I have the following DELETE function i've tried to write by hand, from what I've learnt so far, however it doesnt seem to be working and I cant find anything online to see where im going wrong, can anybody see obvious errors?
<?php
if(isset($_POST['int1'])) {
$interest = $_POST['int1'];
mysql_query = ("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID();
}
elseif(isset($_POST['int2'])) {
$interest = $_POST['int2'];
mysql_query = ("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID();
}
elseif(isset($_POST['int3'])) {
$interest = $_POST['int3'];
mysql_query = ("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID();
}
print $interest1 . "<form method='post' action='#'><input type='hidden' value='".$interest1."' name='int1' id='int1'/><input type='submit' value='delete' /></form><br />";
print $interest2 . "<form method='post' action='#'><input type='hidden' value='".$interest2."' name='int2' id='int2'/><input type='submit' value='delete' /></form><br />";
print $interest3 . "<form method='post' acti开发者_开发知识库on='#'><input type='hidden' value='".$interest3."' name='int3' id='int3'/><input type='submit' value='delete' /></form><br />";
?>
Now trying this with no luck...
<?php
if(isset($_POST['int1'])) {
$interest = $_POST['int1'];
$qResult= mysql_query("UPDATE user_interests SET interest = null WHERE interest = $interest and user_id = ". mysql_real_escape_string($usersClass->userID()));
}
elseif(isset($_POST['int2'])) {
$interest = $_POST['int2'];
$qResult= mysql_query("UPDATE user_interests SET interest = null WHERE interest = $interest and user_id = ". mysql_real_escape_string($usersClass->userID()));
}
elseif(isset($_POST['int3'])) {
$interest = $_POST['int3'];
$qResult= mysql_query("UPDATE user_interests SET interest = null WHERE interest = $interest and user_id = ". mysql_real_escape_string($usersClass->userID()));
}
print $interest1 . "<form method='post' action='#'><input type='hidden' value='".$interest1."' name='int1' id='int1'/><input type='submit' value='delete' /></form><br />";
print $interest2 . "<form method='post' action='#'><input type='hidden' value='".$interest2."' name='int2' id='int2'/><input type='submit' value='delete' /></form><br />";
print $interest3 . "<form method='post' action='#'><input type='hidden' value='".$interest3."' name='int3' id='int3'/><input type='submit' value='delete' /></form><br />";
?>
You can't do mysql_query =, as mysql_query() is a function. Try this instead:
$qResult= mysql_query("DELETE " . mysql_real_escape_string($interest) . "FROM user_interests WHERE user_id = " . mysql_real_escape_string($usersClass->userID()));
Plus, you're wide open to SQL injection. You should consider using PDO with prepared queries to avoid this issue. At a minimum, use mysql_real_escape_string() as I show you here.
Might be a typo but not sure what you error is in the first place but for starters you are missing a close ) on all of the mysql_query calls and it would be $result = mysql_query(
$result = mysql_query("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID());
if you wan't to excute it must be:
mysql_query("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID());
btw: doesn't this give a synaxis error?
mysql_query = ("DELETE $interest FROM user_interests WHERE user_id = ". $usersClass->userID();
the first '(' is not clossed
To delete a row in MySQL, you don't specify anything between DELETE and FROM. It should look like this:
DELETE FROM table_name WHERE some_column = some_value
In addition to the other answers, you're not using it correctly. Your $interest shouldn't be there, unless it's one of the keywords. If it's not one of the keywords, the statement should just be delete from ....
If you're looking to change the value of a field (even deleting the contents), you'll need an update statement, instead. Something like UPDATE table SET field1 = null WHERE user_id = $uid.
I'm not sure what $interest is, but it doesn't belong in between DELETE and FROM. DELETE deletes a whole row, not specific parts for a row. mysql_query is a function as well, so you shouldn't have that '=' in there.
Try:
mysql_query('DELETE FROM user_interests WHERE user_id = '. $usersClass->userID();
Also, I'm not sure I agree with the comments saying you're vulnerable to sql injection, if the end user can control what is sent in their user ID, then you'll be fine. Just so long as you don't put that $interest variable anywhere in your query.
Regarding your new code, you'll want to escape $interest this time, it's something the user is submitting. If $interest or userID are non-numeric or begin with leading 0s, you need to put single quotes around them. I'd also try printing $usersClass->userID(), it might not be returning what you expect.
Ive finally found the problem, Firstly I used 'or die()' to see where I was going wrong (I SHOUDL ALWAYS DO THIS!)
I then received the error 'unknown column in where clause' which led me to add '' around my var, the final query is...
$qResult= mysql_query("DELETE from user_interests WHERE interest = '" . mysql_real_escape_string($interest) . "' and user_id = " . $usersClass->userID());
if(! $qResult )
{
die('Could not delete data: ' . mysql_error());
}
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论