Cannot figured out what is wrong with DELETE command

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
URWhatUXpress
Forum Newbie
Posts: 11
Joined: Sat Aug 30, 2003 5:00 pm
Location: Grand Rapids, MI

Cannot figured out what is wrong with DELETE command

Post by URWhatUXpress »

This is the code I am working with:

$pemail = $_POST['email'];
$query = "DELETE FROM hope WHERE email = $pemail";

Now, I tested and $pemail is recieving the var. from the post form, so I am assuming that my problem is in the query syntax, since the error message I set up keeps coming up when I run this portion of the script.

Thank you in advance for any help with this. Let me know if you need more of the source code.

{ d }
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

quotes

Post by phpScott »

It is probably a quote issue. In mysql you need to put quotes around variables that are strings.

So try

Code: Select all

$query = "DELETE FROM hope WHERE email = '$pemail'";
notice the ' ' around $penmail

try it and see what happens.

phpScott
User avatar
URWhatUXpress
Forum Newbie
Posts: 11
Joined: Sat Aug 30, 2003 5:00 pm
Location: Grand Rapids, MI

Post by URWhatUXpress »

Thank you so much, that worked like a charm.

{ d }
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

as i found out the hard way: the only time you don't need (but even then it doesn't hurt) to put it in '' or "" is when you're sending NUMBERS
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

m3rajk wrote:as i found out the hard way: the only time you don't need (but even then it doesn't hurt) to put it in '' or "" is when you're sending NUMBERS
Just to clarify, for security reasons, you should always quote integer vars as well. If the var was obtained from user input, it might not be an integer at all.

Also, never put vars in db queries unless they have either been escaped or intval() 'd. This, and quotes, are essential steps to protect against query hijacking.
User avatar
URWhatUXpress
Forum Newbie
Posts: 11
Joined: Sat Aug 30, 2003 5:00 pm
Location: Grand Rapids, MI

Post by URWhatUXpress »

Thanks for all that advice. This really helps me out.

{ d }
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

McGruff wrote:
m3rajk wrote:as i found out the hard way: the only time you don't need (but even then it doesn't hurt) to put it in '' or "" is when you're sending NUMBERS
Just to clarify, for security reasons, you should always quote integer vars as well. If the var was obtained from user input, it might not be an integer at all.

Also, never put vars in db queries unless they have either been escaped or intval() 'd. This, and quotes, are essential steps to protect against query hijacking.
i did that just to be safe. and everything that is input that isn't done via a select boxe that gives me a number, i "clean" with a function made specifically for that
Post Reply