Delete User Help

  • jordonshaw
  • Student
  • Student
  • User avatar
  • Posts: 96
  • Loc: Tennessee

Post 3+ Months Ago

I'm having a issues and I can't figure out why. I've wrote the below code to delete a user from my site and I can't find while, but it isn't working. The thing about it is, the redirect of when the query is successful is working and I'm not getting any error message, just like the query is working, but the user is still there. Any suggestions?

Code: [ Select ]
 
<?php require_once("includes/session.php"); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php
    $id = $_GET['usr'];
    $query = "DELETE FROM SNP_Users WHERE user_id = {$id}";
        $result = mssql_query($query, $connection);
        if ($result) {
            redirect_to("index.php");
         } else {
            echo "<p>User didn't delete.</p>";
        }
?>
<?php
    if (isset($connection)) {
        mssql_close($connection);    
    }
?>
 
  1.  
  2. <?php require_once("includes/session.php"); ?>
  3. <?php require_once("includes/connection.php"); ?>
  4. <?php require_once("includes/functions.php"); ?>
  5. <?php confirm_logged_in(); ?>
  6. <?php
  7.     $id = $_GET['usr'];
  8.     $query = "DELETE FROM SNP_Users WHERE user_id = {$id}";
  9.         $result = mssql_query($query, $connection);
  10.         if ($result) {
  11.             redirect_to("index.php");
  12.          } else {
  13.             echo "<p>User didn't delete.</p>";
  14.         }
  15. ?>
  16. <?php
  17.     if (isset($connection)) {
  18.         mssql_close($connection);    
  19.     }
  20. ?>
  21.  
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • devilwood
  • Silver Member
  • Silver Member
  • User avatar
  • Posts: 436

Post 3+ Months Ago

Does the user you're using to connect to the db have all the required permissions to delete a record?

I don't really see much wrong say for maybe the brackets around {$id} in your query. Not sure if those are needed.
  • dark_lord
  • Graduate
  • Graduate
  • User avatar
  • Posts: 162
  • Loc: India-Kolkata

Post 3+ Months Ago

yeah everything is alright, not sure about the brackets

also note that

Code: [ Select ]
$query = "DELETE FROM SNP_Users WHERE user_id = ";


above query will execute and return true even if id is not set or has no value

so check if you are really getting the value of id from get parameter!
  • RedBMedia
  • Proficient
  • Proficient
  • User avatar
  • Posts: 315

Post 3+ Months Ago

Get rid of the brackets, that's not proper SQL syntax. dark_lord is right
  • Bogey
  • Genius
  • Genius
  • Bogey
  • Posts: 8388
  • Loc: USA

Post 3+ Months Ago

lol the brackets are fine... all that does is put the variable in there... it isn't rendered into the SQL as far as I can tell... I do that all the time with my queries and they all work. Those brackets aren't necessary, you could do without them, but they aren't doing anything except put in the $d into the SQL query faster.

To get an error add or die(mssql_error()) after the mssql_query. Also, sanitize your ID since it is received directly from the URL.
PHP Code: [ Select ]
<?php
$id = addslashes($_GET['usr']);
// or mssql_real_escape_string(); if there is a function for mssql like that
?>
  1. <?php
  2. $id = addslashes($_GET['usr']);
  3. // or mssql_real_escape_string(); if there is a function for mssql like that
  4. ?>
or something like that... clean it from SQL queries...

Post Information

  • Total Posts in this topic: 5 posts
  • Users browsing this forum: No registered users and 69 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.