Here is the link style
<a href='del-user.php?id={$row['username']}'>Delete</a>
{$row['username']} will grab the username field from the Admin-CMS users table
Now..... Here is what it will take you to when you click it:
del-user.php?id=billy
NOW FOR WHAT I AM ATTEMPTING
I want to read the link and delete the row with a username of billy
Here is my del-user.php file
<?php
if($_GET['id'] != ""){
$userID = $_GET['id'];
$sql = "DELETE FROM users WHERE username='".$userID."'";
$query = mysql_query($sql);
}
?>
What am I doing wrong? Btw my database setup is
TABLE is called : users
COLUMN is called : username
First off, ESCAPE YOUR DATA. Or use prepared statements. Your code is vulnerable to SQL injection.
Second, don't use mysql
libraries. They are depreciated. You need to use mysqli
instead.
Third, where is your connection pointer? You need to have created one somewhere and pass it to your query function.
$con = mysqli_connect(...);
$result = mysqli_query($con, $sql);
I have just ran a test on a server, albeit I had to edit to run in my environment, and it ran correctly.
The entire file I used was:
<?php
include_once('pre_load.php');
login_required();
$auth = Authentication::instance();
$db = CDatabase::instance();
if(array_key_exists('id', $_GET) && !in_array($_GET['id'], array(0, ""))
{
$userID = (is_string($_GET['id']) && ctype_digit($_GET['id'])) ? $_GET['id'] : FALSE ;
if ($userID)
{
$sql = "DELETE FROM `bans` WHERE `id` ='".$userID."'";
$query = $db->execute($sql);
echo '<p>Row Deleted</p>';
}
else
{
echo '<p>Invalid ID</p>';
}
}
?>
This all ran correctly, which leads me to this question:
Is that your entire file? If so, how are you connecting to the database to initiate the deletion?
The code, in itself, looks correct and I see no error, but the fact you posted it as your file, questions whether a database connection is included.
Include the DB connection in that file, if it isn't, and your problem will be over.
If the DB connection is, in fact, in the file, post here and I'll troubleshoot some more.