Php Delete syntax

Question

I have a guestbook for a school assignment, now i need to delete posts but only the logged on user can delete his own posts.

How can i write the delete syntax? I was thinking something like:

if ($_GET['Deletebutton']) {

mysql_query("DELETE FROM guestbook WHERE $id ='PostID' AND $username='Username'");

}

Im posting my code for the page down below!

<h1>Välkommen till gästboken!</h1>
<h2>Posta till Gästboken</h2>
<form action="home.php" method="post">
    <table>
        <tr>

            <td>Titel:</td>
            <td><input type="text" name="titel" style="width: 600px;"/></td>
        </tr>

        <tr>
            <td>Inlägg:</td>
            <td><textarea name="inlägg" style="width: 600px; height: 300px;"></textarea></td>
        </tr>
        <tr>
            <td></td>
            <td><input type="submit" name="postknapp" value="Posta"/></td>
        </tr>
    </table>
</form>
<p>

    <a href="logga_ut.php">Logga ut</a>
    <?php
    session_start();
    $username = $_SESSION['username'];
    if ($_SESSION['login'] == 1) { //om sessionen är 1 så
        // Connect to the database
        mysql_connect("localhost", "root", "");
        mysql_select_db("guestbookdatabase");
//******************************************************************//
//Display stuff
        echo "<h1>Nuvarande Poster</h1>";

        if ($_POST['postknapp']) {

            $title = strip_tags($_POST['titel']);
            $message = strip_tags($_POST['inlägg']);

            if ($title && $message) {

                //Lägg till i databasen
                mysql_query("INSERT INTO guestbook (Title,Post,Username) VALUES  ('$title','$message','$username')");

                echo "Ditt inlägg har lagts till i gästboken!";
            }
            else
                echo "Du har inte fyllt i nödvändig information för att kunna göra ett inlägg.";
        }
        $query = mysql_query("SELECT * FROM guestbook ORDER BY PostID DESC");
        $numrows = mysql_num_rows($query);
        if ($numrows > 0) {
            while ($row = mysql_fetch_assoc($query)) {
                $id = $row['PostID'];
                $name = $row['Username'];
                $title = $row['Title'];
                $message = $row['Post'];
                $date = $row['Timestamp'];
                $message = nl2br($message);
                echo "<div> 
    Av <b>$name</b> vid <b>$date</b><br /> 
    <h2>$title</h2> <p>
    $message  <p>
    <div align = 'right'><input type='button' name='Raderaknapp' value='Ta bort  inlägget' />
    </div></div><hr />";

                if ($_GET['Raderaknapp']) {

                    mysql_query("DELETE FROM guestbook WHERE $id ='PostID' AND  $username='Username'");

                    echo "Inlägget har tagits bort!";
                }
            }
        }
        else
            echo "Inga inlägg hittades.";
        mysql_close();
    } else { // om session inte är 1 så 
        echo "Du har INTE tillåtelse till gästboken! Klicka på länken för att logga in!";
        ?>
    <p>
        <br/><a href="index.html">Till login >></a>
        <?php
    }
    ?> 

Answer 1

Try:

mysql_query("DELETE FROM guestbook WHERE PostID = '".$id."' AND Username = '".$name."'");

DELETE Documentation

Answer 2

Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO, or MySQLi Here is a good tutorial for PDO.

Now, if you want to continue with this however.

  if ($_GET['Deletebutton']) {
    $id = mysql_real_escape_string($_POST['id']);
    $username = mysql_real_escape_string($_POST['username']);


    mysql_query("DELETE FROM guestbook WHERE id ='".$id."' AND username='".$username."'")
 or die("My SQL can not perform this task right now");

    }