|
PHP - Delete From Db...some Really Bad Code
I know this is bad code but I got it to work. I tried using only the delete statement but could find no way to see if the record existed. I had a heck of a time getting the number of rows (there can only be one unique id). And finally, I could not get the if/else to work.
Would anyone care to show me how a pro would do it? Thanks <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <?php // delete airplane in database // Connect to database ===================================================== include("connect_db.php"); // retrieve form data from form2.html ========================================== $id = $_POST['id']; // Send query =========================================================== $query = "SELECT * FROM airplanes WHERE id='$id'"; if (!mysql_query($query)){ die('Error :' .mysql_error()); } $result = mysql_query ($query); $num = mysql_num_rows($result); // Check to see if record exists ============================================== if (mysql_num_rows($result) == 1) { mysql_query("DELETE FROM airplanes WHERE id='$id'"); print 'Airplane successfully deleted'; } // Record not in db ========================================================= if (mysql_num_rows($result) == 0) { print '<big style="color: red;"><span style="font-weight: bold;"> ERROR MESSAGE:</span></big> ID number not found'; echo "<br />"; echo "<br />"; print 'Use the BACK button on your browser to try again'; echo "<br />"; } echo "<br />"; echo '<p>Return to <a href="members_menu.html">Members Menu Here</a></p>'; ?> </body> </html> Similar TutorialsHello, I am a new user here and new in php coding also. I am a student and i have this task to create a simple website and I am stacked at the Amend and Delete data, so i could really use any help asap. I really need your help because i have to finish this now. I have this search.php that searches my users and displays the user-names and next to them an Amend and a Delete button the links are like this: echo "<a href=:\"amend.php?id=" . $a_row['username'] . "\">Amend user</a>"; echo "<span> </span>"; echo "<a href=:\"delete.php?id=" .$a_row['username'] . "\">Delete user</a>" what code should i have in amend.php to make this work? Thanks in advance No errors come up when I run this but it just doesn't delete the entry. <? $rec = $_POST['stock']; if (!$rec){ die ('Please eneter a stock number'); } $link = mysql_connect("xxxx","xxx","xxx"); mysql_select_db('wadkin', $link) or die( "Unable to select database"); mysql_query("DELETE FROM 'wadkin'.'stocklist' WHERE 'stocklist'.'Stock Number' = $rec") or die ('Query failed'); mysql_close($link); ?> Can someone please correct, (btw I have also tried... "DELETE FROM stocklist WHERE 'Stock Number' = $rec") Hello all. In lack of better terms, I am a programming noobie when it comes to designing code. I can look at a code and figure it out, but basically I am trying to figure this out. I host a website from home, running on a server 2008 machine, with apache/php, basically to share files from home, work, friends house, wherever I need. I do have a FTP for this, but I also want to be able to upload files via http. I actually want to be able to set a time or date that the file will auto-delete. Such as, I select a file from my local machine, set the deletion time to 1 hour/60 minutes/3600 seconds, whatever, upload it to the site, and it spit back a url that I can access that file for that set amount of time. It would be great to implement something like bit.ly to shorten the link, or even something to randomize the link. Any ideas on that from anyone? Willing to donate (paypal) a little bit if someone can actually help me out, or point me in the right direction. A week on google has proved useless. Thanks so much. I'd like to write - or acquire - code that displays a simple table (name, phone number, email address, plus a comments field) on a web page in a password-protected page and allows a user to add his own information, update it or delete it. I figure hundreds of people and companies have written something like this so I'd like to find either an example I can imitate or even an existing package that I can simply customize to the specifics for my own table. Can anyone help me with that? Or am I going to have to reinvent the wheel for the gazillionth time and write it myself? Hi