PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
Hi everyone,
Thanks for reading my post - I have a problem with a script of mine... I don't exactly know whats wrong - I've done this type of script millions of times, but something just isn't working. Here's the deal: It is a deletion confirmation page, and when I click yes to confirm the delete (in which it should direct to the beginning of the PHP script and follow after the if(isset thing...) However, this is the error message I get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Here is the actual button from the confirmation page (HTML)
<?php
include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
if($num >= 1)
{
while ($row = mysql_fetch_array($result))
{
$fl_title = stripslashes($row['fl_title']);
$fl_artist = stripslashes($row['fl_artist']);
$fl_loc = $row['fl_loc'];
}
}
///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////
if(isset($_POST[del_file]))
{
$sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
$fl_loc = $row['fl_loc'];
}
if(file_exists($fl_loc))
{
unlink($fl_loc);
} else {
echo '<script>alert("The file does not exist.");</script>';
echo '<META http-equiv="refresh" content="0;URL=index2.php">';
exit;
}
$sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
$result = @mysql_query($sql,$connection) or die(mysql_error());
echo '<script>alert("File Deleted Successfully!");</script>';
echo '<META http-equiv="refresh" content="0;URL=index2.php">';
exit;
}
?>
If anyone can tell me what is going wrong, I would really appreciate it! It seems that even when I get rid of the isset and take away the whole deleting part of the PHP, I still get the same error. Maybe it is something to be changed on the server, but I don't know what. I have other similar scripts that work fine! I'm so confused...
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
$sql = 'DELETE FROM fruityloops WHERE fl_id = ' . mysql_real_escape_string($_POST['del_file']);
Sorry to pick on the script, but you should improve your style of programming (safety, consistency). Please search through the Web about PHP coding standards. Of course only if you want to pick up your skills
<?php
include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
Besides mezise's suggestion of using mysql_real_escape, I wonder, where $id is coming from. If it is not defined in connect.php, you obviously depend on register_globals, which is another PHP programming failure. Current versions of PHP have this option turned off by default, and on many servers it is not available anymore, due to the large exploit impact it caused.
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
if($num >= 1)
{
while ($row = mysql_fetch_array($result))
{
$fl_title = stripslashes($row['fl_title']);
$fl_artist = stripslashes($row['fl_artist']);
$fl_loc = $row['fl_loc'];
}
}
///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////
if(isset($_POST[del_file]))
{
$sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
$result = @mysql_query($sql,$connection) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
$fl_loc = $row['fl_loc'];
}
if(file_exists($fl_loc))
{
unlink($fl_loc);
} else {
echo '<script>alert("The file does not exist.");</script>';
echo '<META http-equiv="refresh" content="0;URL=index2.php">';
exit;
}
$sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
Once again, where is '$del_file' defined? I can only see an 'isset($_POST[del_file])' -- by the way, if 'del_file' is not a previously defined constant, this is another programming error. You'd need to put this identifier into quotation marks.
ibanez270dx wrote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
That looks like it's telling you that it found something illegal before the first character of your script. I would make sure that there's not a nonprinting character prior to the first character in your script. In the code that you posted, it looks like maybe there's a blank line before your <? php line. Try removing that line.
ibanez270dx wrote:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
That looks like it's telling you that it found something illegal before the first character of your script. I would make sure that there's not a nonprinting character prior to the first character in your script. In the code that you posted, it looks like maybe there's a blank line before your <? php line. Try removing that line.
thats just in reference to the SQL that was passed to MySQL, not the actual script itself.