Page 1 of 1

sql statement

Posted: Sun Apr 23, 2006 11:09 am
by italianprog
Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi, I have a problem, For some reason, the below code doesnt work properly. When i enter something that is equal to o, i get an message "The user has been deleted" but nothing is deleted from my database. Is my query wrong? Can someone please help me?

Cheers

Code: Select all

<?
$password="";
$user = "";
$database=""; 
$User_Name=$_POST['User_Name'];


if ($User_Name == null)
{
print(" Please enter your First Name<BR>");
print("Please press the Browser Back button and fill the above mentioned field."); 
}
else
{
    mysql_connect(localhost,$user,$password);
    @mysql_select_db($database) or die( "Unable to select database");
    $query = "SELECT * from user_master where USER_NAME='$User_Name'";
    $result=mysql_query($query);
    $num=mysql_numrows($result);
    if ($num>0)
     {

$query = "Delete from user_master where (user_name = '$User_Name') && (user_type == 'o')";
        mysql_query($query);       
        mysql_close(); 
        echo " The User: $User_Name has been deleted";  
 
     }   
     else
     {     
   

 echo "Sorry, that username doesnt exist<BR>";
 echo "Please press the Browser Back button and fill the above mentioned field.";        
     }
}
?>
:?:


Jcart | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Re: sql statement

Posted: Sun Apr 23, 2006 12:19 pm
by AshrakTheWhite
My guess would be:
is your username collum in the DB written in caps or in lowercase (i think it matters)
EDIT: nr 5000 :/

Code: Select all

<?
$password="";
$user = "";
$database="";
$User_Name=$_POST['User_Name'];


    if ($User_Name == null)
    {
    echo 'Please enter your First Name<BR>';
    echo 'Please press the Browser Back button and fill the above mentioned field.';
    } else
        {
        mysql_connect(localhost,$user,$password);
        mysql_select_db($database) or die(mysql_error());
        $query = "SELECT * FROM user_master WHERE USER_NAME=". $User_Name ."";
        $result=mysql_query($query) or die(mysql_error());
        $num=mysql_numrows($result) or die(mysql_error());
       
            if ($num>0)
            {
            $query2 = "DELETE FROM user_master WHERE (USER_NAME = ". $User_Name .") && (user_type == 'o')";
            mysql_query($query2) or die(mysql_error());
            mysql_close() or die(mysql_error());
            echo " The User: ". $User_Name ." has been deleted"; 
            } else
                {
                echo "Sorry, that username doesnt exist<BR>";
                echo "Please press the Browser Back button and fill the above mentioned field.";       
                }
       }
?>

Re: sql statement

Posted: Sun Apr 23, 2006 12:34 pm
by timvw
- You don't test if $_POST['User_Name'] really exits
- mysql_connect returns false if there is a failure, use that return value.
- @mysql_select_db simply hides possible error/warning messages, not good practice since it doesn't solve the problem.
- You use $User_Name in a query without that you've prepared it for use in a query (http://www.php.net/mysql_real_escape_string)
- mysql_query returns false on error, use that return value.
- MySQL uses the AND operator, not &&.

And you could do it all at once with one query too:

Code: Select all

DELETE FROM table WHERE User_Name='$User_Name' AND type='o'
And then use mysql_affected_rows if such a row was deleted...