0

Hi,

can i ask some help on how to delete records in database.im using wampserver...

I retrieve all rows and display it on the table which is php code and i want to delete rows if i will click the delete in the table...is this possible?please help me...

<?php
   print "<table border='1'>";	
     while($row = mysql_fetch_array($rlist))
	{
	  print "<tr>";			    
            print "<td>" .$row['firstname']. "</td>";
	    print "<td>" .$row['lastname']. "</td>";
            print "<td>"."delete"."</td>";
	  print "</tr>";
	}	
	  print "</table>";
	
				
				
?>

Edited by jemz: n/a

5
Contributors
51
Replies
53
Views
5 Years
Discussion Span
Last Post by jemz
Featured Replies
  • 3
    diafol 3,669   5 Years Ago

    make the delete text a link with the row id as a querystring parameter: [CODE]delete.php?id=$row_id[/CODE] However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the … Read More

3

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Edited by diafol: n/a

Votes + Comments
useful post
mysaltyhash is a nice idea..!
0

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, thank you for the reply,

can you show me how to use this in my link i am confuse...what is equal to 32?is conf a php function?im just a beginner i hope you can help me...more power to you always.

0

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Edited by diafol: n/a

0

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi ardav,

Okay i will try this and i will write again if i have doubt.thank you alsor for your suggestion...but can i ask some links in tutorial because i could not buy books...thank you.more power to you always...

0

make the delete text a link with the row id as a querystring parameter:

delete.php?id=$row_id

However, this is quite unsafe as anybody could enter this url and start systematically deleting your records. You could protect this action with a session id or even include a hashed key to accompany the id as a confirmation:

delete.php?id=$row_id&conf=$conf

You can base the $conf on the row_id and a 'salt':

$conf = md5("mysaltyhash" . $row_id . "anothersaltyhash");

I tend to use both (session protection and conf value).

The receiving page (delete.php):

$salt1="mysaltyhash";$salt2="anothersaltyhash";
if(isset($_GET['id']) && isset($_GET['conf']) && is_int($_GET['id']) && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
 ...do delete from DB - see MySQL manual...
}

Hi ardav, please help me i am confuse with your code..

con.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from mytbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

			
 ?>

delete.php

I am confuse with the salt1 and salt2

<?php 
	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){
    delelete($id);
 }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...

Thanks in advance!

0

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

Edited by diafol: n/a

0

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

0

OK salt1 and salt2 are the salts used to create a "reasonably" secure hash. A hash is a type of string that looks like gobbledegook to pass info securely. Unfortunately, md5() hashes can be broken as 'rainbow tables' exist, so adding random strings (salts) to them should make them more secure.

Purists may say that you should include salt into only once to avoid duplication in your code, but I've used them in two different files for clarity.

if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 32 && $_GET['conf'] == md5($salt1 . $_GET['id'] . $salt2)){

These comparison operators simply check to see if the data from the querystring (url parameters) are valid:

isset($_GET) checks to see that email=.... is there
isset($_GET) checks to see that conf=.... is there

You often need to include these first, otherwise checking for certain values of missing variables can throw errors.

strlen($_GET) == 32 is a crude check to see if conf is a md5 hash (they're always 32 characters long)

$_GET == md5($salt1 . $_GET . $salt2) checks to see if the conf value is equal to md5 hash of the first salt with the id value and the second salt.

Changing the email value in your php-derived delete link will give you a completely different md5 hash

e.g. md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 1]
will give

ad3e15e9854d2eebab873cc2c77d59c0 md5("mysaltyhash" . $row_id . "anothersaltyhash") [where $row_id = 2]
will give

732eaf8e5089b25e05e645a7f4ce0558

Check out my hash page: http://diafol.org/md5.php

Hi ardav,

Is the sha family is better to use than md5?can you please correct my code the one that i post...

Thanks in advance

Best Regards!

0

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:

e.g.

hash("sha512", "mysaltyhash1anothersaltyhash")

a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff

hash("whirlpool", "mysaltyhash1anothersaltyhash")

d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798

I think I already posted a link for a choice of different types:

http://diafol.org/md5.php

0

I suppose - depends which one you use. I'd use a salt with any one anyway.
There are many different hashes you can use:

e.g.

hash("sha512", "mysaltyhash1anothersaltyhash")

a1c3192f81f19d505505bc5a94b75401805530a47be2dd82a8bb0b3c31b046f9d257ba0afb5d0f04fe4e6b82884522a4fc18a8146820e26788381b1b909a6eff

hash("whirlpool", "mysaltyhash1anothersaltyhash")

d5523f8e2346dc4ccdd858fcf6c6abcb3d968a9dc4b50fd4c257102b91851bb1299e07cd7e15cd2932f8048d4eb78c6a60caf4bb3590b42186e86394227b5798

I think I already posted a link for a choice of different types:

http://diafol.org/md5.php

hi ardav,

Thank you for the reply, yes i already went to the page that you give me...are you the one who make the page?...regarding on my problem i give a try on this, and i will write again and post my code if i get problem...Thank you ardav.more power to you always....


Best Regards!

0

Look at the php manual http://uk3.php.net/manual/en/function.strlen.php for strlen().

If you're just a beginner, I would suggest some tutorials or buying a book on php/mysql and going through a few exercises.

echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";

or if you've got it all in html:

<a href="delete.php?id=<?php echo $row_id;?>&conf=<?php echo $conf;?>">delete</a>

Hi, Ardav.

