[RESOLVED] cant delete from my database

Thikho

Hi im having problems with executing deleting my record from database using id ,it redirects back to the page which list my sender details but it does not delete pls help

my senadd.php

<table cellpadding="3" cellspacing="1" style="width:100%; margin-top: 10px">
<tr style="vertical-align: bottom;">
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=SenderName<?php echo $desc ?>">Sender Name</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=CompanyName<?php echo $desc ?>">Company Name</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=ContactPerson<?php echo $desc ?>">Contact</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=SenderReference<?php echo $desc ?>">Reference</a></td>
<td class="tableHeading" style="width:59px">&nbsp;Edit</td>
<td class="tableHeading" style="width:59px">&nbsp;Remove</td>
</tr>
<?php
// Get details from database
	$secname = $_POST['SenderName'];
	$accno = $_POST['accno'];
	$addr1 = $_POST['addr1'];		
	$addr2 = $_POST['addr2']; 
	$city = $_POST['city'];
	$compname = $_POST['compname'];
	$conts = $_POST['conts'];
	$code = $_POST['code'];  

	$senref = $_POST['senref']; 
	$sub = $_POST['sub'];
	$tel = $_POST['tel'];
	$telcode = $_POST['telcode'];


if (isset($secname)) {
   $displayError = "cannot_connect_to_db";
   echo "</tr></table>
         $displayError
         <table><tr>";
} else {

   $startVal = $start - 1;
   //$sql = "SELECT ReceiverName, CompanyName, ContactPerson, SenderReference FROM ReceiverDetails $condition ORDER BY $orderBy LIMIT $startVal,
	$sql = "SELECT SenderName, CompanyName, ContactPerson, SenderReference FROM SenderDetails ORDER BY SenderName";
  	 $result = mysql_query($sql);

   while ($row = mysql_fetch_array($result)) {
      $secname  = $row[0];
      $compname = $row[1];
      $conts    = $row[2];
      $spe      = $row[3];

  $contentDisplayed = $spe;
  $contentDisplayed = strip_tags($spe);
  $contentDisplayed = (strlen($contentDisplayed) > 200) ? substr($contentDisplayed,0,200)."..." : "$contentDisplayed";

  /*$edit       = '<div style="position: absolute; "><form action="content_block_details.php" method="post"><input type="hidden" value="'.$recname.'" name="recname"></div>'
              . '<input class="adminButton2" type="submit" value="Edit" onclick="this.form.action=\'rec_details.php\';">';*/

  //$delete     = '<input class="adminButton2" type="button" value="Delete" onclick="if (confirm(\'Please note: the information will be deleted from the database.\nAre you sure you want to delete this sender details?\')) {this.form.action = \'rec_delete.php\'; this.form.submit();}">';
 $edit    = "<a href='sec_details.php?secname=$row[0]'>Edit</a>";

 $delete     = "<a href='sen_delete.php?secname=$row[0]'>Remove</a>";

  $class      = ($class == "adminRow1") ? "adminRow2" : "adminRow1";
  echo        '<tr class="'.$class.'">'
              .'<td>'.$secname.'</td>'
              .'<td>'.$compname.'</td>'
              .'<td>'.$conts.'</td>'
              .'<td>'.$contentDisplayed.'</td>'
              .'<td style="text-align: center">'.$edit.'</td>'
              .'<td style="text-align: center">'.$delete.'</td><div style="position: absolute; "></form></div></td>'
              .'</tr>';
   }
}

?>

</tr>
</table>

<?php

echo "$nextPrevious";

include('admin_footer.php');
?>

and my sen_delete.php

<?php
include('connection.php');

// if id provided, then delete that record
if (isset($_GET['SenderName'])) {
// create query to delete record
	$sql = "DELETE FROM SenderDetails WHERE secname = '$secname'";
    	$result = mysql_query($sql) or die ("cannot delete from Sender");

}

print "<Script Language=\"JavaScript\">";
print "window.location=('senadd.php')";
print "</Script>";

?>

Thikho

Thikho wrote:

