[SOLVED] delete record if password is right

[joshgarrod]

Hi, I know I submitted a thread earlier and marked it as solved but I realised my method only required someone to right click and view source to find the password to enter to delete the record. i have figured a new method but am having trouble sourcing the password for the record I am trying to delete, any ideas?

 

<?php
$con = mysql_connect("serv","usr","pass");
		if (!$con)
			{
			  die('Could not connect: ' . mysql_error());
			 }

			mysql_select_db("db", $con);

$id=$_POST['id_delete'];
$password_entered = $_POST['password_entered'];

$query = ("SELECT password from classifieds WHERE ref'$_POST[id_delete]'");

$result = mysql_query($query);

while($row = mysql_fetch_array($result))
{
$hidden_password = $row ['password'];


if ($password_entered == $hidden_password)
{

mysql_query("DELETE from classifieds where ref='$_POST[id_delete]'");

mysql_close(); 

header("location:thankyou.html"); 
exit();
}
else
{
header("location:error.html"); 
exit();
}
}
?>

 

This is the error I get:

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\source\of\files\delete_caravan.php on line 18

[gevans]

The problems in your query syntax;

 

$query = ("SELECT password from classifieds WHERE ref'$_POST[id_delete]'");

 

should be

 

$query = ("SELECT password from classifieds WHERE ref = '".$_POST['id_delete']."'");

 

Also this will give you a better isight into the error;

 

$result = mysql_query($query) or die(mysql_error());

[joshgarrod]

thanks for your help, works just as it should now!