SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Feb 2010
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Deleting a row from a webpage

    I have created a webpage that deletes a record from my phpmyadmin table and a corresponding page to carry out the process. However i receive an error when executed. the following is the delete page: (excluding the obv html =))



    <?php
    include("dbinfo.inc.php");

    $conn = mysql_connect (localhost,$username,$password) or die (mysql_error());
    mysql_select_db("Library");

    $sql= "SELECT * FROM books";
    $result= mysql_query($sql, $conn) or die (mysql_error());

    print " <table> \n";

    print " <tr> \n";
    while ($field = mysql_fetch_field($result))
    {
    print " <th>$field->name</th> \n";
    }
    print " </tr> \n";

    while($row= mysql_fetch_assoc($result))
    {
    print " <tr> \n";
    foreach ($row as $name => $value)
    {
    print " <td>$value</td> \n";
    }
    print " </tr> \n";
    }

    print " </table> \n";
    ?>
    </br>
    <form method="POST" action ="deleteanother.php">
    <p>
    Enter the Book ID to Delete: <input type="text" name="bookid" size="5">
    <input type="submit" value="Delete">
    <input type="reset">
    </p>

    ////////////////////////////////////
    this is the corresponding page:

    <?php
    include("dbinfo.inc.php");
    $conn=@mysql_connect(localhost,$username,$password);
    $rs=@mysql_select_db("Library") or die( "Unable to select database");
    $id=$_POST['bookid'];
    $sql="DELETE FROM books WHERE bookid ='$id'";
    mysql_query($sql)or die("Delete Error: ".mysql_error());
    mysql_close();
    print "Record Removed.\n";
    ?>

    ///////////////////////////////////
    the error i receive once i click the submit button is:

    Delete Error: Unknown column 'bookid' in 'where clause'

    I've shuffled the code around but still cant find the problem, not sure which line is at fault anymore lol. Any help would be much appreciated

    thanks

  2. #2
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    there are no column named 'bookid' in the books table

  3. #3
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should make $id safe, with this code, for example
    PHP Code:
    $id=mysql_real_escape_string($id); 

  4. #4
    SitePoint Member
    Join Date
    Feb 2010
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the column in the books table is Book ID so should i take the space from the column in the table?

    where would i enter then line $id=mysql_real_escape_string($id); ?

    new to php programing ...thanks for the help

  5. #5
    SitePoint Member
    Join Date
    Feb 2010
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thank you very much the delete page works now could you explain the $id=mysql_real_escape_string($id); line please

    thanks again

  6. #6
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it's a long story.
    but you've already put '' single quotes around $id in the query. but you did only half of the job. and and mysql_real_escape_string is the other half.
    Together, '' quotes and mysql_real_escape_string makes your variable safe and invulnerable to attacks or errors.
    If separated, both these actions are useless. Both must be taken together. Forever.

    For the numeric $id there is another way though.
    Just
    $id=int($id);
    and no quotes.

  7. #7
    SitePoint Member
    Join Date
    Feb 2010
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so $sql="DELETE FROM books WHERE BookID =$id=int($id)"; ?

  8. #8
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No.

    This is another long story. To distinguish SQL query from PHP code.
    Many newbies don't understand it.
    Both code fragments I've posted are PHP code. And it has nothing to do in the SQL query

    $id=int($id);
    $sql="DELETE FROM books WHERE BookID =$id";


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •