Page 1 of 1

Deleting Issues

Posted: Wed Aug 17, 2011 10:50 pm
by oyedele
I could successfully delete a record in the database but if i type anything not in d database it will still perform the content inside the echo paragraph. Below is the code i used.

Code: Select all

<?php                            
                     if(isset($_POST['Delete']))
					{
				 	$sql="Delete from student_details where Username='".$_POST['Username']."'";
					
					$result = mysql_query($sql);
					if($result){
					echo '<p class=delstudent>';
                  	echo "You have Deleted Successfully";
					echo '</p>';
					header("refresh:2;URL=admindel.php");
					}
					}
					else 
					{
						echo mysql_error();
						}
					?>
Please kindly sort out any correction.
Thanks

Re: Deleting Issues

Posted: Thu Aug 18, 2011 1:28 am
by Christopher
First, for security always escape values from the request with mysql_real_escape_string(), so:

Code: Select all

$sql="Delete from student_details where Username='".mysql_real_escape_string($_POST['Username'])."'";
Second, if you want to see if your DELETE actually deleted rows, check if mysql_affected_rows() > 0.