sigmahokies Posted November 19, 2015 Share Posted November 19, 2015 (edited) Hi everyone, I don't understand why MySQL won't do execute query to delete record in phpmyadmin. I made a script in PHP, what did I do wrong? First page: <?php session_start(); if ($_SESSION['user']) { echo "<p>You are logging in as ".$_SESSION['user']." <a href='logout.php'>Log out</a></p>"; } else { header('location:denied.php'); } require('require.php'); ?> <!doctype html> <html> <head> <title>Delete your member's information</title> <link href="rcd.css" rel="stylesheet" type="text/css"> <link href="submit.css" rel="stylesheet" type="text/css"> </head> <body> <center> <p>Are you sure you want to delete this member's information?</p> <form action="delete2.php"> <table> <?php $del = $_GET['delete']; $show = "SELECT * FROM Members WHERE ID = '".$del."'"; $result = mysqli_query($Garydb, $show); if (mysqli_num_rows($result)) { while ($rows = mysqli_fetch_assoc($result)) { echo "<tr><td>First Name: </td><td><input type='text' value='".$rows['FirstName']."'></td></tr>"; echo "<tr><td>Last Name: </td><td><input type='text' value='".$rows['LastName']."'></td></tr>"; echo "<tr><td>Birth Month: </td><td><input type='text' value='".$rows['Month']."'></td></tr>"; echo "<tr><td>Email: </td><td><input type='text' value='".$rows['Email']."'></td></tr>"; echo "<tr><td>Local: </td><td><input type='text' value='".$rows['Local']."'></td></tr>"; echo "<tr><td colspan='2'><a href='delete2.php?delete2=".$rows['ID']."' style='font-size:20px;'>Delete Member's Information</a></td></tr>"; } } ?> </table> </form> <p><a href="register.php">Return to register page</a></p> </center> </body> </html> Second Page <?php session_start(); if ($_SESSION['user']) { echo $_SESSION['user']; }else { header('denied.php'); } require("require.php"); if ($_GET['delete2']) { $delete = $_GET['delete2']; } if ($delete) { $del = "DELETE * FROM Members WHERE ID = '".$delete."'"; mysqli_query($Garydb, $del); } ?> <!doctype html> <html> <head> <title>Deleted</title> </head> </html> Edited November 19, 2015 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
Barand Posted November 19, 2015 Share Posted November 19, 2015 Try a bit of debugging. Examine the content of the error message given by mysqli_error() after executing the delete query Quote Link to comment Share on other sites More sharing options...
Psycho Posted November 19, 2015 Share Posted November 19, 2015 Your query is malformed $del = "DELETE * FROM Members WHERE ID = '".$delete."'"; There is no field list for a delete query, e.g. the * Try this: $del = "DELETE FROM Members WHERE ID = '".$delete."'"; Also, your code is full of security risks - particularly with SQL Injection. You should spend some time learning some best practices. Quote Link to comment Share on other sites More sharing options...
sigmahokies Posted November 19, 2015 Author Share Posted November 19, 2015 Psycho, are you telling me that I have to put mysqli_real_escape_string and stripalashes in session and execute SQL all times to protect? Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted November 19, 2015 Share Posted November 19, 2015 You should use prepared statements. Manual escaping with mysqli_real_escape_string() is too error-prone (as you can see), and stripslashes() has nothing to do with security. It's a leftover from the early days of PHP when “Magic Quotes” still existed. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.