all. Here is my scripts which allow user to check multiple rows of data and delete it , but it require select data and click for twice to delete the rows , what should be the error? Code: [Select] <form name="frmSearch" method="post" action="insert-add.php"> <table width="600" border="1"> <tr> <th width="50"> <div align="center">#</div></th> <th width="91"> <div align="center">ID </div></th> <th width="198"> <div align="center">First Name </div></th> <th width="198"> <div align="center">Last Name </div></th> <th width="250"> <div align="center">Mobile Company </div></th> <th width="100"> <div align="center">Cell </div></th> <th width="100"> <div align="center">Workphone </div></th> <th width="100"> <div align="center">Group </div></th> </tr> </form> <? echo "<form name='form1' method='post' action=''>"; while($objResult = mysql_fetch_array($objQuery)) { echo "<tr>"; echo "<td align='center'><input name=\"checkbox[]\" type=\"checkbox\" id=\"checkbox[]\" value=\"$objResult[addedrec_ID]\"></td>"; echo "<td>$objResult[addedrec_ID] </td>"; echo "<td>$objResult[FirstName]</td>"; echo "<td>$objResult[LastName] </td>"; echo "<td>$objResult[MobileCompany] </td>"; echo "<td>$objResult[Cell] </td>"; echo "<td>$objResult[WorkPhone] </td>"; echo "<td>$objResult[Custgroup] </td>"; echo "</tr>"; } echo "<td colspan='7' align='center'><input name=\"delete\" type=\"submit\" id=\"delete\" value=\"Delete\">"; if (isset($_POST['delete']) && isset($_POST['checkbox'])) // from button name="delete" { $checkbox = ($_POST['checkbox']); //from name="checkbox[]" $countCheck = count($_POST['checkbox']); for($d=0;$d<$countCheck;$d++) { $del_id = $checkbox[$d]; $sql = "DELETE from UserAddedRecord where addedrec_ID = $del_id"; $result2=mysql_query($sql) or trigger_error(mysql_error());;; } if($result2) { $fgmembersite->GetSelfScript(); } else { echo "Error: ".mysql_error(); } } echo "</form>"; Thanks for every reply. <body> <?php
include 'sql.php';
$query = "SELECT * FROM validation";
$result = mysqli_query($con , $query);
$rows = mysqli_fetch_assoc($result) ;
$totals = mysqli_num_rows($result) ;
?>
<div id="css">
<form >
<table width="80%" border="0" cellpadding="2" cellspacing="2" >
<caption><h2>Personal Details of Customers</h2></caption>
<tr class="white">
<td bgcolor="#330033"> </td>
<td bgcolor="#330033"> Id Number </td>
<td bgcolor="#330033"> Full Name </td>
<td bgcolor="#330033"> Email Address </td>
<td bgcolor="#330033"> Website </td>
<td bgcolor="#330033"> Comment </td>
<td bgcolor="#330033"> Time </td>
</tr>
<?php while($rows=mysqli_fetch_assoc($result)
{
<tr>
<input type="raido" name="ID" value="<?php echo $rows['ID']; ?>" />
<td bgcolor="#FFFFCC"><?php echo $rows['ID'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Name'];?> </td>
<td bgcolor="#FFFFCC"><?php echo $rows['Email'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Website'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Comment'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Time'];?></td>
<td> </td>
<td> <a href="delete.php? ID= "$rows[ID]" /"> <input type="submit" name="del" value="Delete" /> </a> <input type="button" name= "edit" value="Edit" /> </td>
</tr>
}
?></table> </form> </div> </body> Hi,
I wish to find out is there any possible that I can delete some data inside my php website but inside my sql database, the record will still at there?
Thank you.
I have a webpage where all the database items are displyes in a table format.The table also has a check box.Upon clicking the delete button i need to delete all the items whish has the checkbox checked. How will i do that I'm trying to set it so that it will delete an entire populated directory based upon a value in the database then after finishing that to go back and delete that row in the database. my current code is Code: [Select] <?php $page_title = "Central Valley LLC | Photo Addition" ?> <?php include("header.php"); ?> <?php include("nav.html"); ?> <div id="content"> <form action="delprod.php" method="post" enctype="multipart/form-data"> <label for="which">Choose A Product To Remove:</label> <?php $con = mysql_connect("localhost","phoenixi_cv","centraladmin"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("phoenixi_cvproducts", $con); $result = mysql_query("SELECT * FROM Products"); echo "<select name=\"which\">"; while($row = mysql_fetch_array($result)) { echo "<option "; echo "value=\"" . $row['id'] . "\">"; echo $row['Name'] . "</option>"; } echo "</select>"; mysql_close($con); ?