techiefreak05 Posted August 29, 2006 Share Posted August 29, 2006 ok, i have this to add friend into the database--(not the problem)[code]<?phpif($_POST['friendNew']){mysql_query("INSERT INTO `friends` ( `username` , `friend`)VALUES ('$_SESSION[username]', '$_POST[friendUN]');") or die("<font color=white>There was an error adding friend.</font>");mysql_query("INSERT INTO `friends` ( `username` , `friend`)VALUES ('$_POST[friendUN]', '$_SESSION[username]');") or die("<font color=white>There was an error adding friend.</font>");?><font color="red">Friend Added Successfully!</font><?}?>[/code]and i have this to delete but it DOES NOT WORK, whats wrong??******** CODE THAT HAS SOMETHING WRONG *****************and i have this to delete but it DOES NOT WORK, whats wrong??[code]<?phpif($_POST['delFriend']){$query = mysql_query("SELECT * FROM friends WHERE `username` = '$user'");while ($array = mysql_fetch_array($query)){$to = $array[friend];mysql_query("DELETE FROM `friends` ( `username` , `friend`)VALUES ('$_SESSION[username]', '$to');") or die("<font color=white>There was an error deleting friend.</font>");mysql_query("DELETE FROM `friends` ( `username` , `friend`)VALUES ('$to', '$_SESSION[username]');") or die("<font color=white>There was an error deleting friend.</font>");}}?>[/code]******** (ABOV)^^^^CODE THAT HAS SOMETHING WRONG^^^^ *****************and heres how i echo the users friends..[code]<?php$query = mysql_query("SELECT * FROM friends WHERE `username` = '$user'");while ($array = mysql_fetch_array($query)){$to=$array['friend'];echo "<br><center><b>" .$to. "</b></center>";echo "<a href='sendMessage.php?to=" .$to. "'>-Message " .$to. "-</a> |<a href='getInfo.php?user=" .$to."'> -Get Info-</a> | <a href='http://zycoworld.com/" .$to. "'>-View zPage-</a><br>";?>[/code]The SECOND CODE PIECE IS WHERE IM HAVING PORBLEMS, IT JUST DOESNT WORK!! Quote Link to comment Share on other sites More sharing options...
techiefreak05 Posted August 29, 2006 Author Share Posted August 29, 2006 and HERES THE CODE FOR "delFriend" ....[code]<form action="" method="post"><input type="submit" name="delFriend" value="-Remove Friend-"></form>[/code] Quote Link to comment Share on other sites More sharing options...
Orio Posted August 29, 2006 Share Posted August 29, 2006 You have a mistake with your sql syntax. Delete is on the following format:DELETE FROM table_name WHERE column_name = some_valueSee more [url=http://www.w3schools.com/sql/sql_delete.asp]Here[/url].And you should read about SQL injections, because your script is vulnerable.Orio. Quote Link to comment Share on other sites More sharing options...
techiefreak05 Posted August 29, 2006 Author Share Posted August 29, 2006 like this: ?[code]<?phpif($_POST['delFriend']){$to = $array[friend];mysql_query("DELETE FROM `friends` WHERE `username` = '$_SESSION[username]' AND `friend` = '$to'") or die("<font color=white>There was an error deleting friend.</font>");mysql_query("DELETE FROM `friends` WHERE `username` = '$to' AND `friend` = '$_SESSION[username]'") or die("<font color=white>There was an error deleting friend.</font>");}?>[/code] Quote Link to comment Share on other sites More sharing options...
techiefreak05 Posted August 29, 2006 Author Share Posted August 29, 2006 AAHH !! the code i just posted deleted all my friends !!! - i have a delete button for every friend, and i want to delete only one friend when i click the button Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.