1

I am trying to create a button, that after inserting the name of a user in my forum it deletes him from the data base (this goes in to the backoffi, for kicking people), this is the code i got:

<?php
include 'connect.php';
include 'header.php';

echo '<h2>Command Center</h2>';
if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 1 )
{

    echo 'Desculpa, mas nao tens previlegios para aceder a esta pagina.';
}
    if($_SERVER['REQUEST_METHOD'] != 'POST')
    {

        echo '<form method="post" action="">
            Nome do user a apagar: <input type="text" name="user_name" /><br />     
            <input type="submit" value="KICK THE BASTARD" />
         </form>';
    }
    else
    {

        $sql = "DELETE FROM users(user_name)
           VALUES('" . mysql_real_escape_string($_POST['user_name']) . "')";
        $result = mysql_query($sql);
        if(!$result)
        {
            echo 'Erro ao criar!' . mysql_error();
        }
        else
        {
            echo 'Categoria adicionada com sucesso!.';
        }
    }


include 'footer.php';
?>

But i cant seem to get it to work, this is maybe a rather simple question but i can't get around it.

Improve this question
2
  • can you elaborate on "can't seem to get it to work"? what doesn't work, do you get any errors, what is the expected result where does it fail? Commented Aug 22, 2015 at 19:34
  • Sorry for not being very clear, i get this message on the localhost:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(user_name) VALUES('Pads')' at line 1 Commented Aug 22, 2015 at 19:35

2 Answers 2

Reset to default
2

Change your query:

 $sql = "DELETE FROM users 
         where user_name = 
       '" . mysql_real_escape_string($_POST['user_name']) . "'";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This should work and also protect you from the unautorised access (your code let's anyone delete users).

<?php
include 'connect.php';
include 'header.php';

echo '<h2>Command Center</h2>';
if($_SESSION['signed_in'] == false || $_SESSION['user_level'] != 1 )
{
    echo 'Desculpa, mas nao tens previlegios para aceder a esta pagina.';
    exit;
}


if($_SERVER['REQUEST_METHOD'] != 'POST')
{

    echo '<form method="post" action="">
        Nome do user a apagar: <input type="text" name="user_name" /><br />     
        <input type="submit" value="KICK THE BASTARD" />
     </form>';
}
else
{

    $sql = "DELETE FROM users 
        WHERE user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'";
    $result = mysql_query($sql);
    if(!$result)
    {
        echo 'Erro ao criar!' . mysql_error();
    }
    else
    {
        echo 'Categoria adicionada com sucesso!.';
    }
}


include 'footer.php';
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.