I know it's bad practice to use tables for users, but ah well, here it is this is to delete a user.


<?php

$user = $_GET['user'];
$sql_a = mysql_query("DROP" .$user. "table IF EXISTS");
$sql_b = mysql_query("DELETE * FROM users WHERE user='$user'");

if($sql_a) {
if($sql_b {
echo "" .$user. "successfully deleted!";
}
}
?>

edit change.

<?php
if( mysql_query( "DELETE FROM `users` WHERE lcase( `user` ) = lcase( '" . htmlentities( $user, ENT_QUOTES ) . "' )" ) )
{
echo( "Jews in the oven." );
}
?>

<?php
$user = $_GET['user'];
$sql_a = mysql_query("DROP `".$user."table` IF EXISTS");
$sql_b = mysql_query("DELETE * FROM `users `WHERE `user` = '".$user."'");
if($sql_a&&$sql_b){
echo $user. " successfully deleted!";
}
?>


OR (like dan did)


<?php
$user = $_GET['user'];
if(mysql_query("DROP `".$user."table` IF EXISTS")&&mysql_query("DELETE * FROM `users `WHERE `user` = '".$user."'")){
echo $user. " successfully deleted!";
}
?>


My only other suggestion would be to make sure that you run some sort of cleaning function on $_GET['user'] before you use it directly in a MySQL query. If not it could lead to major security vulnerabilities.

I already reverted to better coding, not using tables, as it is mainly a waste, and confusing for searches etc.

I already reverted to better coding, not using tables, as it is mainly a waste, and confusing for searches etc.

Well using tables is fine, just not if you have a seperate table for every user.... that becomes a bit ridiculous. Generally what you do is make one 'user' table with certains fields and then every new user is a new row in the table. That way it is much easier to edit fieldnames, keep track of total users and etc.