PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get values from form.
$a_id=$_GET['a_id'];
// Do delete statement.
mysql_query("delete from forum_answer where a_id='$a_id'");
$tbl_name2="forum_question"; // Switch to table "forum_question"
// Get values from form.
if ( !isset($_GET['question_id']) ) {
echo '<pre>_GET: '; print_r($_GET); echo "</pre>\n";
die('missing parameter');
}
$question_id=(int)$_GET['question_id'];
$query = "UPDATE forum_question SET reply=reply-1 WHERE id=$question_id";
mysql_close();
// Redirect to select.php.
header("location:main_forum.php");
?>
i have tried this and its deleting the answer as before, but not minusing the replies down by 1 still, i think were getting there thou.
You have been a massive help, but any other ideas why this is still not doing this??
Volka, i would like to say a big thank you, you have helped me a tromendous amount, and without people like yourself willing to put the time into these forums and help others, i wouldnt be where i am today, even though im still a newbie beginner in php, once i am an expert like yourself i will do just the same
volka wrote:In what way do your changes affect the security of the query?
That query in particular... absolutely nothing. :-p
But it makes it sound important, doesn't it?
(I prefer the format... Makes table names/columns stand out, as it should be.)
But if he ever had a dollar sign in a table name (too far-fetched? :-p), then it could accidentally be calling a bad, bad variable.