i am wanting to build a delete page to use to delete some data from my database.
when i put the id in it works fine but i am wanting it to pull the id from the url
www.example.com/delete.php?id=1234
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = 'DELETE FROM MYTABLE
WHERE created=<?php echo $_GET["id"]; ?>';
mysql_select_db('ely');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
?>
the part im having issues with is this part
WHERE created=<?php echo $_GET["id"]; ?>';
the error i am getting is "Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=' at line 2"
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$id = mysql_real_escape_string($_GET['id']);
$sql = "DELETE FROM MYTABLE
WHERE created='$id'";
mysql_select_db('ely');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
?>
learn quoting!
$sql = 'DELETE FROM MYTABLE
WHERE created=<?php echo $_GET["id"]; ?>';
$sql = 'Delete from MYTABLE WHERE created="'.$_GET['id'].'"';
Next thing is, google for sql-injections, and keep in mind that you should proof if $_GET['id'] is set in time
To concatenate a variable into a string, use the concatenation operator.
But your code is bad for severalreasons.
1: Sanitise your inputs
2: Don't use GET for anything that can change the state of the server, use POST instead.
Here's a story explaining one reason why
try this:
$id = $_GET['id'];
$sql = 'DELETE FROM MYTABLE
WHERE created=' .$id;
"." is used to concatenate the value of the variable $id
As for connecting to a db i suggest you to look up for PDO.
$sql="DELETE FROM MYTABLE WHERE created='".$_GET['id']."'";
Related
I've recently trying to add data into a database, (New to php), I've looked over what other people has with this error but yet still I cannot see where I have gone wrong.
The error is:
Column count doesn't match value count at row 1
Code:
$dbhost = 'localhost';
$dbuser = 'evocityi_admin';
$dbpass = 'password';
$database = 'evocityi_stocks';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $database);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$Dtime = "30/04/16";
$StockName = "FUMUKU";
$FUMUKUPrice = 1000;
$sql = "INSERT INTO stocks".
"(Stock,Price, TimeD) ".
"VALUES ".
"('$StockName,$FUMUKUPrice, $DTime')";
mysql_select_db('evocityi_stocks');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
SQL Database:
https://gyazo.com/e74a6b9e87c18d60855424dcae647cdf
Change the column type for Stock and TimeD to varchar in your table definition. On the link you posted, they are both int.
as suggested by #PaulB12345, change column type to varchar and there is error in quotes.
ideally your query should be like (see quotes after values)
$sql = "INSERT INTO stocks".
"(Stock,Price, TimeD) ".
"VALUES ".
"('$StockName','$FUMUKUPrice', '$DTime')";
Thanks in advance for any help you could bring, I'm really noob on all coding stuffs but this is the situation:
I have a wordpress website focused on Travel Agency Tours and hotels, and I'm working on an extranet system, the idea is that hotel managers will be able to change the price of their rooms, but this extranet works totally apart of wordpress, its a php script, with a different mysql database, so, what I would like to do is that when the price is changed in the extranet, then in wordpress this is going to be also changed in real time, so I'm trying in this way:
I'm planning to insert a php snippet on wordpress editor with a mysql code to get the price from the other database for each hotel and room, so, I'm going to do this for every hotel manually, the problem becomes from the code im trying to use to get that value:
<?php
$dbhost = 'localhost';
$dbuser = 'test_user';
$dbpass = 'pass';
$dbname = 'test_db';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $dbname);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = mysql_query("SELECT `room_price`, FROM `hotel_room_price` WHERE price_id = '1'");
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not get data: ' . mysql_error());
}
while($row = mysql_fetch_array($retval, MYSQL_ASSOC))
{
echo "Room Price :{$row['room_price']} <br> ".
"--------------------------------<br>";
}
echo "Fetched data successfully\n";
mysql_close($conn);
?>
So the result I get in my test.php file with this code is:
"Could not get data: Query was empty"
I'm not sure why is this error, and why is not printing the value I want.
PostData: I really appologize for my english since is not my language, but I'm trying to learn.
and try connection like this
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $conn);
You need to remove coma from your query after room price
//You are running the query twice so use this query
$sql = "SELECT `room_price` FROM `hotel_room_price` WHERE price_id = '1'";
and learn mysqli or PDO as mysql are deprciated and soon going be drop
you have send the query two times...
try this
$sql = "SELECT `room_price`, FROM `hotel_room_price` WHERE price_id = '1'";
$retval = mysql_query( $sql, $conn );
<?php
$dbhost = 'localhost';
$dbuser = 'test_user';
$dbpass = 'pass';
$dbname = 'test_db';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
$db_selected = mysql_select_db($dbname,$conn);
if (!$db_selected) {
die ('Can\'t use test_db : ' . mysql_error());
}
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$sql = "SELECT `room_price` FROM `hotel_room_price` WHERE price_id = '1'";
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not get data: ' . mysql_error());
}
while($row = mysql_fetch_array($retval, MYSQL_ASSOC))
{
echo "Room Price :{$row['room_price']} <br> ".
