eddieblunt Posted March 18, 2008 Share Posted March 18, 2008 Why won't the following code work? I want to ensure that the logged in user can only delete his/her own stories? and not just type in http://example.com/delete.php?story=1 for example or is there a better way of doing this? <?php include_once('include_fns.php'); $handle = db_connect(); $story = $_REQUEST['story']; $writer = $_SESSION['userid']; $query = "DELETE from stories WHERE id = $story AND writer = $writer"; $result = $handle->query($query); header('Location: '.$_SERVER['HTTP_REFERER']); ?> Quote Link to comment Share on other sites More sharing options...
lemmin Posted March 18, 2008 Share Posted March 18, 2008 What is the problem? Are you getting an error message or is it just not deleting anything? Quote Link to comment Share on other sites More sharing options...
craygo Posted March 18, 2008 Share Posted March 18, 2008 if either of your fields are varchar fields you need to put your values in single quotes. Good practice to just do it anyway. You can also add LIMIT to it so that only one row gets deleted just in case. $query = "DELETE FROM `stories` WHERE `id` = '$story' AND `writer` = '$writer' LIMIT 1"; Ray Quote Link to comment Share on other sites More sharing options...
eddieblunt Posted March 18, 2008 Author Share Posted March 18, 2008 Thanks Ray, thats got it!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.