Hi im having problems with executing deleting my record from database using id ,it redirects back to the page which list my sender details but it does not delete pls help

my senadd.php

<table cellpadding="3" cellspacing="1" style="width:100%; margin-top: 10px">
<tr style="vertical-align: bottom;">
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=SenderName<?php echo $desc ?>">Sender Name</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=CompanyName<?php echo $desc ?>">Company Name</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=ContactPerson<?php echo $desc ?>">Contact</a></td>
<td class="tableHeading"><a class="headingLink" href="senadd.php?whichContentBlocks=<?php echo $whichContentBlocks ?>&orderBy=SenderReference<?php echo $desc ?>">Reference</a></td>
<td class="tableHeading" style="width:59px">&nbsp;Edit</td>
<td class="tableHeading" style="width:59px">&nbsp;Remove</td>
</tr>
<?php
// Get details from database
	$secname = $_POST['SenderName'];
	$accno = $_POST['accno'];
	$addr1 = $_POST['addr1'];		
	$addr2 = $_POST['addr2']; 
	$city = $_POST['city'];
	$compname = $_POST['compname'];
	$conts = $_POST['conts'];
	$code = $_POST['code'];  

	$senref = $_POST['senref']; 
	$sub = $_POST['sub'];
	$tel = $_POST['tel'];
	$telcode = $_POST['telcode'];


if (isset($secname)) {
   $displayError = "cannot_connect_to_db";
   echo "</tr></table>
         $displayError
         <table><tr>";
} else {

   $startVal = $start - 1;
   //$sql = "SELECT ReceiverName, CompanyName, ContactPerson, SenderReference FROM ReceiverDetails $condition ORDER BY $orderBy LIMIT $startVal,
	$sql = "SELECT SenderName, CompanyName, ContactPerson, SenderReference FROM SenderDetails ORDER BY SenderName";
  	 $result = mysql_query($sql);

   while ($row = mysql_fetch_array($result)) {
      $secname  = $row[0];
      $compname = $row[1];
      $conts    = $row[2];
      $spe      = $row[3];

  $contentDisplayed = $spe;
  $contentDisplayed = strip_tags($spe);
  $contentDisplayed = (strlen($contentDisplayed) > 200) ? substr($contentDisplayed,0,200)."..." : "$contentDisplayed";

  /*$edit       = '<div style="position: absolute; "><form action="content_block_details.php" method="post"><input type="hidden" value="'.$recname.'" name="recname"></div>'
              . '<input class="adminButton2" type="submit" value="Edit" onclick="this.form.action=\'rec_details.php\';">';*/

  //$delete     = '<input class="adminButton2" type="button" value="Delete" onclick="if (confirm(\'Please note: the information will be deleted from the database.\nAre you sure you want to delete this sender details?\')) {this.form.action = \'rec_delete.php\'; this.form.submit();}">';
 $edit    = "<a href='sec_details.php?secname=$row[0]'>Edit</a>";

 $delete     = "<a href='sen_delete.php?secname=$row[0]'>Remove</a>";

  $class      = ($class == "adminRow1") ? "adminRow2" : "adminRow1";
  echo        '<tr class="'.$class.'">'
              .'<td>'.$secname.'</td>'
              .'<td>'.$compname.'</td>'
              .'<td>'.$conts.'</td>'
              .'<td>'.$contentDisplayed.'</td>'
              .'<td style="text-align: center">'.$edit.'</td>'
              .'<td style="text-align: center">'.$delete.'</td><div style="position: absolute; "></form></div></td>'
              .'</tr>';
   }
}

?>

</tr>
</table>

<?php

echo "$nextPrevious";

include('admin_footer.php');
?>

and my sen_delete.php

<?php
include('connection.php');

// if id provided, then delete that record
if (isset($_GET['SenderName'])) {
// create query to delete record
	$sql = "DELETE FROM SenderDetails WHERE secname = '$secname'";
    	$result = mysql_query($sql) or die ("cannot delete from Sender");

}

print "<Script Language=\"JavaScript\">";
print "window.location=('senadd.php')";
print "</Script>";

?>

hoffmeister

I always use sprintf to make my query as i lerned c first so try

$sql = sprintf("DELETE FROM SenderDetails WHERE secname = \'%s\';",$secname);

The backslashs beore the sinlge speach marks lets the PHP page know its text not a control character also you was missiing the ; at the end of the query.

let me know if this helps

bradgrafelman

User-supplied data should never be placed directly into a SQL query; instead, you should first sanitize it with a function such as [man]mysql_real_escape_string/man else you're leaving yourself vulnerable to SQL injection attacks.
In sen_delete.php, you reference $secname although this variable is never defined.
In sen_delete.php, you reference $GET['SenderName'] although this variable is never defined; perhaps you meant $GET['secname'] ?

@: The backslashes in your query will cause errors; the only case where you would need to escape the single quotes is if you had used single quotes as your PHP string delimiter. Also note that the semicolon at the end of a query send via PHP is optional and usually omitted in PHP code.