deleting delete from database

[zhshero]

i trying to delete messages out of my message database but im not sure if i'm using this code right

or there stuff missing to it :S

 

delete.php

<?php 
require_once('settings.php');
checkLogin('1 2');

$id=$_GET["msgs"];
mysql_query("DELETE messages FROM messages WHERE message_id='$id'");
?>

 

link usages to delete

<a href="delete.php?msgs=<? echo $row['message_id']  ?>">[X]</a>

[zhshero]

i take this code works, but other members, can delete messages that isn't there's how would i go about on making it

so it only delete's there own messages and can't delete others?

[jcbones]

Your query should look like:

mysql_query("DELETE FROM messages WHERE message_id='$id' AND to_user = '$userfinal'");

[zhshero]

i re did it, had to add the userfinal but not sure if I'm using it right

 

<?php 

require_once('../settings.php');
checkLogin('1 2');

$userfinal = get_main_P($_SESSION['user_id']);


$id=$_GET["msgs"];
mysql_query("DELETE FROM messages WHERE message_id='$id' AND to_user = '$userfinal'");
?>

[Pikachu2000]

You should really be sanitizing/validating incoming data before using it in a database query, otherwise you're wide open to SQL injection attacks.