1

I have a mysql data table that holds user information such as name,department,extension and phone number

Now I have a delete query that deletes a user based on the extension number the admin enters.

It was working yesterday and I have not changed a thing so I have no idea what could be wrong.

According to my code it must delete the user and then display the table. Now it does all that but the user still exists.

<?php
error_reporting(0);
require ("database.php");
session_start();
if (!isset($_SESSION['CheckLogin'])) { header("Location: login.php"); }
if($_POST['action'])
{
    $this_user_ext =$_GET['extension'];
    // sending query
    mysql_query("DELETE FROM users WHERE extension = '$this_user_ext'")
        or die(mysql_error());
    include('maildelete.php');
    $extension=$_POST['extension'];
    header("Location: index.php");
}
?>
<center>
    <form action="" method="post">
        Enter 4 Digit Extension Number :
        <br>
        <input type="text" name="extension">
        <br>
        <h2>
            <input type="submit" name="action" value="Delete Extension">
            <br>
        </h2>
        <h3>
            <a href="index.php"> Main Menu </a>
        </h3>
    </form>
</center>
Improve this question
4
  • 6
    don't use deprecated+removed version mysql_*. turn to mysqli_* or PDO along with prepared statements Commented Feb 21, 2017 at 6:49
  • You are posting in POST method and Receiving in GET Method. Commented Feb 21, 2017 at 6:51
  • 1
    You are wide open to SQL Injections and should really use Prepared Statements instead of concatenating your queries. Specially since you're not escaping the user inputs at all!. You can use Prepared Statements when you stop using the deprecated and insecure mysql_*-api and start using MySQLi or PDO. Commented Feb 21, 2017 at 6:51
  • Try POST Instead of GET $this_user_ext =$_POST['extension']; Because your form method is post. Commented Feb 21, 2017 at 6:52

3 Answers 3

Reset to default
4

You have used POST method but you are using $_GET so

change $this_user_ext =$_GET['extension']; to $this_user_ext =$_POST['extension'];

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Inside your form's tag having a method POST. You're sending the POST request, not the GET request. Use this code instead $this_user_ext = $_POST['extension'];

Improve this answer

Comments

0 
 <?php
error_reporting(0);
require ("database.php");

session_start();
if (!isset($_SESSION['CheckLogin'])) { header("Location: login.php"); }



    if($_POST['action'])
{

$this_user_ext =$_POST['extension'];

    // sending query
    mysql_query("DELETE FROM users WHERE extension = '".$this_user_ext."'")
    or die(mysql_error());


include('maildelete.php');

$extension=$_POST['extension'];

header("Location: index.php");
}
?>
<center><form action="" method="post">
Enter 4 Digit Extension Number :<br><input type="text" name="extension">
<br><h2><input type="submit" name="action" value="Delete Extension">
<br></h2>
<h3>
<a href="index.php"> Main Menu </a>
</h3>
</form>
</center>

I hope U got it :) Enjoy..

Improve this answer

1 Comment

A good answer includes an explanation, not just a bunch of code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.