Page 1 of 1

A problem with SQL Syntax... appearently

Posted: Fri Sep 07, 2007 2:33 am
by ibanez270dx
feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hi everyone,
 Thanks for reading my post - I have a problem with a script of mine... I don't exactly know whats wrong - I've done this type of script millions of times, but something just isn't working. Here's the deal: It is a deletion confirmation page, and when I click yes to confirm the delete (in which it should direct to the beginning of the PHP script and follow after the if(isset thing...) However, this is the error message I get: 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Here is the actual button from the confirmation page (HTML)

Code: Select all

Are you sure you want to delete <? echo "$fl_title"; ?> by <? echo "$fl_artist"; ?>?

<form action="<?= $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data" method="post">
<input name="del_file" value="<? echo $id; ?>" type="hidden">
<INPUT type="submit" value="confirm"></form>

<form method="post" action="index2.php">
<INPUT type="submit" value="cancel"></form>
...and here is the php

Code: Select all

<?php

include("connect.php");
$sql = "SELECT fl_title, fl_artist, fl_loc FROM fruityloops WHERE fl_id=$id";
$result = @mysql_query($sql,$connection) or die(mysql_error());
$num = mysql_num_rows($result);
	if($num >= 1)
		{
		 while ($row = mysql_fetch_array($result))  
			{
			 $fl_title = stripslashes($row['fl_title']);
			 $fl_artist = stripslashes($row['fl_artist']);
			 $fl_loc = $row['fl_loc'];
			}
		}	

///////////////////////////////////////////////////
// DELETE SELECTED MP3
///////////////////////////////////////////////////

if(isset($_POST[del_file]))
	{
	 $sql = "SELECT * FROM fruityloops WHERE fl_id='$_POST[del_file]'";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
	 while ($row = mysql_fetch_array($result)) 
		{
		 $fl_loc = $row['fl_loc'];
		}


if(file_exists($fl_loc))
	 	{	
	 	 unlink($fl_loc);
		} else {
		 echo '<script>alert("The file does not exist.");</script>';
		 echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		 exit;
		}

	 $sql = "DELETE FROM fruityloops WHERE fl_id=$del_file";
	 $result = @mysql_query($sql,$connection) or die(mysql_error());
 
		echo '<script>alert("File Deleted Successfully!");</script>';
		echo '<META http-equiv="refresh" content="0;URL=index2.php">';
		exit;
	}
?>
If anyone can tell me what is going wrong, I would really appreciate it! It seems that even when I get rid of the isset and take away the whole deleting part of the PHP, I still get the same error. Maybe it is something to be changed on the server, but I don't know what. I have other similar scripts that work fine! I'm so confused...

Thanks for your help,
- Jeff






feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Fri Sep 07, 2007 2:38 am
by Christopher
It looks like you do not set $del_file anywhere.

Posted: Fri Sep 07, 2007 3:37 am
by ibanez270dx
thanks for responding!

I actually do have it defined. Its the value of a form:

<input name="del_file" value="<? echo $id; ?>" type="hidden">

in which $id is passed on from a previous page. When the button is pressed, the form sends the POST info to the top of the page to process the PHP again... which is where it SHOULD go to the if(isset($_POST[del_file])). If I did make a stupid mistake, please let me know...

Posted: Fri Sep 07, 2007 4:52 am
by Christopher
You should have register_globals set off (it is insecure) and use $_POST['del_file'] instead. You would need to do:

Code: Select all

$del_file = $_POST['del_file'];