Delete Customer Records PHP Script
The scripts in the two link groups below are Customer Apps for Dealing with Product Keys and Email Addresses, and Administrator Apps for Dealing with Customer Records.
In our ecommerce world, products are sold by many different methods. Amongst these are getting out demos in various ways and when people try them, some of them are very pleased and they buy what's called a key. This unlocks the full feature set of the product when they enter it. There is a need to give the product users limited access to perform a few functions such as changing their emails, retrieving their keys from our database when they misplace them, etc. There is also a need for administrative functions to manage customer records. One needs to sort them, edit them, delete them, add them, view them, search them, register to be an administrator, login as administrator, etc.
If an ecommerce company does not have any of the applications below, it is forced to perform them the 20th century ways—by hand. This means paying for people to answer phones, write emails, keep paper files of customers, etc. The 21st century way is to let software perform these tasks, let websites and videos explain the product features, and let ecommerce close the sale and send the product.
Feel free to use these free Customer Records Management scripts in your business. Note: we know they work well for us (they are well tested), but we assume no liability for how they work in your situation. Similarly, we added lots of security measures such as extensive input filtering, but we make no claims and assume no liability for how securely they work in your situation.
The best security measure to take when using the administrative part of a system like this (meaning the Administrator Apps for Dealing with Customer Records in which category the script below resides, not the Customer Apps for Dealing with Product Keys and Email Addresses) is do not have any links ANYWHERE that link to the URLs of any of the admin files on the server, so neither hackers nor Google finds them. Then use the admin CMS yourself but do not even let your momma use it. Don't even save the link to the admin login as a Favorite, just to be secure. Just stick the login username and password in Roboform and make them impossible to guess. Then use Roboform to logon. The Customer Apps are included online and linked to as part of the product web pages that make life easier for everyone. Their security is mainly handled via extreme input filtering. The Admin Apps like the one below are hidden, unlinked to, and well protected with security measures, password hashes and salts, etc.
This script is called delete-customer-records.php
Customer Apps for Dealing with Product Keys and Email Addresses
- Customer Email Address Change Form
- Customer Email Address Change Form PHP Script
- Customer Product Key Retrieval Request Form
- Customer Product Key Retrieval Request Form PHP Script
- Customer Form — We Manually Search for Your Key If You Lost Your Key During the Week You Ordered
- Customer Form — We Manually Search for Your Key If You Lost Your Key During the Week You Ordered PHP Script
- Customer Form — We Manually Search for Your Key
- Customer Form — We Manually Search for Your Key PHP Script
Administrator Apps for Dealing with Customer Records
- Customer Records Management PHP Script
- Sort Customer Records by Name PHP Script
- Sort Customer Records by Email PHP Script
- Add Customer Records PHP Script
- Delete Customer Records PHP Script
- Edit Customer Records PHP Script
- View Customer Records PHP Script
- Login to Customer Records Management PHP Script
- Logout of Customer Records Management PHP Script
- Register with Captcha to Administer Customer Records PHP Script
- Register with Captcha to Administer Customer Records PHP Captcha Script
- Check ID for Customer Records Management PHP Script
- Display Emails and Names (for spreadsheet use) PHP Script
The script delete-customer-records.php processes both input data from the administrator, and also session data, which it merely checks out to ensure that the administrator using the script started a session in the login script and defined the proper session variables. The PHP script below gives the administrator a chance to delete records in the db table.
The script begins with checking that the session id is set, sending users to register-with-captcha-for-customer-records-management.php from checkid-in-customer-records-management.php if it is not, but not before unsetting session variables and destroying the session. The session variable $_SESSION['username'] must be set and 6 characters or more, and the session variables $_SESSION['sessionid'] and $_SESSION['userid'] must also be set or the administrator gets a message "Please login." and is sent to the login script login-to-customer-records-management.php which is where the session variables get loaded. The config.php file is included after the defined constant _NODIRECTACCESS gets defined. This gets checked on in the configuration file, and if it is not defined in that file, access to the file is denied. The config.php file uses the defined() function to check whether a given named constant exists. The various scripts that use config.php all use the define() function to define a named constant
named '_NODIRECTACCESS' just prior to including config.php. This protects against anyone using the config.php file without first naming that constant with the define() function—a wise security precaution.