Sorry for the late reply.....i get an erro in my delete.php
it says that Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\edit\delete.php on line 25


here is the code.

<?php 

	include_once('con.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";

  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['idno'] . $salt2))
   {
     $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $conf = sha2("mysaltyhash" . $row_id . "anothersaltyhash");
						echo '<tr>';
						echo '  <td>' . $row['idno'] . '</td>';
						echo '  <td>' . $row['username'] . '</td>';
						echo "<a href=\"delete.php?id=$row_id&conf=$conf\">delete</a>";
						
				
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

i change the md5 hash into sha2 because when i insert it i use sha2 in my register.php

Please help what should i do in the error...

Thaks in advance,

Edited by jemz: n/a

0

$result = list_rec();

that function seems to have returned a true/false or 1/0

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...

Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27

it's in my while loop,the $conf where should i put this

$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");

Thanks in advance...

Edited by jemz: n/a

0

Hi ardav, thank you for the reply,...yes,you are right i went back to the function and i used the wrong table Thank you for helping me ardav, but after fixing there is another error
it says...

Fatal error: Call to undefined function sha2() in C:\wamp\www\edit\edit.php on line 27

it's in my while loop,the $conf where should i put this

$conf = sha2("mysaltyhash" . $row['idno'] . "anothersaltyhash");

Thanks in advance...

There is no such function in PHP

$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)

http://www.php.net/manual/en/function.hash.php#104770

0

I concur with evstefemd - have a look at my hash page again, and you'll see the code:

Attachments Screenshot_1.png 141.3 KB
0

There is no such function in PHP

$input = "mysaltyhash" . $row['idno'] . "anothersaltyhash";
$conf =  hash('sha2', $input)

http://www.php.net/manual/en/function.hash.php#104770

@ardav and @evstevemd

sir,i already change but i get an error.
this is the erro.Warning: hash() [function.hash]: Unknown hashing algorithm: sha2 in C:\wamp\www\edit\edit.php on line 29

this is my whole code

conDB.php

<?php
   
		$con=mysql_connect('localhost','root','');
		 if(!$con){die('Not connected to server'.mysql_error());}
		mysql_select_db('findb',$con);
   
        function list_rec()
		{
			$lst="select * from reg_tbl";
			$lstrec=mysql_query($lst);
			return $lstrec;
		}


		function delete($id)
			{
			    
				$sql = "DELETE from mytbl where id = '$id'";
				 mysql_query($sql);
				
				
			}

		function register($txtuser,$email,$password)
		{
      
      
			$sql= "insert into reg_tbl
			values(default,'$txtuser','$email',sha2('$password',256))";
			
			mysql_query($sql);	
			
			 
			return 'Succesfully Registered';	
	   
		}	
 ?>

edit.php

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
    
	 $id=$_GET['id']; 
	 delelete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha2',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<a href=\"delete.php?id=$row&conf=$conf\">delete</a>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Please help me...Thank you in advance.

0

>sha2

I've never seen this hash, isn't it sha256?

Hi,ardav..Thank you for the reply,it's working now there is no error but i could not delete the data...

while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"delete.php?id=$row&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>

Thank you in advance.
Best Regards.

0
delelete($id);

what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

0
delelete($id);

what's that do? shouldn't it be delete($id)?
Anyway, will it even run as it's a function within a function.

Hello ardav,

sir still it would not delete.i change the function delelete($id) to delete($id)

please help me on this...Thank you in advance.

<?php 

	include_once('conDB.php');
	$salt1="mysaltyhash";
	$salt2="anothersaltyhash";
   
  if(isset($_GET['email']) && isset($_GET['conf'])  && strlen($_GET['conf']) == 256 && $_GET['conf'] == sha2($salt1 . $_GET['id'] . $salt2))
   {
     
	 $id=$_GET['id']; 
         delete($id);
   }
	
	$result = list_rec();
	

?>
<html>
	<title>Delete</title>
		<head></head>
			<body>
			<table border="1">
			<?php
				
				
				 while($row = mysql_fetch_array($result))
					{
					   $input = "mysaltyhash" . $row['idno']. "anothersaltyhash";
					   $conf=hash('sha256',$input);
						echo '<tr>';
						echo '  <td>' . $row['username'] . '</td>';
						echo '  <td>' . $row['email'] . '</td>';
						echo "<td><a href=\"?id=$input&conf=$conf\">delete</a></td>";
						echo '</tr>';
					}
			?>
			</table>	
		
			</body>
</html>

Edited by jemz: n/a

0

I told you that it's a function within a function.

Try this to see what I mean:

function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();

It won't work.

Edited by diafol: n/a

0

I told you that it's a function within a function.

Try this to see what I mean:

function getMe(){
	function getThis(){
		echo "boo";	
	}
	
}

getThis();

It won't work.

Hi ardav,

Thank you for this but what should i do in order to delete?...i have no idea on this...by the way sir in php calling function in the inside a function will not work?....Thank you in advance and i am hoping for your positive response.


Best Regards,

0

My mistake, I thought the delete() function was inside the list_rec() - just the way your code was indented. Ignore my last post.

0

>sha2

I've never seen this hash, isn't it sha256?

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

0

Yep, just saw that:

...$_GET['conf'] == hash("sha256", $salt1 . $_GET['id'] . $salt2))...

try that

0

My mistake, SHA2 is family not specific hasing algo. It should be sha256 or sha512

hi evstevemd,

yes,thank you for your concern....

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.