> <br /> <input type="submit" name="submit" value="Submit" /> </form> </div><!--#content--> <?php include("footer.html") ?> and the delete script Code: [Select] <?php $con = mysql_connect("localhost","phoenixi_cv","centraladmin"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("phoenixi_cvproducts", $con); $result = mysql_query("SELECT id FROM Products WHERE id=$_POST['which']"); $row = mysql_fetch_array($result) chdir('assets'); chdir('images'); $mydir = $row . '/'; $d = dir($mydir); while($entry = $d->read()) { if($entry!="." && $entry!="..") { unlink($_POST['which'] . '/' . $entry); } } rmdir($mydir); $result = mysql_query("DELETE * FROM Producs WHERE id=$_POST['which']"); ?> Thank you in advance for all your help. any easier ways of approaching this will be welcome as well I am building a user interface to manipulate a database I have in mySQL and one of the functions is deleting records from a table I call Titles. Given my primary key is mID and a column in the table is Title, here is the code I'm working with: $sql="delete from myDb.Titles where mID=" . $_GET['mID']; if (mysql_query($sql)) { $target="delete.php?"; } echo "Successfully deleted title: " . $_GET['Title']; The actual delete itself is working fine and the record deletes properly. What I am trying to do is display the Title field associated with the record being deleted and it's not working. I don't know if I am misusing the GET function or not, but that's where I am. Any help would be appreciated. nevermind delete I want to delete record which i clicked the delete button in the table. I want a confirm box for delete Help me solve.. Here is code display.php Code: [Select] <?php $cn=mysql_connect("localhost","root",""); mysql_select_db("register",$cn); $qry2=mysql_query("SELECT * FROM reg_table"); ?> <html> <head> <script type="text/javascript"> function show_confirm() { var r=confirm("Do you want to Delete?"); if (r==true) { } else { alert("You pressed Cancel!"); } } </script> </head> <body> <form action="delete.php" method="get"> <table width="200" border="1"> <tr> <th scope="col">Name</th> <th scope="col">Address</th> <th scope="col">Gender</th> <th scope="col">Qualify</th> </tr> <?php while($res=mysql_fetch_array($qry2)) {?> <tr> <td><?php echo $res['name']; ?></td> <td><?php echo $res['adrs']; ?></td> <td><?php echo $res['gender']; ?></td> <td><?php echo $res['qualify']; ?></td> <td> <a href="edit.php?uid=<?php echo $res['id']; ?>">edit</a></td> <!--<td> <button type="button" onClick="return show_confirm();">Delete</button> </td> --> <td> <input type="hidden" name="nid" value="<?php echo $res['id']; ?>" /> </td> <td> <input type="submit" value="Delete" name="del" onClick="return show_confirm();"> </td> </tr> <?php } ?> </table> </form> </body> </html> delete.php Code: [Select] <html> <body> <?php $cn=mysql_connect("localhost","root",""); mysql_select_db("register",$cn); $del_id=$_GET['nid']; $qry=mysql_query("delete from reg_table where id='".$del_id."' ") or die(mysql_error()); if($qry) { echo "deleted"; } else { echo "not deleted"; } ?> <!--<form action="update.php" method="get"> <br /> Name: <input name="name" type="text" maxlength="20" /><br /><br /> <input type="hidden" name="uno" value="// echo $id; "> <input name="submit" type="submit" value="Save" /> </form> --> </body> </html> I need a bit of help. I am displaying records from a db, and want the user to be able to delete a record. I'm almost there (I think) but it doesn't pass the variable ($hours_id) to the delete query. Any ideas? Should be easy...but I'm just at my end. <?php include '../php/config_conn.php'; $querysum = "SELECT SUM(total_time) FROM `coop_hours` where user = '".$_SESSION['user_name']."'"; $resultsum = mysql_query($querysum); $arr = mysql_fetch_row($resultsum); $resulthours = $arr[0]; $querytime = "SELECT * FROM `coop_hours` WHERE user = '".