Jump to content

$_POST, MySQL problem PLZ HELP~~


techiefreak05

Recommended Posts

ok, i have this to add friend into the database--(not the problem)

[code]
<?php
if($_POST['friendNew']){

mysql_query("INSERT INTO `friends` ( `username` , `friend`)
VALUES ('$_SESSION[username]', '$_POST[friendUN]');") or die("<font color=white>There was an error adding friend.</font>");
mysql_query("INSERT INTO `friends` ( `username` , `friend`)
VALUES ('$_POST[friendUN]', '$_SESSION[username]');") or die("<font color=white>There was an error adding friend.</font>");
?>
<font color="red">Friend Added Successfully!</font>
<?
}
?>
[/code]

and i have this to delete but it DOES NOT WORK, whats wrong??

******** CODE THAT HAS SOMETHING WRONG *****************
and i have this to delete but it DOES NOT WORK, whats wrong??
[code]
<?php
if($_POST['delFriend']){
$query = mysql_query("SELECT * FROM friends WHERE `username` = '$user'");
while ($array = mysql_fetch_array($query)){
$to = $array[friend];
mysql_query("DELETE FROM `friends` ( `username` , `friend`)
VALUES ('$_SESSION[username]', '$to');") or die("<font color=white>There was an error deleting friend.</font>");
mysql_query("DELETE FROM `friends` ( `username` , `friend`)
VALUES ('$to', '$_SESSION[username]');") or die("<font color=white>There was an error deleting friend.</font>");
}
}
?>[/code]
******** (ABOV)^^^^CODE THAT HAS SOMETHING WRONG^^^^ *****************

and heres how i echo the users friends..

[code]
<?php
$query = mysql_query("SELECT * FROM friends WHERE `username` = '$user'");
while ($array = mysql_fetch_array($query)){
$to=$array['friend'];
echo "<br><center><b>" .$to. "</b></center>";
echo "<a href='sendMessage.php?to=" .$to. "'>-Message " .$to. "-</a> |<a href='getInfo.php?user=" .$to."'> -Get Info-</a> | <a href='http://zycoworld.com/" .$to. "'>-View zPage-</a><br>";
?>[/code]

The SECOND CODE PIECE IS WHERE IM HAVING PORBLEMS, IT JUST DOESNT WORK!!
Link to comment
Share on other sites

You have a mistake with your sql syntax. Delete is on the following format:
DELETE FROM table_name WHERE column_name = some_value
See more [url=http://www.w3schools.com/sql/sql_delete.asp]Here[/url].

And you should read about SQL injections, because your script is vulnerable.

Orio.
Link to comment
Share on other sites

like this: ?

[code]
<?php
if($_POST['delFriend']){
$to = $array[friend];
mysql_query("DELETE FROM `friends` WHERE `username` = '$_SESSION[username]' AND `friend` = '$to'") or die("<font color=white>There was an error deleting friend.</font>");
mysql_query("DELETE FROM `friends` WHERE `username` = '$to' AND `friend` = '$_SESSION[username]'") or die("<font color=white>There was an error deleting friend.</font>");
}
?>
[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.