A problem with SQL Syntax... appearently

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ibanez270dx
Forum Commoner
Posts: 74
Joined: Thu Jul 27, 2006 12:06 pm
Location: Everywhere, California

A problem with SQL Syntax... appearently

Post by ibanez270dx »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi everyone,
 Thanks for reading my post - I have a problem with a script of mine... I don't exactly know whats wrong - I've done this type of script millions of times, but something just isn't working. Here's the deal: It is a deletion confirmation page, and when I click yes to confirm the delete (in which it should direct to the beginning of the PHP script and follow after the if(isset thing...) However, this is the error message I get: 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Here is the actual button from the confirmation page (HTML)

Code: Select all

Are you sure you want to delete <? echo "$fl_title"; ?> by <? echo "$fl_artist"; ?>?

<form action="<?= $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data" method="post">
<input name="del_file" value="<? echo $id; ?>" type="hidden">
<INPUT type="submit" value="confirm"></form>

<form method="post" action="index2.php">
<INPUT type="submit" value="cancel"></form>
...and here is the php

Code: Select all

<?php

include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
	if($num >= 1)
		{
		 while ($row = mysql_fetch_array($result))  
			{
			 $fl_title = stripslashes($row['fl_title']);
			 $fl_artist = stripslashes($row['fl_artist']);
			 $fl_loc = $row['fl_loc'];
			}
		}	

///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////

if(isset($_POST[del_file]))
	{
	 $sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
	 while ($row = mysql_fetch_array($result)) 
		{
		 $fl_loc = $row['fl_loc'];
		}


if(file_exists($fl_loc))
	 	{	
	 	 unlink($fl_loc);
		} else {
		 echo '<script>alert("The file does not exist.");</script>';
		 echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		 exit;
		}

	 $sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
 
		echo '<script>alert("File Deleted Successfully!");</script>';
		echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		exit;
	}
?>
If anyone can tell me what is going wrong, I would really appreciate it! It seems that even when I get rid of the isset and take away the whole deleting part of the PHP, I still get the same error. Maybe it is something to be changed on the server, but I don't know what. I have other similar scripts that work fine! I'm so confused...

Thanks for your help,
- Jeff






feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

It looks like you do not set $del_file anywhere.
(#10850)
ibanez270dx
Forum Commoner
Posts: 74
Joined: Thu Jul 27, 2006 12:06 pm
Location: Everywhere, California

Post by ibanez270dx »

thanks for responding!

I actually do have it defined. Its the value of a form:

<input name="del_file" value="<? echo $id; ?>" type="hidden">

in which $id is passed on from a previous page. When the button is pressed, the form sends the POST info to the top of the page to process the PHP again... which is where it SHOULD go to the if(isset($_POST[del_file])). If I did make a stupid mistake, please let me know...
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

You should have register_globals set off (it is insecure) and use $_POST['del_file'] instead. You would need to do:

Code: Select all

$del_file = $_POST['del_file'];
(#10850)
Post Reply