dre Posted February 13, 2007 Share Posted February 13, 2007 hey, i aint to sure where im going wrong with this so if any body can be kind enough to help i would gratly appriciate it! i have a database of phones and i want the user to be able to delete the chosen model by entering the phone id. <form name="form3" method="post" action=""> <input type="text" name="texto"> <?php $db = mysql_connect("localhost", "project", "ramix"); mysql_select_db("phone",$db); if($_POST["d1"]=="delete") $query= "DELETE FROM phone_details WHERE phone_id='$texto'"; $result = mysql_query( $query ); ?> <input type="submit" name="d1" value="delete"> </form> Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted February 13, 2007 Share Posted February 13, 2007 vulnerable to sql injection... <form name="form3" method="post" action=""> <input type="text" name="texto"> <?php $db = mysql_connect("localhost", "project", "ramix"); mysql_select_db("phone",$db); if($_POST["d1"]=="delete") $query= "DELETE FROM phone_details WHERE phone_id='{$_POST['texto']}'"; $result = mysql_query( $query ); ?> <input type="submit" name="d1" value="delete"> </form> Quote Link to comment Share on other sites More sharing options...
dre Posted February 13, 2007 Author Share Posted February 13, 2007 sorry i dont get you? Quote Link to comment Share on other sites More sharing options...
simcoweb Posted February 13, 2007 Share Posted February 13, 2007 That's some goofy code. There's no 'action' defined in your form. The php code should be either ahead of your HTML or in a separate file even, depending upon how you want the form to work. It can either submit to itself or submit to another page that parses the input. You also need to declare your 'texto' variable like this: $texto = $_POST['texto']; just above your mysql info. Quote Link to comment Share on other sites More sharing options...
genericnumber1 Posted February 13, 2007 Share Posted February 13, 2007 if you do action="" it will submit to itself, simcoweb. it doesn't really matter where he puts the parsing part either, though in the middle of the form is kind of a weird place Quote Link to comment Share on other sites More sharing options...
dre Posted February 13, 2007 Author Share Posted February 13, 2007 lol...forgive me...i literally started to learn this yesterday! so apart form declaring the "texto" what else is needed?? Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 13, 2007 Share Posted February 13, 2007 $result = mysql_query( $query ) or die(mysql_error()); will give you an error if it doesn't work. Quote Link to comment Share on other sites More sharing options...
dre Posted February 13, 2007 Author Share Posted February 13, 2007 ok....got it thanks all!! Quote Link to comment Share on other sites More sharing options...
simcoweb Posted February 13, 2007 Share Posted February 13, 2007 genericnumber1, thanks for pointing that out. The comment was to invoke a sense of the proper way to write code so it's clear and concise. Personally i've never seen any of the guru's in here leave the action field empty. Quote Link to comment Share on other sites More sharing options...
emehrkay Posted February 13, 2007 Share Posted February 13, 2007 your query looks fine, does $texto hold any value add echo $query after to run it just to see what happens - also do what jesi says Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.