i am trying to delete entries to a sql table by clicking a button. how would i write


<a href="???">click</a>

so that


DELETE FROM DatesTable WHERE (tDate < GETDATE())

<a href="?delete=true">DELETE</a>



<?php
if($_GET['delete']) {
if(mysql_query("DELETE FROM DatesTable WHERE (tDate < GETDATE())"))
echo "Deleted";
else echo "Failed at deleting";
}
?>

What database are you using?

Basically the page would be


<?php
if (isset($_GET['delete']) && $_GET['delete'] = 1 ) {
DB CONNECTION
$query = "DELETE FROM DatesTable WHERE (tDate < GETDATE())";
DB Execution
echo "Deleted.";
exit();
}
?>
<a href="?delete=1">click</a>

I don't know how this is being used but this could be executed by anyone at anytime in this form.

i see, and DB CONNECTION would be the php file that has the dB credentials?

either that, or
mysql_connect($host,$user,$pass);
mysql_select_db($db_name);likewise, "DB Execution" would be something along the lines of
$result = mysql_query($query);. But the most important thing to note is bluewalrus' comment about "anyone" being able to do this: It's not very secure.

You need to have code that verifies who is doing this, and if they're allowed to, or you might lose your whole database unexpectedly.

Simply password-protecting the form is not sufficient. You have the code to process that form, so all someone needs to do is write their own form that uses the same fieldnames and submit it to your website with whatever values they want.

Yes, or the actual connections.

For example in mssql


$server = "server";
$connInfo = array("Database" => "Table_NAME");
$conn = sqlsrv_connect( $server, $connInfo);
if( $conn === false )
{
echo "Connect Fail.<br />";
die( print_r( sqlsrv_errors(), true));
}


Could be in the file or


include('connection.php');

then connection.php would contain, assuming it's in the same domain


$server = "server";
$connInfo = array("Database" => "Table_NAME");
$conn = sqlsrv_connect( $server, $connInfo);
if( $conn === false )
{
echo "Connect Fail.<br />";
die( print_r( sqlsrv_errors(), true));
}


To execute the sql you'd put in



$query = "DELETE stuff here";
$statment = sqlsrv_query($conn, $query);
if($statment === false) {
echo "Nope. Somethings wrong.";
}
sqlsrv_free_stmt($statment);
sqlsrv_close($conn);

Just saw traq's comment figure I'll leave this in case you use mssql though. Another note on that code a robot or spider if it found the link could trigger that the way it is written, this page should have some sort of verification on it.

very true about spiders, hadn't thought of that