Reputation: 25
MySQL delete query in PHP doesn't work in IF statement
I made a script which inserts a row from one table in another, but then it has to delete the record from one table. For some reason that isn't working. Could someone please help me out with this?
My code:
<html>
<head>
<link rel="stylesheet" type="text/css" href="css/layout.css"/>
<?php session_start();
if(!isset($_SESSION['login_id'])){
$url = 'helpdesklogin.php';
header("Location: $url");
}
?>
</head>
<body>
<?php
$server="localhost";
$username="root";
$password="";
$connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
$mysql_db=mysql_select_db("helpdesk_middenpolder",$connect_mysql) or die ("Could not Connect to Database");
$id=$_GET['id'];
$query=mysql_query("INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'");
$result=mysql_query($query);
if($result=mysql_query($query)){
$query2=mysql_query("DELETE FROM incidenten WHERE incidentID=$id");
}
else {
echo mysql_error();
}
?>
</body>
</html>
Upvotes: 0
Views: 430
Answers (4)
Reputation: 1049
First, the lines
$result=mysql_query($query);
if($result=mysql_query($query)){
$query2=mysql_query("DELETE FROM incidenten WHERE incidentID=$id");
}
will execute the $query twice. So, you should omit the first line, since if($result=mysql_query($query)) is enough.
Apart from that, checking $result on true or false will just tell you if an error occured or not. What you should do is to check if the INSERT statement affected any rows by using mysql_affected_rows:
if($result=mysql_query($query)){
if(mysql_affected_rows($connect_mysql) > 0) {
if($result2=mysql_query("DELETE FROM incidenten WHERE incidentID='".mysql_real_escape_string($id)."'") {
/* The query did not return errors */
}
else { /* add error handling here */ }
}
}
else { /* add error handling here */ }
Please note:
- I renamed
$query2to$result2, because the variable does not contain a query, but a query result - Your code is very unsecure because of two reasons:
- You put a
$_GETparameter into a query without escaping it. That makes SQL Injection as easy as possible! I added themysql_real_escape_stringfunction as an easy way to most likely avoid SQL injection. You should add this function in theINSERTstatement as well. - You use the
mysql_*functions. These are deprecated and should not be used anymore. See here. Usemysqlifunctions orPDOistead.
- You put a
Upvotes: 0
Reputation: 66
Wrong way:
$query=mysql_query("INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'");
$result=mysql_query($query);
You are executing your insert query twice by using "mysql_query()" twice
you can do:
$query="INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'";
$result=mysql_query($query);
Upvotes: 2
Reputation: 512
You have forgotten the '' marks that inclose the id and also to check whether your query executed or not and whether you have any results use this
row = mysql_fetch_row($result);
if(!(is_empty($row)){
$query2=mysql_query("DELETE FROM incidenten WHERE incidentID='$id'");
}
Upvotes: 0
Reputation: 1101
if($result=mysql_query($query))
will always return true, since it is just an assignment
Upvotes: 1
Related Questions
- Delete Query not working (No bugs/syntax errors)
- PHP - SQL - DELETE Query does not function
- Delete query not working in php/MYSQL
- MySql Delete not working
- My Delete query isn't working properly
- DELETE in mysql using PHP not working
- my delete query isn't working
- MySQL Delete Item from Table not working
- PHP Delete Query is Not working and even not getting any error message
- delete query not working in php/mysql?