The script gets POSTed input from the administrator in the form of the flag that shows the form was submitted and the id of the record that the administrator has decided to delete from the MySQL table "product"—you will need to rename this table, obviously.
Next we check that the form was submitted ($A) with an inputted id number ($id) greater than 0. If so, we delete the user record with that id, using the DELETE FROM statement. Then the mysql_affected_rows() function checks if the deleting succeeded. A message displays the success or failure of the operation before we are sent back to the administrator's navigation page. Then we use the
mysql_close() function to close the connection to the database which was opened by config.php near the start of the script.
Now, we come to the id entry form. This record id number is found by first going to the search page (which is this page View Customer Records PHP Script with Ctrl F instructions) and locating the record you wish to delete by any of the following methods, after which you are ready for the Delete page:
- since records needing deleting are usually fairly recent customers, they will be at or near the top of the page because the View page lists records with highest—most recent—id numbers first, so a quick perusal works
- you will likely know one of the customer's email addresses; use Ctrl F and search for that and use F3 to ascertain there are no other records with that email address
- you will likely know the customer's last name; use Ctrl F and search for that and use F3 to ascertain there are no other records with that last name
- you will likely know one of the customer's product key numbers; use Ctrl F and search for that and use F3 to ascertain there are no other records with that product key number
- scroll through looking—not as much fun as Ctrl F!
There is an interesting onsubmit event in the form:
onsubmit="return(confirm('Are you sure you want to delete this record?'));"
It uses the JavaScript confirm method. Using confirm in an onsubmit event is a great solution for wanting to ensure the administrator really wants to dump the record. If the administrator clicks OK the deleting happens because the confirm returns logically true. If the administrator clicks Cancel the deleting never happens because the confirm returns logically false. This is about the simplest confirming script imaginable.
There is a link back to the administrator's navigation page so you are not standed in limbo (wherever that is).
This script is called delete-customer-records.php
<?php
include_once"checkid-in-customer-records-management.php";
$U=$_SESSION['username'];
define('_NODIRECTACCESS', TRUE);
include_once"includes/config.php";
if (!isset($_SESSION['userid']) || !isset($_SESSION['username']) || $_SESSION['username']<>$U || !isset($U) || $U=="" || strlen($U)<6 || !isset($_SESSION['sessionid'])){echo '<script language="javascript">alert("Please login."); window.location = "login-to-customer-records-management.php";</script>';}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Delete Customer Records</TITLE>
<meta name="description" content="Delete Customer Records">
<meta name="keywords" content="Delete Customer Records,Customer Records,dump record,delete record,javascript, dhtml, DHTML">
</head>
<body bgcolor="green">
<?php
$A=$_POST['answer'];$id=$_POST['id'];if($A=="1" && $id>0){
$sql="DELETE FROM product WHERE id = '$id'";
$result=mysql_query($sql) or die('Error ,deleting failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The record deleting was successfully accomplished.");window.location ="customer-records-management.php"; </script>';}
else{echo '<script language="javascript">alert("Deleting failed.");window.location = "customer-records-management.php"; </script>';}
mysql_close();
}
?>
<div style='margin:100px 0 0 50px;'>
<form id="form1" name="form1" method="post" action="delete-customer-records.php" onsubmit="return(confirm('Are you sure you want to delete this record?'));">
<table style='padding:20px;background-color:#eee' width="600" border="1" align="center" cellpadding="0" cellspacing="1">
<tr>
<td><input type="hidden" name="answer" value="1"></td>
</tr>
<tr>
<td>This will delete the record of the customer whose id is: <input type="text" name="id" value="">.</td>
</tr>
<tr>
<td align=center><input type="submit" name="Submit" value="Delete Record"></td>
</tr>
<tr>
<td><a href="customer-records-management.php"><B>Return to Customer Records Management—do NOT delete anything!</B></a></td>
</tr>
</table>
</form>
</div>
</body>
</html>