"--------------------------------<br>";
}
echo "Fetched data successfully\n";
mysql_close($conn);
?>
For select database use mysql_select_db() . you can't pass dbname as an args in mysql_connect()
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname, $conn);
Also if you are learner then learn mysqli or PDO
Note :- mysql_* has been deprecated
you are calling query run two times so change below lines
$sql = mysql_query("SELECT `room_price`, FROM `hotel_room_price` WHERE price_id = '1'");
$retval = mysql_query( $sql, $conn );
to
$retval = mysql_query("SELECT `room_price` FROM `hotel_room_price` WHERE price_id = '1'");
im getting the following syntax error can someone please help!
im guessing it something soooo easy but i have been looking at it for ages and can see what im doing wrong
<?php
if(isset($_POST['delete']))
{
$dbhost = '';
$dbuser = '';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$CourseId = $_POST['CourseId'];
$sql = "DELETE course ".
" WHERE CourseId = $CourseId" ;
mysql_select_db('d11os_projectdb');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
}
else
{
?>`enter code here`
$sql = "DELETE FROM course ". --<-- Missing key word FROM
" WHERE CourseId = $CourseId"
You are missing the table name from the sql query
$sql = "DELETE course FROM **table_name**".
" WHERE CourseId = $CourseId" ;
Trying to insert into database by typing the value in the url, but having difficulties to insert into the database:
Here is the URL:
http://student.cs.hioa.no/~s180343/updatedb.php?verdi=22
Here is the code:
<?php
$dbhost = "MYSQL-SERVER";
$dbuser = "USERNAME";
$dbpass = "";
$verdi = $_GET['verdi'];
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$sql = "INSERT INTO test ('id') VALUES (`$verdi`)";
mysql_select_db('s180350');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>
Use quotes around your string values. Use ticks around your column names. You have it backwards:
$sql = "INSERT INTO test ('id') VALUES (`$verdi`)";
shjould be
$sql = "INSERT INTO test (`id`) VALUES ('$verdi')";
FYI, you are wide open to SQL injections
You are doing reverse i.e. adding '' for column name and `` for the value
$sql = "INSERT INTO test ('id') VALUES (`$verdi`)";
should be
$sql = "INSERT INTO test (`id`) VALUES ('$verdi')";
Start using prepare statement or at least below after conn is defined.
$verdi = mysql_real_escape_string($verdi);
please dont forget to secure all user input into your sql querys. see SQL injection wiki
The problem with your code is wrong use on quotes. See edited code:
$conn = mysql_connect("MYSQL-SERVER", "USERNAME", $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('s180350');
$retval = mysql_query( "INSERT INTO test ('id') VALUES ('".mysql_real_escape_string($_GET['verdi'])"')", $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
PS: Dont use up resources by setting variables you dont need.
Here is the code that causes the error I pasted in the title. I am pretty sure the error comes from the query but cannot figure it out.
The last thing I have tried is the "real escape" function you can see here and that I found as a response in some other questions of the same type; still the same error. I am starting with coding and might just be stupid... anyways, thanks for your help!
<?php
if(isset($_POST['add']))
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'boom';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
if(! get_magic_quotes_gpc() )
{
$emp_name = addslashes ($_POST['emp_name']);
$emp_address = addslashes ($_POST['emp_address']);
$emp_salary = addslashes ($_POST['emp_salary']);
}
else
{
$emp_name = $_POST['emp_name'];
$emp_address = $_POST['emp_address'];
$emp_salary = $_POST['emp_salary'];
}
$sql = "INSERT INTO employee (emp_name,emp_address,emp_salary)
VALUES('".mysql_real_escape_string($emp_name)."','".mysql_real_escape_string($emp_address)." ','".mysql_real_escape_string($emp_salary)." ')";
mysql_select_db('test_db');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
}
else
{
?>
create the column named emp_salary in respective table.
You must not use mysql_ function family as you are more prone to SQL attacks with these.
Either use mysqli or better to use PDO