current community

your communities

more stack exchange communities

Stack Exchange
tour help
careers 2.0
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I've recently made a PHP, that should; if click a link delete a certain row within one of my MYSQL tables.

The script below has everything but the link [href=delete_ac.php?id etc...] leads to the page but when the page activates it echo ERROR instead of deleting the row.

 <h1>Members</h1> 
        <table> 
            <tr> 
                <th>ID</th> 
                <th>Username</th> 
                <th>E-Mail Address</th> 
                <th></th>
            </tr> 
            <?php foreach($rows as $row): ?> 
                <tr> 
                    <td><?php echo $row['id']; ?></td> 
                    <td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td> 
                    <td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td> 
                    <td><a href="delete_ac.php?id=<?php echo $row['id']; ?>">delete</a></td> 
                </tr> 
            <?php endforeach; ?> 
        </table>

delete_ac.php The script below is what should delete it but it isn't

<?php

    require("../php/bp-connectionAdmin.php");

    $id=$_GET['id'];

    $query = "DELETE FROM `users` WHERE `id` = $id";
    $result = mysql_query($query);

   if ($result) {
        echo "Successful";
   } else {
        echo "ERROR";
   }
?>
share|improve this question
    
echo out mysql_error() after mysql_query and see what the error is. Also you should sanitize your input variables before adding them to queries. –  Patrick Evans Aug 4 '13 at 12:05
1  
You can use mysql_error() to get the actual error from the database, which should give information about what the problem is. Also, please stop using the mysql_* data access library. At least upgrade to mysqli_* or PDO instead. Use these libraries to create prepared statements instead of opening the SQL injection vulnerability that you currently have in your code. –  David Aug 4 '13 at 12:05
1  
Also the reason why you should stop using mysql_* functions is that they are depracted and will be removed in future –  DeiForm Aug 4 '13 at 12:14
    
Check in ../php/bp-connectionAdmin.php where you make a connection, that you selected proper database by mysql_select_db() because you used only table name in your query –  Wilq Aug 4 '13 at 12:20

2 Answers 2

up vote 0 down vote

Is the ID numeric only? Would the addition of quote marks around $id not help?

$query = "DELETE FROM `users` WHERE `id`='$id'";
mysql_query($query);

Not sure...but give it a go!

share|improve this answer
up vote 0 down vote

Put on the line after $query = "DELETE ..

An 

echo "DELETE FROM `users` WHERE `id` = $id";
die;

Then you will see what goes wrong. Personally i would remove the ', assuming that the id=integer, and you will have:

$query = "DELETE FROM users WHERE id=$id";

If not, try that echood query directly in your Database window and you will see what is wrong.

Most probably you should change your line into

 $id=intval($_GET['id']);

which is also much more secure!

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.