<?php
$con = mysql_connect( 'localhost', 'root', '' );
$db = mysql_select_db( 'regis123' );
if(isset($_POST['sub']))
{
$sql2="delete from stud where firstname='$_POST[hidden]'";
mysql_query($sql2);
print ' deleted successfully';
}
?>
<table width="508" border="1">
<tr>
<td width="10"><strong> FIRSTNAME</strong></td>
<td width="30"><strong> LASTNAME</strong></td>
<td width="35"><strong> EMAILID</strong></td>
<td width="30"><strong> DOB</strong></td>
<td width="20"><strong> GENDER</strong></td>
<td width="71"><strong> ADDRESS</strong></td>
<td width="10"><strong> stand</strong></td>
<td width="10"><strong> PHONE</strong></td>
</tr>'
<?php
$sql = "select * from stud";
$query = mysql_query( $sql );
while( $row = mysql_fetch_assoc($query) )
{
print'<form action="sdisplay.php" method="POST">';
print'<tr><td>'.$row["firstname"].'</td>';
print'<td>'.$row["lastname"].'</td>';
print'<td>'.$row["emailid"].'</td>';
print'<td>'.$row["dob"].'</td>';
print'<td>'.$row["gender"].'</td>';
print'<td>'.$row["addr"].'</td>';
print'<td>'.$row["stand"].'</td>';
print'<td>'.$row["phone"].'</td>
<td><input type=submit value=delete name="sub" /></td>
<input type=hidden name=hidden value='.$row["firstname"].'/></form>';
}
?>
this is my code
it is retreiving the info frm database and displaying bt deleting the entries is not working
plz helpme
Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn’t tie you down so much to a particular database server software.
Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.
As this is “localhost” I’m guessing this is for learning purposes only, but …
If not using PDO you really should at least be using mysqli and not deprecated mysql
Deleting by first name sounds like a poor choice to me, IMHO a unique id would be better
Never trust user supplied input
Because the submit input is inside a while loop I’m guessing there will be more than one, yet I don’t see where the inputs have a unique id.
How will the script know which one is the one clicked on?
I agree that there are some hazards in this code waiting to do some bad stuff. But if you just want to figure this out for now and learn what’s going on, print out the query to see what it’s trying to do. That should help you see what isn’t right.
Change
$sql2="delete from stud where firstname='$_POST[hidden]'";
mysql_query($sql2);
to
$sql2="delete from stud where firstname='$_POST[hidden]'";
echo $sql2;
mysql_query($sql2);
Let us know what it shows.
@heena_sol;
Have a read through this SitePoint article which explains how to migrate over from the old (and now deprecated) mysql_* extension over to PDO. Deleting by firstname is a very, very bad idea, say you’ve got 50 people in the database with the firstname John and another 50 with the firstname David. If you go and delete by firstname David and John, you’ll end up deleting 100 people from the database when you probably only meant to delete two people, one called John and another called David.
By using an interger field (a length of 11 should cover any number of new members - very few websites will have in excess of 99,999,999,999 members) set as an auto increment you’ll have a value that is unique. A members email address will also serve as a unique id provided that you ensure that no registrant can use an email address that already exists in either the registration or user tables. The use of email however does have a disadvantage as a person might change email address in the future.