• 0

MYSQL query doesnt work HELP NEEDED


Question

In the following code I try delete a record from my database but it doesnt work... I dont know why

Thank you in advance

 

<?php
	ob_start();
	session_start();
	require_once 'dbconnect.php';

	// it will never let you open index(login) page if session is set
	if ( !isset($_SESSION['user']) ) {
		header("Location: home.php");
		exit;
	}

	$error = false;

	if( isset($_POST['submit']) ) {

		if(empty($_POST['ID'])){
			$error = true;
			$emailError = "Please enter an ID ";
		}

		// prevent sql injections clear user invalid inputs
		$ID = trim($_POST['ID']);
		$ID = strip_tags($ID);
		$ID = htmlspecialchars($ID);

				if (!$error) {

			$result=mysqli_query($conn,"SELECT  userName, userEmail , userPass FROM users WHERE userName='$ID'");
			$row=mysqli_fetch_array($result);
      $Count=  mysqli_num_rows($result);
			if($Count ==1) {
				$result=mysqli_query($conn,"DELETE * FROM users WHERE userName='$ID'");
				$row=mysqli_fetch_array($result);
	      $errMSG="User Deleted!";
			} else {
				$errMSG = "User doesnt exist";
			}

		}

	}
?>

 

Edited by GeekInside
Link to comment
https://www.neowin.net/forum/topic/1356812-mysql-query-doesnt-work-help-needed/
Share on other sites

2 answers to this question

Recommended Posts

  • 0

Your syntax is invalid, you shouldn't be specifying fields in a delete query, change:

 

$result=mysqli_query($conn,"DELETE * FROM users WHERE userName='$ID'");

to:

 

$result=mysqli_query($conn,"DELETE FROM users WHERE userName='$ID'");

 

As a side note... you're still vulnerable to SQL injection, please look up parameterized queries or at the very least use mysqli_real_escape_string, htmlspecialchars isn't protecting you.

  • 0
1 hour ago, ZakO said:

Your syntax is invalid, you shouldn't be specifying fields in a delete query, change:

 


$result=mysqli_query($conn,"DELETE * FROM users WHERE userName='$ID'");

to:

 


$result=mysqli_query($conn,"DELETE FROM users WHERE userName='$ID'");

 

As a side note... you're still vulnerable to SQL injection, please look up parameterized queries or at the very least use mysqli_real_escape_string, htmlspecialchars isn't protecting you.

Thank you I managed to do it... and yes Im working now on the prepared statements. Thank you so much :)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.