want to unfavorite and item from the user's favorite list through php

[learner001]

I have a server script with which i have allowed the user to mark any item as favorite, but i also want another script through which the user can unfavorite the same item if they want and that item should be deleted from their favorite list. I have kept the same table for both favorite and unfavorite code, therefore i have used update query to update the details. For this purpose i have a code, but its not working, as i am new in the programming field would appreciate if someone could provide the correct codes

 
<?php
require_once('config.php');

$favorite = $_REQUEST['favorite'];

    $unfavorite = $_REQUEST['unfavorite'];

    $id=$_REQUEST['id'];

    

$unfavoritedeal=mysql_query("SELECT * FROM favoritedeals where id='".$id."'"); //favoritedeals is the name of the table



if($row=mysql_fetch_array($unfavoritedeal))

     {

     $favorite=$row['favorite'];

     $unfavorite=$row['unfavorite'];

}



$myfavorite=(isset($_REQUEST['favorite'])?$_REQUEST['favorite']:$favorite);

         $myunfavorite=(isset($_REQUEST['unfavorite'])?$_REQUEST['unfavorite']:$unfavorite);

        

$update = mysql_query("update favoritedeals set favorite = '".$myfavorite."', unfavorite = 1 where id = '".$id."'");    



if(unfavorite="1" where id='".$id."')

{

"delete from favoritedeals WHERE id= '".$id."'";

}    





$posts[0]['message'] = 'favorite list updated';

    $selectt = mysql_query("select * from favoritedeals where id = '".$id."'");

    $results = mysql_fetch_assoc($selectt);

    $posts[0]['detail'] = $results;

    header('Content-type: application/json');

    echo json_encode($posts);

?>

[Jacques1]

I think you misunderstand the purpose of this forum. This is no “code repair service” where you leave your broken application and come back later to pick up the fixed version.

 

You fix the code. We might be able to help you with that, but only if you actually tell us what's wrong. No, “doesn't work” is not a sufficient problem description. Since we're not sitting in front of your PC, you need to actually describe what happens when you execute the script and why you think that's wrong.

 

In any case, that part of the code doesn't look good:

if(unfavorite="1" where id='".$id."')

{

"delete from favoritedeals WHERE id= '".$id."'";

}    

What is that weird SQL fragment in the condition? And the DELETE query below never gets executed.

 

Besides that, your code is wide open to SQL injection attacks. Since you happily drop the raw user input into your query strings, you allow anybody to manipulate the queries and access arbitrary data.

 

The mysql_* functions you're using are also obsolete since more than 10 years and will be removed in one of the next PHP releases. Nowadays, we use PDO. The great thing about PDO is that it supports prepared statements to securely pass values to queries. So this can fix your injection problem as well.