Home/ Questions/Q 6222893
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T08:23:41+00:00

I am working on a custom content management system. I was instructed to do

  • 0

I am working on a custom content management system. I was instructed to do some changes, and this is what I need to do. I need to create a user management page which allows the administrator to delete (or disable his status) a user from the database.

This is my User Management Page:

<?php
$query = 'SELECT author_id, author_email as Email, author_name as Name
        FROM authors
        ORDER BY Name
        LIMIT 0, 30';

$result = mysql_query($query);

?>

<table class="listing">
<thead>
    <tr>
        <td>Author ID</td>
        <th>Author E-Mail</th>
        <th>Author Name</th>
        <th>Delete</th>
    </tr>
</thead>
<tbody>
    <?php
    for ($i = 0; $row = mysql_fetch_array($result); $i++) {
        if ($i % 2 == 0) {
            echo '<tr class="even">';
        } else {
            echo '<tr class="odd">';
        }
        echo "<td>{$row['author_id']}</td>";
        echo "<td>{$row['Email']}</td>";
        echo "<td>{$row['Name']}</td>";
        echo "<td><a href=\"del-user.php?term={$row['author_id']}\" onclick=\"javascript:return confirm('Are you sure you want to delete this user?')\">X</a></td>";
        echo '</tr>';
    }
    ?>
</tbody>
</table>

This is my del-user.php page: 

<?php
include('inc/config.php');
$title = 'Delete Individual User';
include('inc/db.php');
include('inc/header.php');

echo '<h2>Delete</h2>';

if (isset($GET['term'])) {
$query = "DELETE FROM authors WHERE author_id = {$GET['term']} LIMIT 1";
mysql_query($query) or die('Failed to delete user');
echo '<p>User Deleted</p>';
echo '<p>Back to <a href="manage-users.php">Manage Users </>.</p>';
} else {
echo '<p>Tried to Delete: "';
echo ($GET['term']);
echo '"</p>';
echo '<p>Nothing to Delete</p>';    
}

include('inc/footer.php');
?>

I am new to PHP, but this is not working, the author_id value is not being passed to the other page, and it is being left empty. So I cannot delete anything from the del-users.php page.

I’m guessing that this is the problematic part:

echo "<td><a href=\"del-user.php?term={$row['author_id']}\" onclick=\"javascript:return confirm('Are you sure you want to delete this user?')\">X</a></td>";

Anybody knows why this is happening?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Several issues:

    You send data like this:

    del-user.php?term={$row['author_id']}

    So that means that actualy $_GET[‘term’] contains the id.

    You catch the value like this: 

    if (isset($_GET['author_id'])) {
$query = "DELETE FROM authors WHERE author_id = {$_GET['author_id']} LIMIT 1";

    And it is not good, since $_GET[‘term’] contains the id, so you have to fix the lower one to look like this:

    if (isset($_GET['term'])) 
$query = "DELETE FROM authors WHERE author_id = {mysql_real_escape_string($_GET['term'])} LIMIT 1";

    Also you need to expand the select query, since you are not actualy fetching the author_id from the db:

    $query = 'SELECT author_email as Email, author_name as Name, author_id
        FROM authors
        ORDER BY Name
        LIMIT 0, 30';

    Please, escape your variables before you trow them to the database…

    http://php.net/manual/en/function.mysql-real-escape-string.php

    Cheers

    • 0