$_SESSION['user_name']."' ORDER BY 'date_completed'"; $result = mysql_query($querytime); $num = mysql_num_rows($result); mysql_close(); echo "<table width='800' cellpadding='0'><tr> <td><strong>Coop Job</strong></td> <td align=center><strong>Date Completed</strong></td> <td align=center><strong>Total Time</strong></td> <td><strong>Comments</strong></td><td>Delete Entry</td></tr>"; $i=0; while ($i < $num) { $hours_id = mysql_result($result, $i, "hours_id"); $user = mysql_result($result, $i, "user"); $coop_job = mysql_result($result, $i, "coop_job"); $date_completed = mysql_result($result, $i, "date_completed"); $start_time = mysql_result($result, $i, "start_time"); $end_time = mysql_result($result, $i, "end_time"); $total_time = mysql_result($result, $i, "total_time"); $comments = mysql_result($result, $i, "comments"); echo "<tr><td>$coop_job</td> <td align=center>$date_completed</td> <td align=center>$total_time</td> <td>$comments</td> <td align=center> <a href='php/del.php'><img src='images/del.png'></a></td> </tr>"; $i++; } echo "<tr><td colspan=5><hr></td></tr>"; echo "<tr><td></td><td align=right>Total hours:</td><td align=center>$resulthours</td><td></td></tr>"; echo "<table>"; ?> And here is del.php: <?php include '../../php/config_conn.php'; $del_query = ("DELETE FROM coop_hours WHERE hours_id = '".$hours_id."' LIMIT 1"); $result = mysql_query($del_query); header("Location: http://.../myaccount-testing.php"); ?> Hello, the user selects an id (sid) on select form then presses confirm button. Below is my delete function however I have error : Warning: Missing argument 5 for dbstudent::delete_student(), called in C:\xampp\htdocs\cw1\delstudent.php on line 36 and defined in C:\xampp\htdocs\cw1\studentfunc.php on line 28 SQL Insertion error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(sid, name, address, postcode, photo) from student where values ('1', '', '', '' at line 1 Please advise!! function delete_student($sid, $name, $address, $postcode, $photo) { $esc_name = mysql_real_escape_string($name, $this->conn); $esc_address = mysql_real_escape_string($address, $this->conn); $esc_postcode = mysql_real_escape_string($postcode, $this->conn); $esc_photo = mysql_real_escape_string($photo, $this->conn); $sql = "delete (sid, name, address, postcode, photo) from student where values ('{$sid}', '{$esc_name}', '{$esc_address}', '{$esc_postcode}', '{$esc_photo}')"; $result = mysql_query($sql, $this->conn); if (!$result) { die("SQL Insertion error: " . mysql_error()); } else { $numofrows = mysql_affected_rows($this->conn); return $numofrows; } } Hi, I need a simple command to delete all rows where userID = 2567 I had a shot but didn't work: DELETE FROM * WHERE userID='2567' || usgID='2567' My website is spammed by this user so I want to delete all records by this userID in my database. Hope someone can help and thanks! Hi,i know this is a duplicated thread but i have made changed to code and I have been trying to create a functionality which allows users to delete multiple entries from database, I have been working on this for a while now but cant get my head around it, can u please tell me what im doing wrong here? thanks in advance <?php session_start(); include ("../global.php"); //welcome messaage $username=$_SESSION['username']; echo "$username"; $query=mysql_query("SELECT id FROM users WHERE username='$username'"); while($row = mysql_fetch_assoc($query)) { $user_id = $row['id']; echo $id; } $per_page=5; $start=$_GET['start']; $record_count =mysql_num_rows(mysql_query("SELECT * FROM rent")); ?> <td><form name="form1" method="post" action=""> </td> <?php $max_page=$record_count/$per_page; if(!$start) $start=0; $result= mysql_query("SELECT id, msg, title, reference FROM msg LIMIT $start, $per_page"); while($row = mysql_fetch_array($result)) { $id=$row['id']; $msg=$row['msg']; $reference=$row['reference']; $title=$row['title']; ?> <table> <tr> <td align="center" bgcolor="#FFFFFF"><input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $rows['id']; ?>"></td> <td><?php echo $title; ?></td> <td><?php echo $id; ?></td> <td><?php echo $reference; ?></td> <td><?php echo $msg; ?></td> </tr> </table> <tr> <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td> </tr> <?php //while } $prev=$start - $per_page; $next=$start + $per_page; if(!($start<=0)) echo "<a href='view-data.php?start=$prev'>Previous</a>"; if(!($start>=$record_count-$per_page)) echo "<a href='view-data.php?start=$next'>Next</a>"; if(isset($_POST['delete'])) { for($i = 0; $i <= count($_POST['checkbox']); $i++) { $del_id = $checkbox[$i]; $sql = "DELETE FROM rent WHERE id='$del_id'"; $result = mysql_query($sql); } if($result) { header('Location: view-data.php'); } } ?