please i am trying to delete from a table and sending the id through a “get variable”, but it is not sending the values which means i cant transfer the values to the delete page.please help me have a look
<?
$connect = mysql_connect('localhost','xxxxxx','xxxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());
$pplresult = mysql_query("SELECT * FROM repplac");
echo "<table border='1'><tr><th> SHOP NAME</th><th> PRODUCT NAME</th><th> PRODUCT SIZE</th><th> PRODUCT COLOUR</th><th> PRODUCT QUANTITY</th><th> PRICE</th><th> </th></tr>";
while($row = mysql_fetch_assoc($pplresult)){
echo "<tr><td>" .$row['Sname'] ."</td><td>" .$row['Pname'] ."</td><td>" .$row['Psize'] ."</td><td>" .$row['Pcolour'] ."</td><td>" .$row['Pquantity'] ."</td><td>" .$row['Price'] ."</td><td>" ?>
<a href="deleteproduct.php?del=$row['Pidno']">delete</a></td></tr><?php }
// table closing tag
echo"</table>"
?>
<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";
//open database
$connect = mysql_connect('localhost','xxxxxxx','xxxxxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());//select database
$queryreg = mysql_query("
DELETE FROM pplac where pidno = {$rowdelete} LIMIT 1
");
?>
Check the link in the HTML code of the page in your browser. What do you see?
checked it but discovered that a escaped php tag, was before the link, so its been rectified guido, thanks
guido, for the delete scripts itself, its giving this error
Unknown column ‘t555’ in ‘where clause’
<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";
//open database
$connect = mysql_connect('localhost','xxxxxxx','xxxxx') or die('error connecting: ' . mysql_error());
mysql_select_db('reachea2_registeringmembers')or die('error selecting db: ' . mysql_error());//select database
$delete = mysql_query("DELETE FROM repplac where pidno = {$rowdelete}");
if (mysql_affected_rows() == 1){
echo "yeah";
}else die(mysql_error());
?>
Immerse
January 12, 2012, 11:35am
5
You need to enclose variable values in apostrophes when executing queries, otherwise MySQL will think it’s a column name:
$delete = mysql_query("DELETE FROM repplac where pidno = '{$rowdelete}'");
p.s. you need to read up about escaping variables to send to queries, as I could drop your entire database using this! http://php.net/manual/en/function.mysql-real-escape-string.php
thanks immerse, will read, and correct all posibble pitfall before continuing the work.thanks
Awesome!
Let us know if you need something explaining or help with securing your script
String values, yes. Numeric values, no. In this case it’s a string value, so yes
@guido2004 ; Yes, good point!
i am having this error warning
Warning: Wrong parameter count for mysql_query() in /home/reachea2/public_html/deleteproduct.php on line 8
i guess its because i have assigned the string to a variable $rowdelete, so ow will i correct that please
<?php require_once("include/dataconnect.php");?>
<?php require_once("include/functions.php");?>
<?php
$rowdelete = $_GET['del'];
//echo "$rowdelete";
$delete = mysql_query("DELETE FROM repplac where pidno = '{$rowdelete}'",
mysql_real_escape_string($pidno),
mysql_real_escape_string(${$rowdelete}));
if (mysql_affected_rows() == 1){
//echo "yeah";
redirect_to('youraccount.php');
}else die(mysql_error());
?>