Akenatehm Posted November 26, 2008 Share Posted November 26, 2008 Hey guys, somethings wrong with this syntax, I was just trying and experimenting. I am sure it won't be something big thats wrong with it. Here it is: <?php include "connect.php"; if(isset($_POST['submit'])) { $username=$_POST['username']; $email=$_POST['email']; if(strlen($username)<1) { print "You did not enter a username."; } else { $delete="DELETE FROM users WHERE username = '$username' OR 1=1 OR email = $email"; mysql_query($delete) or die("Could not delete user" . mysql_error()); echo "User Deleted. <A href''<a href=\"home.html\">Click here</a> To Go Home."; } } ?> Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/ Share on other sites More sharing options...
ShiloVir Posted November 26, 2008 Share Posted November 26, 2008 $delete="DELETE FROM users WHERE username = '$username' OR 1=1 OR email = $email"; to... $delete="DELETE FROM `users` WHERE 'username' = $username OR 'email' = $email"; Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699237 Share on other sites More sharing options...
genericnumber1 Posted November 26, 2008 Share Posted November 26, 2008 DELETE FROM users WHERE username = '$username' OR 1=1 OR email = $email ^ deletes all users..... use DELETE FROM users WHERE username = '$username' OR email = '$email' (also note the added quotes around the email) and you should really cleanse input with mysql_real_escape_string() or something similar Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699238 Share on other sites More sharing options...
Akenatehm Posted November 26, 2008 Author Share Posted November 26, 2008 What is cleansing input? Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699239 Share on other sites More sharing options...
ShiloVir Posted November 26, 2008 Share Posted November 26, 2008 It means if someone sneaks a "'" into your textbox, then they can write there own SQL query that could drop, delete, or read your database. Its called SQL Injection and you might want to make your scripts more secure before you get too far into your coding that it would take hours and many errors to get your code secure. Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699241 Share on other sites More sharing options...
genericnumber1 Posted November 26, 2008 Share Posted November 26, 2008 http://www.phpfreaks.com/tutorial/php-security/page3 Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699243 Share on other sites More sharing options...
ShiloVir Posted November 26, 2008 Share Posted November 26, 2008 I really do love this: Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699246 Share on other sites More sharing options...
Akenatehm Posted November 26, 2008 Author Share Posted November 26, 2008 Lol ok. Thanks. Could you maybe help me with the Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699260 Share on other sites More sharing options...
genericnumber1 Posted November 26, 2008 Share Posted November 26, 2008 [quote] Lol ok. Thanks. Could you maybe help me with the Sure, no problem. I would be happy to help you with anything you Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699303 Share on other sites More sharing options...
ShiloVir Posted November 26, 2008 Share Posted November 26, 2008 [quote] Lol ok. Thanks. Could you maybe help me with the Sure, no problem. I would be happy to help you with anything you haha. thats Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699317 Share on other sites More sharing options...
Akenatehm Posted November 26, 2008 Author Share Posted November 26, 2008 Lol sorry about that. What I meant to say was, could you please help me with the correct syntax by applying it to this Delete Script so that I can learn by adapting it to my other scripts. Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699330 Share on other sites More sharing options...
ShiloVir Posted November 26, 2008 Share Posted November 26, 2008 <?php $delete="DELETE FROM `users` WHERE 'username' = ".mysql_real_escape_string($username)." OR 'email' = ".mysql_real_escape_string($email).""; ?> That should work. Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-699473 Share on other sites More sharing options...
Akenatehm Posted November 27, 2008 Author Share Posted November 27, 2008 Ok, thanks heaps. Link to comment https://forums.phpfreaks.com/topic/134312-solved-novice-sql-error/#findComment-700055 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.