> </table> </form> hi. just a quick question about a delete link i have on a page ive made. basically with the code i have currently...nothing at all happens when i click delete...and i cant for the life of me see the problem. here is the code for the page where the delete link is. $sql=mysql_query("SELECT items.itemname, cat.catid, cat.category FROM items,cat WHERE cat.catid=items.catid"); $temp_item = ""; while($res=mysql_fetch_array($sql)) { echo "<table cellpadding='0' cellspacing='0' width='700'><tr>"; if($res['category'] != $temp_cat ) { echo "<td width='30%'>" . "<b>" . $res['category'] . "</b>" . "</td>" . "<td width='30%'><a href='delcat.php?id=$res[catid]'>Delete Category</a></td></tr>"; $temp_cat=$res['category']; } and here is the code for the delete page that should do the deleting. include_once("config_class.php"); $db = new db(); // open up the database object $db->connect(); // connect to the database //getting id of the data from url $id = $_GET['id']; //deleting the row from table $result=mysql_query("DELETE FROM cat WHERE listid=$id"); //redirecting to the display page (index.php in our case) header("Location:list.php?id=$id"); as i said nothing happens...please help anybody? I get registered spammers on my website, they seem to bypass captcha (manually spamming I believe) and we all know why IP ban is no good so I want to be able to simply delete all rows on my database where this user comes from. Can you use one query to delete from all tables with WHERE userID= '$userID' ?? ok, so how would I insert a link to remove a photo from this code: Code: [Select] <?php include("connect_to_mysql_1.php"); $query = "SELECT link, id FROM products where page123=$page ORDER BY listorder ASC "; $result = mysql_query($query); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $link = stripslashes($row['link']); $id = stripslashes($row['id']); ?> <li id="arrayorder_<?php echo $id ?>"> <img src="<?php echo $link; ?>" width="300" height="250"/> <div class="clear"></div> </li> <?php } ?> </ul> the images are able to move around but I need to know a way to keep photos with their own delete link. I am thinking of someway using listorder and the page123 to do it. could anybody help. I can't really think of a good way to describe the issue... This script add and delete data to the database, it add it correctly but it's not able to delete it. I appreciate somebody more expert to me to help me. thank you. <?php require 'include/db.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Check your connection parameters.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); switch ($_POST['action']) { case 'Add Character': // escape incoming values to protect database $alias = mysql_real_escape_string($_POST['alias'], $db); $real_name = mysql_real_escape_string($_POST['real_name'], $db); $address = mysql_real_escape_string($_POST['address'], $db); $city = mysql_real_escape_string($_POST['city'], $db); $state = mysql_real_escape_string($_POST['state'], $db); $zipcode_id = mysql_real_escape_string($_POST['zipcode_id'], $db); $alignment = ($_POST['alignment'] == 'good') ? 'good' : 'evil'; // add character information into database tables $query = 'INSERT IGNORE INTO comic_zipcode (zipcode_id, city, state) VALUES ("' . $zipcode_id . '", "' . $city . '", "' . $state . '")'; mysql_query($query, $db) or die (mysql_error($db)); $query = 'INSERT INTO comic_lair (lair_id, zipcode_id, address) VALUES (NULL, "' . $zipcode_id . '", "' . $address . '")'; mysql_query($query, $db) or die (mysql_error($db)); // retrieve new lair_id generated by MySQL $lair_id = mysql_insert_id($db); $query = 'INSERT INTO comic_character (character_id, alias, real_name, lair_id, alignment) VALUES (NULL, "' . $alias . '", "' . $real_name . '", ' . $lair_id . ', "' . $alignment . '")'; mysql_query($query, $db) or die (mysql_error($db)); // retrieve new character_id generated by MySQL $character_id = mysql_insert_id($db); if (!empty($_POST['powers'])) { $values = array(); foreach ($_POST['powers'] as $power_id) { $values[] = sprintf('(%d, %d)', $character_id, $power_id); } $query = 'INSERT IGNORE INTO comic_character_power (character_id, power_id) VALUES ' . implode(',', $values); mysql_query($query, $db) or die (mysql_error($db)); } if (!empty($_POST['rivalries'])) { $values = array(); foreach ($_POST['rivalries'] as $rival_id) { $values[] = sprintf('(%d, %d)', $character_id, $rival_id); } // alignment will affect column order $columns = ($alignment = 'good') ? '(hero_id, villain_id)' : '(villain_id, hero_id)'; $query = 'INSERT IGNORE INTO comic_rivalry ' . $columns . ' VALUES ' . implode(',', $values); mysql_query($query, $db) or die (mysql_error($db)); } $redirect = 'list_characters.php'; break; case 'Delete Character': // make sure character_id is a number just to be safe $character_id = (int)$_POST['character_id']; // delete character information from tables $query = 'DELETE FROM c, l USING comic_character c, comic_lair l WHERE c.lair_id = l.lair_id AND c.character_id = ' . $character_id; mysql_query($query, $db) or die (mysql_error($db)); $query = 'DELETE FROM comic_character_power WHERE character_id = ' . $character_id; mysql_query($query, $db) or die (mysql_error($db)); $query = 'DELETE FROM comic_rivalry WHERE hero_id = ' . $character_id . ' OR villain_id = ' . $character_id; mysql_query($query, $db) or die (mysql_error($db)); $redirect = 'list_characters.php'; break; case 'Edit Character': // escape incoming values to protect database $character_id = (int)$_POST['character_id']; $alias = mysql_real_escape_string($_POST['alias'], $db); $real_name = mysql_real_escape_string($_POST['real_name'], $db); $address = mysql_real_escape_string($_POST['address'], $db); $city = mysql_real_escape_string($_POST['city'], $db); $state = mysql_real_escape_string($_POST['state'], $db); $zipcode_id = mysql_real_escape_string($_POST['zipcode_id'], $db); $alignment = ($_POST['alignment'] == 'good') ? 'good' : 'evil'; // update existing character information in tables $query = 'INSERT IGNORE INTO comic_zipcode (zipcode_id, city, state) VALUES ("' . $zipcode_id . '", "' . $city . '", "' . $state . '")'; mysql_query($query, $db) or die (mysql_error($db)); $query = 'UPDATE comic_lair l, comic_character c SET l.zipcode_id = ' . $zipcode_id . ', l.address = "' . $address . '", c.real_name = "' . $real_name . '", c.alias = "' . $alias . '", c.alignment = "' . $alignment . '" WHERE c.character_id = ' . $character_id . ' AND c.lair_id = l.lair_id'; mysql_query($query, $db) or die (mysql_error($db)); $query = 'DELETE FROM comic_character_power WHERE character_id = ' . $character_id; mysql_query($query, $db) or die (mysql_error($db)); if (!empty($_POST['powers'])) { $values = array(); foreach ($_POST['powers'] as $power_id) { $values[] = sprintf('(%d, %d)', $character_id, $power_id); } $query = 'INSERT IGNORE INTO comic_character_power (character_id, power_id) VALUES ' . implode(',', $values); mysql_query($query, $db) or die (mysql_error($db)); } $query = 'DELETE FROM comic_rivalry WHERE hero_id = ' . $character_id . ' OR villain_id = ' . $character_id; mysql_query($query, $db) or die (mysql_error($db)); if (!empty($_POST['rivalries'])) { $values = array(); foreach ($_POST['rivalries'] as $rival_id) { $values[] = sprintf('(%d, %d)', $character_id, $rival_id); } // alignment will affect column order $columns = ($alignment = 'good') ? '(hero_id, villain_id)' : '(villain_id, hero_id)'; $query = 'INSERT IGNORE INTO comic_rivalry ' . $columns . ' VALUES ' . implode(',', $values); mysql_query($query, $db) or die (mysql_error($db)); } $redirect = 'list_characters.php'; break; case 'Delete Selected Powers': if (!empty($_POST['powers'])) { // escape incoming values to protect database-- they should be numeric // values, but just to be safe $powers = implode(',', $_POST['powers']); $powers = mysql_real_escape_string($powers, $db); // delete powers $query = 'DELETE FROM comic_power WHERE power_id IN ("' . $powers . '")'; mysql_query($query, $db) or die (mysql_error($db)); $query = 'DELETE FROM comic_character_power WHERE power_id IN ("' . $powers . '")'; mysql_query($query, $db) or die (mysql_error($db)); } $redirect = 'edit_power.php'; break; case 'Add New Power': // trim and check power to prevent adding blank values $power = trim($_POST['new_power']); if ($power != '') { // escape incoming value $power = mysql_real_escape_string($power, $db); // create new power $query = 'INSERT IGNORE INTO comic_power (power_id, power) VALUES (NULL, "' . $power . '")'; mysql_query($query, $db) or die (mysql_error($db)); } $redirect = 'edit_power.php'; break; default: $redirect = 'list_characters.php'; } header('Location: ' . $redirect); ?> |
|||||||