paulman888888 Posted May 29, 2008 Share Posted May 29, 2008 Please can you check the code. I always do something wrong but never spot it. <?php mysql_query("DELETE FROM example WHERE id=$_GET[id]"); ?> Thankyou Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/ Share on other sites More sharing options...
Daniel0 Posted May 29, 2008 Share Posted May 29, 2008 What's the problem? The only thing I see is that you're not escaping the variable so it's vulnerable to SQL injections. You can use mysql_real_escape_string() for that since you're using the mysql extension. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552444 Share on other sites More sharing options...
.josh Posted May 29, 2008 Share Posted May 29, 2008 Please can you check the code. I always do something wrong but never spot it. <?php mysql_query("DELETE FROM example WHERE id=$_GET[id]"); ?> Thankyou Do you get any errors? If so, then what? Without that info, I'd say check to make sure your table and column is spelled right (and exist). Is that the full extent of your code? Because if it is, then you need to connect to your database first... Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552448 Share on other sites More sharing options...
PFMaBiSmAd Posted May 29, 2008 Share Posted May 29, 2008 Also, if that is pretty much all your code, without any user authentication and security, someone (or a bot script) could just keep submitting a huge sequence of id's on the end of the URL and delete all your data. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552468 Share on other sites More sharing options...
beansandsausages Posted May 29, 2008 Share Posted May 29, 2008 try : $sql = mysql_query("DELETE FROM example WHERE id=$_GET[id]"); $result = mysql_query($sql); Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552471 Share on other sites More sharing options...
Daniel0 Posted May 29, 2008 Share Posted May 29, 2008 try : $sql = mysql_query("DELETE FROM example WHERE id=$_GET[id]"); $result = mysql_query($sql); No Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552482 Share on other sites More sharing options...
beansandsausages Posted May 29, 2008 Share Posted May 29, 2008 try : $sql = mysql_query("DELETE FROM example WHERE id=$_GET[id]"); $result = mysql_query($sql); No Oh how come? This is the code i use to delete a record and works for me. $id = (int)$_POST['id']; $sql="DELETE FROM `tablw` WHERE `id`={$id} "; $result = mysql_query($sql); Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552488 Share on other sites More sharing options...
PFMaBiSmAd Posted May 29, 2008 Share Posted May 29, 2008 Read and compare the two lines of code you posted with the corresponding two lines of code you actually use. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552491 Share on other sites More sharing options...
Gamic Posted May 29, 2008 Share Posted May 29, 2008 There are security implications with the way in which you are trying to do your delete, but those have been mentioned and I'm going to assume that you'll be dealing with them. <?php $sql ="DELETE FROM example WHERE id=$_GET[id]"; $result = mysql_query($sql); ?> Would become <?php $sql="DELETE FROM example WHERE id={$_GET['id']};"; $result=mysql_query($sql); ?> Please note the curly braces around $_GET['id']. These tell the php parser that this is a variable inside this string. A better approach might be this (depending on which you prefer to look at, although both will have the same result). <?php $sql="delete from example where id=".$_GET['id'].";"; ?> Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552495 Share on other sites More sharing options...
Daniel0 Posted May 29, 2008 Share Posted May 29, 2008 Gamic, FYI, all three options are equally valid. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552499 Share on other sites More sharing options...
beansandsausages Posted May 29, 2008 Share Posted May 29, 2008 Read and compare the two lines of code you posted with the corresponding two lines of code you actually use. Haha i see what you mean my bad, sould read what i type haha sorry again. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552506 Share on other sites More sharing options...
.josh Posted May 29, 2008 Share Posted May 29, 2008 there is nothing syntactically wrong with any of the suggestions...or the OP's posted code. So the only thing we can really do is ask him what he means by "it's not working." Is it insecure? Yes, but that's not the question (unless "it's not working" means it works, but it's not secure, but again, he needs to explain). At face value, all I can say at this point in time is that what he initially posted is in fact his entire code, in which case, I would ask him about connecting to the database first. Quote Link to comment https://forums.phpfreaks.com/topic/107778-mysql-delete/#findComment-552511 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.