Deleting from database

[dreampho]

Hi.

 

What am I doing wrong here:

 

mysql_query("DELETE FROM availability WHERE id = '$_POST['id']'");

 

I am able to echo the id but I must be entering the post item incorrectly into the delete string.

 

Can anyone show me my mistake?

 

Thanks

[trq]

One big mistake is that your not sanitising or validating what is within $_POST['id'] before using it within a query. This could quite easily lead to security issues.

 

Other than that, why don't you tell us what it is you expect to happen and what is actually happening?

[dreampho]

Hi. Thanks for getting back to me.

 

Okay, how would I validate? I am a complete newbie.

 

I want the row with the id of the post variable to be deleted. I can echo the post variable, so I know its passing over the correct id, it just doesnt actually delete. I think I have the wrong quotes or something around the post variable.

 

Thanks

[trq]

Take a look at mysql_real_escape_string or in this case, type casting (you'll want to cast to an int).

 

Your quotes are fine, though you don't need quotes around numeric data types. Try some debugging.

 

$id = (int) $_POST['id'];
if (!mysql_query("DELETE FROM availability WHERE id = $id")) {
  trigger_error(mysql_error());
}

[dreampho]

Thank you!