jmrothermel Posted March 1, 2008 Share Posted March 1, 2008 Heres the situation. Im using the following code: if($a == 'delete') { $id = $_POST['id']; $delete = mysql_query("DELETE FROM `adminrecord` WHERE `id`='$id'"); if($delete) { print "Record Deleted! <a href='chartview.php'>Return to Admin Chart</a>"; } else { print mysql_error(); } } And when I click the correct link I get the confirmation page. Record Deleted! etc etc etc but it doesnt really delete it from the database. Any suggestions? Thank you for all your help everyone - this site has gotten me through alot the past few days! Quote Link to comment Share on other sites More sharing options...
ILYAS415 Posted March 1, 2008 Share Posted March 1, 2008 try... if($a == 'delete') { $id = $_POST['id']; mysql_query("DELETE FROM `adminrecord` WHERE `id`='$id'") or die (mysql_error()); print "Record Deleted! <a href='chartview.php'>Return to Admin Chart</a>"; } 1second your code in insecure asweel vunerable to sql injection Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted March 1, 2008 Share Posted March 1, 2008 From the php manual for mysql_query - Return Values ... For other type of SQL statements, UPDATE, DELETE, DROP, etc, mysql_query() returns TRUE on success or FALSE on error. Use ... mysql_affected_rows() to find out how many rows were affected by a DELETE, INSERT, REPLACE, or UPDATE statement. Your query is not failing but is probably not affecting any rows. You should check the mysql_affected_rows() value in the code to make sure before echoing the "Record Deleted!" message. You should build your query into a string variable and then echo it to see what it actually contains and then make sure that the value in $id actually exists in the database. Quote Link to comment Share on other sites More sharing options...
ILYAS415 Posted March 1, 2008 Share Posted March 1, 2008 Heres a modified version of your script to check if that id exists... if($a == 'delete') { $id = $_POST['id']; if (is_numeric($id) == false){ //PROVIDES SOME SECURITY print "Invalid Id"; }else{ $check= mysql_query("SELECT * FROM adminrecord WHERE `id`='$id'"); $check_num= mysql_num_rows($check); if ($check_num == "0"){ print "Record could not be found"; }else{ mysql_query("DELETE FROM `adminrecord` WHERE `id`='$id'") or die (mysql_error()); print "Record Deleted! <a href='chartview.php'>Return to Admin Chart</a>"; }}} Quote Link to comment Share on other sites More sharing options...
jmrothermel Posted March 1, 2008 Author Share Posted March 1, 2008 That script worked ILYAS415. I must have had something wrong - but when I used your modified code it worked fine. Thank you soooooooooooooooo much! Quote Link to comment Share on other sites More sharing options...
ILYAS415 Posted March 1, 2008 Share Posted March 1, 2008 hehe lol thats because your $_POST your thing. try changing $_POST['id'] to $_GET['id'] oo just realised uve got it working. np Quote Link to comment Share on other sites More sharing options...
jmrothermel Posted March 1, 2008 Author Share Posted March 1, 2008 LOL I saw that too and changed it quick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.