i am trying to delete entries to a sql table by clicking a button. how would i write
so thatCode:<a href="???">click</a>
Code:DELETE FROM DatesTable WHERE (tDate < GETDATE())
CSS Codes
Senior Coders
delete from table sql
i am trying to delete entries to a sql table by clicking a button. how would i write
so thatCode:<a href="???">click</a>
Code:DELETE FROM DatesTable WHERE (tDate < GETDATE())
Senior Coders
Code:<a href="?delete=true">DELETE</a>PHP Code:<?php
if($_GET['delete']) {
if(mysql_query("DELETE FROM DatesTable WHERE (tDate < GETDATE())"))
echo "Deleted";
else echo "Failed at deleting";
}
?>
-Ben -- THE DYNAMIC DRIVERS
My Links: My DD Profile||My Youtube Video Tutorials||DD Helping Coders||DD Coders In Training
I told my client to press F5, the client pressed F, then 5, *facepalm*
Elite Coders
What database are you using?
Basically the page would be
I don't know how this is being used but this could be executed by anyone at anytime in this form.PHP Code:<?php
if (isset($_GET['delete']) && $_GET['delete'] = 1 ) {
DB CONNECTION
$query = "DELETE FROM DatesTable WHERE (tDate < GETDATE())";
DB Execution
echo "Deleted.";
exit();
}
?>
<a href="?delete=1">click</a>
Corrections to my coding/thoughts welcome.
Senior Coders
i see, and DB CONNECTION would be the php file that has the dB credentials?
global $Moderator;
either that, orlikewise, "DB Execution" would be something along the lines ofPHP Code:mysql_connect($host,$user,$pass);
mysql_select_db($db_name);
. But the most important thing to note is bluewalrus' comment about "anyone" being able to do this: It's not very secure.PHP Code:$result = mysql_query($query);
You need to have code that verifies who is doing this, and if they're allowed to, or you might lose your whole database unexpectedly.
Simply password-protecting the form is not sufficient. You have the code to process that form, so all someone needs to do is write their own form that uses the same fieldnames and submit it to your website with whatever values they want.
Elite Coders
Yes, or the actual connections.
For example in mssql
Could be in the file orPHP Code:$server = "server";
$connInfo = array("Database" => "Table_NAME");
$conn = sqlsrv_connect( $server, $connInfo);
if( $conn === false )
{
echo "Connect Fail.<br />";
die( print_r( sqlsrv_errors(), true));
}
then connection.php would contain, assuming it's in the same domainPHP Code:include('connection.php');
To execute the sql you'd put inPHP Code:$server = "server";
$connInfo = array("Database" => "Table_NAME");
$conn = sqlsrv_connect( $server, $connInfo);
if( $conn === false )
{
echo "Connect Fail.<br />";
die( print_r( sqlsrv_errors(), true));
}
Just saw traq's comment figure I'll leave this in case you use mssql though. Another note on that code a robot or spider if it found the link could trigger that the way it is written, this page should have some sort of verification on it.PHP Code:$query = "DELETE stuff here";
$statment = sqlsrv_query($conn, $query);
if($statment === false) {
echo "Nope. Somethings wrong.";
}
sqlsrv_free_stmt($statment);
sqlsrv_close($conn);
Corrections to my coding/thoughts welcome.
global $Moderator;
Posting Permissions
Reply With Quote
Bookmarks