Reputation: 245
SQL Syntax error when deleting row
Ok, so I basically have an HTML form that consists of a hidden input and a submit button. When the button is pressed it will remove a specific row in my MySQL table. The code all actually does the function it should. However, I keep getting a syntax error displaying when I run it. Once I get the error, if I go back the row is gone, which is what I want. I am just not sure how to make it redirect after running like it should, rather than getting the error.
The error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Line 1 seems fine to me (hence the confusion).
The PHP code that is running(campaignPostDelete.php):
<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$postID = $_POST['postID'];
$delete = mysqli_query($con,"DELETE FROM posts WHERE postID=" . $postID);
if (!mysqli_query($con,$delete))
{
die('Error: ' . mysqli_error($con));
}
header("Location: index.php");
die();
mysqli_close($con);
?>
the HTML form with PHP in case it's needed:
<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$campaignID = $_SESSION['campaignID'];
$result = mysqli_query($con,"SELECT posts.postID, posts.postDate, posts.postName, posts.postEntry FROM posts
INNER JOIN campaigns ON posts.campaignID= $campaignID
AND posts.campaignID= campaigns.campaignID ORDER BY postDate desc");
while($row = mysqli_fetch_array($result))
{
echo "<div id='campaignPostContainer'>";
echo "<ul class='campaignPostBox'>";
echo "<p class='postInfo'>";
echo "<form name='postDelete' action='campaignPostDelete.php' method='post'>
<input type='hidden' name='postID' value=" . $row['postID'] . ">
<input type='submit'>
</form>";
echo "Posted on:";
echo "<li>" . $row['postDate'] . "</li>";
echo "</p>";
echo "<p class='postInfo'>";
echo "Posted by:";
echo "<li>" . $row['postName'] . "</li>";
echo "</p>";
echo "<li class='postEntry'>" . $row['postEntry'] . "</li>";
echo "</ul>";
echo "</div>";
echo "<hr>";
}
mysqli_close($con);
?>
Upvotes: 0
Views: 312
Answers (1)
Reputation: 4663
You are enclosing the ID in single quotes. It is an integer so shouldn't be enclosed in quotes.
$delete = mysqli_query($con,"DELETE FROM posts WHERE postID='$postID'");
should be:
$delete = mysqli_query($con,"DELETE FROM posts WHERE postID=$postID");
However, you are also passing the connection string twice. So instead do this:
$delete = "DELETE FROM posts WHERE postID=$postID";
if (!mysqli_query($con, $delete))
{
die('Error: ' . mysqli_error($con));
}
But this still leaves you vulnerable to SQL injection. Do at least this to improve this overall:
$delete = sprintf("DELETE FROM posts WHERE postID=%s", mysql_real_escape_string($postID));
if (!mysqli_query($con, $delete))
{
die('Error: ' . mysqli_error($con));
}
You'll also want to sanitize your other inputs.
Upvotes: 2
Related Questions
- trying to DELETE a row with PHP and MYSQL
- SQL syntax error with DELETE query
- MySQL syntax error when trying to delete row
- mysql delete syntax error
- Mysql syntax error : deleting records
- MySQL Error? Where the syntax mistake?
- MySQL: syntax error when trying to delete from table
- delete row from database - syntax error
- SQL error when deleting from MySQL
- SQL error in DELETE function?