|
|
Posted by Jerry Stuckle on 02/05/06 19:11
Sean Barton wrote:
> i find it best to do thing with id numbers. the table you have shown
> will obviously have a primary key for each record. so in php you do the
> sql statement something like
>
> $result = mysql_query("select id, name, age, sex from people",$db);
> if ($myrow = mysql_fetch_array($result))
> {
> make the table header information here. ie: titles, name ages sex...
> and a row for action
> do
> {
> echo "<tr>
> $id =$myrow['id']
> <td>$myrow['name']</td>
> <td>$myrow['age']</td>
> <td>$myrow['sex']</td>
> <td><a href = 'delete.php?id=$id>delete</a></td>";
>
> }
> while ($myrow = mysql_fetch_array($result))
> }
>
> then you make another page that essentially has two or three lines or
> modify delete.php in the link fo $_SERVER[PHP_SELF] which come back to
> the page you are looking at.
>
> $id = $_GET['id'];
> $result = mysql_query("delete from people where id=$id",$db);
> header("Refresh: 0; http://full url/whateverfirstpagewascalled.php");
>
> hope this helps, php took me 3 days of looking at examples to learn. do
> a few online tutorials and www.php.net is the bible. good luck
>
> Sean Barton
>
You need to be VERY careful on this one. You aren't validating the data.
For instance - what happens if I type in the browser:
http://www.example.com/delete.php?id=5+OR+1%3d1
Your query ends up as "delete from people where id=5 or 1=1";
Google for 'sql injection".
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|