Display and Delete data from database

Question

I am new to PHP and just wanting to make a basic page where i can see all the users in the database and delete them. I have come this far but it keeps on telling me that I have an i have and Undefined index: user_id and although it tells me that it has deleted the fields it has not deleted anything. Here is my code:

<?php include_once "includes/scripts.php"; ?>
<?php include_once "includes/connect.php";?>
<?php include_once "includes/cms_page_security.php";?>
<div id="cms_container"><br>
    <br>
    <h1>MANAGE USERS<img src="images/three_column_grid_line.png" alt="line"></h1>
    <p class="logout_btn"><a href="admin_cms.php">Back</a></p>
<?php
$tbl="users"; // Table name 
$sql = "SELECT * FROM $tbl";
$result = mysql_query($sql, $connect);
while($rows = mysql_fetch_array($result)){
?>
<?php
echo $rows['user_id'];
echo $rows['user_name'];
echo $rows['user_password'];  
?> 
<a href="delete_user.php?id= <? echo $rows['user_id']; ?>">delete</a>
<?php
}
?>
<?php
mysql_close();
?>
</div><!--cms_container-->
</body>
</html>

The page that it should link to that deletes the query:

<?php include_once "includes/connect.php";?>
<?php
    $tbl="users"; 
    $user_id= $_GET ['user_id'];
    $sql="DELETE FROM $tbl WHERE user_id = '$user_id'";
    $result = mysql_query($sql, $connect);
    if($result){
        echo "Deleted Successfully";
        echo "<BR>";
        echo "<a href='delete.php'>Back to main page</a>";
    }else {
        echo "ERROR";
    }
    ?> 
<?php
mysql_close();
?>

Answer 1

In addition to the other answers:

It looks like this line could be a fatal error, if php short tags aren't enabled:

<a href="delete_user.php?id= <? echo $rows['user_id']; ?>">delete</a>

The php manual says:

*PHP also allows for short tags <? and ?> (which are discouraged because they are only available if enabled with short_open_tag php.ini configuration file directive, or if PHP was configured with the--enable-short-tags option.* http://php.net/manual/en/language.basic-syntax.phptags.php

Answer 2

You really should be using PDO instead. The issue is in the information that you are passing.

The link : <a href="delete_user.php?id= <? echo $rows['user_id']; ?>">delete</a> is looking for an 'id' but you're later looking for 'user_id'

If you change it to <a href="delete_user.php?user_id=<? echo $rows['user_id']; ?>">delete</a>, it should work.

I still strongly suggest you look into PDO instead though, it's much more secure and easier to work with.

Example of PDO Delete

 public function deleteUser($username, $user_id){

    if($this->isAdmin($username) == true){

        $query = $this->db->prepare('DELETE FROM users WHERE user_id = ?');
        $query->bindValue(1, $user_id);

        try{
            $query->execute();
        }catch(PDOException $e){
            die($e->getMessage());
        }
    }else{
        return false;
    }
}

I'm running an extra check to make sure the person who is requesting the deletion is an admin member but you should be able to see the structure

Answer 3

In delete_user.php you must get user_id

$user_id= $_GET ['id'];

because in your <a href="delete_user.php?id= <? echo $rows['user_id']; ?>">delete</a> link GET variable is "id", not "user_id"

Answer 4

Where you are creating your 'Delete' link

<a href="delete_user.php?id= <? echo $rows['user_id']; ?>">delete</a>

You're creating a variable of 'id', but later you look for 'user_id.

Change your link to

<a href="delete_user.php?user_id=<? echo $rows['user_id']; ?>">delete</a>

Answer 5

The SQL query will be successful even if it alters zero rows. You are prefixing your user ids with a space when you are generating your HTML (id= <?), so you aren't matching any rows (since "1" won't be matched by " 1").