eddieblunt Posted March 18, 2008 Share Posted March 18, 2008 Why won't the following code work? I want to ensure that the logged in user can only delete his/her own stories? and not just type in http://example.com/delete.php?story=1 for example or is there a better way of doing this? <?php include_once('include_fns.php'); $handle = db_connect(); $story = $_REQUEST['story']; $writer = $_SESSION['userid']; $query = "DELETE from stories WHERE id = $story AND writer = $writer"; $result = $handle->query($query); header('Location: '.$_SERVER['HTTP_REFERER']); ?> Link to comment https://forums.phpfreaks.com/topic/96772-mysql-delete-query-problem/ Share on other sites More sharing options...
lemmin Posted March 18, 2008 Share Posted March 18, 2008 What is the problem? Are you getting an error message or is it just not deleting anything? Link to comment https://forums.phpfreaks.com/topic/96772-mysql-delete-query-problem/#findComment-495215 Share on other sites More sharing options...
craygo Posted March 18, 2008 Share Posted March 18, 2008 if either of your fields are varchar fields you need to put your values in single quotes. Good practice to just do it anyway. You can also add LIMIT to it so that only one row gets deleted just in case. $query = "DELETE FROM `stories` WHERE `id` = '$story' AND `writer` = '$writer' LIMIT 1"; Ray Link to comment https://forums.phpfreaks.com/topic/96772-mysql-delete-query-problem/#findComment-495219 Share on other sites More sharing options...
eddieblunt Posted March 18, 2008 Author Share Posted March 18, 2008 Thanks Ray, thats got it!! Link to comment https://forums.phpfreaks.com/topic/96772-mysql-delete-query-problem/#findComment-495230 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.