Show sourcecode
The following files exists in this folder. Click to view.
public_html/exercises/databas/ovn_db2/admin/
adduser.php
createtable.php
deleteuser.php
edituser.php
deleteuser.php
76 lines ASCII Windows (CRLF)
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Delete User</title>
</head>
<body>
<form action="../home.php" method="get"><button type="submit">Back to home</button></form>
<?php
session_start();
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] != 1) {
die("Access denied.");
}
include('../../dbconnection.php');
if (!$dbconn) {
die("Connection failed: Can't connect to database.");
}
$message = null;
$id = null;
if (isset($_POST['id']) && !empty($_POST['id'])) {
$id = $_POST['id'];
try {
# prepare
$sql = "DELETE FROM users WHERE id=?";
$stmt = $dbconn->prepare($sql);
# the data we want to insert
$data = array($id);
# execute width array-parameter
$stmt->execute($data);
$message .= "<br />User deleted successfully.<br />";
} catch (PDOException $e) {
$message .= $sql . "<br>" . $e->getMessage();
}
} else {
$message .= "<br />";
}
echo $message;
// Ouput table with all posts
/*** The SQL SELECT statement ***/
$sql = "SELECT * FROM users";
$stmt = $dbconn->prepare($sql);
// fetch width column names, create a table
$data = array();
$stmt->execute($data);
$output = "<table><caption>Users:</caption>";
while ($res = $stmt->fetch(PDO::FETCH_ASSOC)) {
$idx = htmlentities($res['id']);
$username = htmlentities($res['username']);
$password = htmlentities($res['password']);
$output .= "<tr>" .
"<td>$idx</td>" .
"<td>$username</td>" .
"<td>$password</td>" .
"<td><form method='post' action=''>" .
"<input type='hidden' name='id' value='$idx'>" .
"<button type='submit'>Delete</button></form></td>" .
"</tr>";
}
$output .= "</table>";
echo "$output";
$dbconn = null;
?>
</body>
</html>