Get variable not sending

lostty84 · January 12, 2012, 9:48am

please i am trying to delete from a table and sending the id through a “get variable”, but it is not sending the values which means i cant transfer the values to the delete page.please help me have a look



<?


$connect = mysql_connect('localhost','xxxxxx','xxxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());

$pplresult = mysql_query("SELECT * FROM repplac");
echo "<table border='1'><tr><th> SHOP NAME</th><th> PRODUCT NAME</th><th> PRODUCT SIZE</th><th> PRODUCT COLOUR</th><th> PRODUCT QUANTITY</th><th> PRICE</th><th> </th></tr>";
while($row = mysql_fetch_assoc($pplresult)){
echo "<tr><td>" .$row['Sname'] ."</td><td>" .$row['Pname'] ."</td><td>" .$row['Psize'] ."</td><td>" .$row['Pcolour'] ."</td><td>" .$row['Pquantity'] ."</td><td>" .$row['Price'] ."</td><td>" ?>
<a href="deleteproduct.php?del=$row['Pidno']">delete</a></td></tr><?php }
	// table closing tag
echo"</table>"
?>


<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";

//open database
$connect = mysql_connect('localhost','xxxxxxx','xxxxxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());//select database


$queryreg = mysql_query("

DELETE FROM pplac where pidno =   {$rowdelete} LIMIT 1

");
?>

DarthGuido · January 12, 2012, 11:15am

Check the link in the HTML code of the page in your browser. What do you see?

lostty84 · January 12, 2012, 11:23am

checked it but discovered that a escaped php tag, was before the link, so its been rectified guido, thanks

lostty84 · January 12, 2012, 11:27am

guido, for the delete scripts itself, its giving this error
Unknown column ‘t555’ in ‘where clause’


<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";

//open database
$connect = mysql_connect('localhost','xxxxxxx','xxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());//select database


$delete = mysql_query("DELETE FROM repplac where pidno = {$rowdelete}");
if (mysql_affected_rows() == 1){
echo "yeah";
}else die(mysql_error());
?>

Immerse · January 12, 2012, 11:35am

You need to enclose variable values in apostrophes when executing queries, otherwise MySQL will think it’s a column name:


$delete = mysql_query("DELETE FROM repplac where pidno = '{$rowdelete}'");

p.s. you need to read up about escaping variables to send to queries, as I could drop your entire database using this! http://php.net/manual/en/function.mysql-real-escape-string.php

lostty84 · January 12, 2012, 11:50am

thanks immerse, will read, and correct all posibble pitfall before continuing the work.thanks

Immerse · January 12, 2012, 1:23pm

Awesome!
Let us know if you need something explaining or help with securing your script

DarthGuido · January 12, 2012, 1:48pm

String values, yes. Numeric values, no. In this case it’s a string value, so yes

Immerse · January 12, 2012, 3:49pm

@guido2004; Yes, good point!

lostty84 · January 13, 2012, 11:31am

i am having this error warning
Warning: Wrong parameter count for mysql_query() in /home/reachea2/public_html/deleteproduct.php on line 8
i guess its because i have assigned the string to a variable $rowdelete, so ow will i correct that please


<?php require_once("include/dataconnect.php");?>
<?php require_once("include/functions.php");?>
<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";
$delete = mysql_query("DELETE FROM repplac where pidno = '{$rowdelete}'",
mysql_real_escape_string($pidno),
 mysql_real_escape_string(${$rowdelete}));
if (mysql_affected_rows() == 1){
//echo "yeah";
redirect_to('youraccount.php');
}else die(mysql_error());
?>