2

I've never seen this hash, isn't it sha256?

>sha2

I've never seen this hash, isn't it sha256?

Hi,ardav..Thank you for the reply,it's working now there is no error but i could not delete the data...

while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"delete.php?id=$row&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>

Thank you in advance.
Best Regards.

Member Avatar for diafol
delelete($id);

what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

delelete($id);

what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

Hello ardav,

sir still it would not delete.i change the function delelete($id) to delete($id)

please help me on this...Thank you in advance.

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
     
	 $id=$_GET['id']; 
         delete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"?id=$input&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>
Member Avatar for diafol

I told you that it's a function within a function.

Try this to see what I mean:

function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();

It won't work.

I told you that it's a function within a function.

Try this to see what I mean:

function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();

It won't work.

Hi ardav,

Thank you for this but what should i do in order to delete?...i have no idea on this...by the way sir in php calling function in the inside a function will not work?....Thank you in advance and i am hoping for your positive response.


Best Regards,

Member Avatar for diafol

My mistake, I thought the delete() function was inside the list_rec() - just the way your code was indented. Ignore my last post.

>sha2

I've never seen this hash, isn't it sha256?

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

Member Avatar for diafol

Yep, just saw that:

...$_GET['conf'] == hash("sha256", $salt1 . $_GET['id'] . $salt2))...

try that

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

hi evstevemd,

yes,thank you for your concern....

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.