Clever Geek Handbook

Controlling an item through an admin account using php

I am new to php. I registered registration on the login page and too. So inside the admin, I wanted to get the member list and remove members that I don't want. So I took the code from the phonebook example code from http: // localhost / xamp and modified it as required. I can get items but cannot remove members. See the code below:

<?php
    require_once('auth.php');

    require_once('../config.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

?>
<html>
    <head>
        <meta name="author" content="Kai Oswald Seidler">
        <link href="../loginmodule.css" rel="stylesheet" type="text/css">
        <title></title>
    </head>

    <body>
        &nbsp;<p>

        <h2><?php echo "User list"; ?></h2>

        <table border="0" cellpadding="0" cellspacing="0">
            <tr bgcolor="#f87820">
                <td><img src="img/blank.gif" alt="" width="10" height="25"></td>
                <td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib1']; ?></b></td>
                <td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib2']; ?></b></td>
                <td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib3']; ?></b></td>
                <td class="tabhead"><img src="img/blank.gif" alt="" width="50" height="6"><br><b><?php echo $TEXT['phonebook-attrib4']; ?></b></td>
                <td><img src="img/blank.gif" alt="" width="10" height="25"></td>
            </tr>

            <?php
                $firstname=$_REQUEST['firstname'];
                $lastname=$_REQUEST['lastname'];
                $phone=$_REQUEST['phone'];


                if($_REQUEST['action']=="del")
                {
                        $result=mysql_query("DELETE FROM members WHERE member_id={$_REQUEST['member_id']}");
                }

                $result=mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
                $i = 0;
                while($row = mysql_fetch_array($result)) {
                    if ($i > 0) {
                        echo "<tr valign='bottom'>";
                        echo "<td bgcolor='#ffffff' height='1' style='background-image:url(img/strichel.gif)' colspan='6'></td>";
                        echo "</tr>";
                    }
                    echo "<tr valign='middle'>";
                    echo "<td class='tabval'><img src='img/blank.gif' alt='' width='10' height='20'></td>";
                    echo "<td class='tabval'><b>".$row['lastname']."</b></td>";
                    echo "<td class='tabval'>".$row['firstname']."&nbsp;</td>";
                    echo "<td class='tabval'>".$row['member_id']."&nbsp;</td>";

                    echo "<td class='tabval'><a onclick=\"return confirm('".$TEXT['userlist-sure']."');\" href='userlist.php?action=del&amp;member_1d=".$row['member_id']."'><span class='red'>[".$TEXT['userlist-button1']."]</span></a></td>";
                    echo "<td class='tabval'></td>";
                    echo "</tr>";
                    $i++;
                }

                echo "<tr valign='bottom'>";
                echo "<td bgcolor='#fb7922' colspan='6'><img src='img/blank.gif' alt='' width='1' height='8'></td>";
                echo "</tr>";


            ?>

        </table>


    </body>
</html>

I didn't edit it correctly and everything looks like it.

Please help me to remove it.

I didn't understand what. $ TEXT ['userlist-button1']., '". $ TEXT [' userlist-sure ']. I also want to enable an approved and rejected radio button in the table for each participant.

How can i do this?

Please if you can help me.

+1


source to share


3 answers


  • This should be a POST via FORM, not an href (GET) link.
  • $ TEXT is obviously an array containing the text you want to print.
  • You need to replace &amp;member_1d

    href with real and real me like &member_id

    .


+1


source


$ TEXT is an array containing all language strings for the selected language. You will find lines defined by unter / lang / yourlanguage.php

All in all, this is not a good example to start coding with IMO.



But I think your application can start working if you make sure there are language files and other included files available and you change this &amp;

member_1d with & member_id

+1


source


An example of a list of items with links to delete:

$query = mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
if(mysql_num_row($query)!= 0){ //only continue if there are members in the database
while($row = mysql_fetch_assoc($query)){ //loop through each row in the database
$member_id = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];

echo '<p>' . $firstname . ' -  <a href="delete_member.php?id='$member_id'">' delete '</a></p>';

}
}

Simple script on delete_member.php to delete a member from the database.

if(isset($_GET['id'])){
$member_id = $_GET['id'];
$query = mysql_query("DELETE FROM members WHERE member_id='$member_id'");
echo '<p>This user was deleted from database</p>';
}

This code is basic to provide an example.

I would rather use a simple form and $ _POST for something like this instead of using $ _GET, which is very vulnerable on this instance.

After receiving the list of participants, use the form with an input field to enter the ID you want to remove.

0


source






More articles:


All Articles