0

I am trying to delete record through id here is my code:

if(isset($_GET['del'])){
  $i=$_GET['a'];
  $q="DELETE FROM Registration WHERE ID='".$i."'";
  mysql_query($q,$conn) or die(mysql_error());
  echo "deleted";
}

above code is working and echo statement is executed too but the record from database is not deleting. But when i put actual id num instead of $i, the record gets deleted.

Mr. Alien
  • 153,751
  • 34
  • 298
  • 278
Trupti
  • 23
  • 1
  • 5
  • with what name you are passing values, del or a? – Dev Feb 08 '14 at 10:35
  • You don't have to concatenate the variable, also, you are using deprecated API, and your table and column names are weird, you should keep them lower case always – Mr. Alien Feb 08 '14 at 10:35
  • m getting id through a and storing it in $i. and 'del' is button name – Trupti Feb 08 '14 at 10:39
  • You last sentence clearly shows that `$i` does _not_ contain the number. You should check that first, then think about your chosen tools: you code is vulnerable to sql injections, because you use the long deprecated mysql extension. Seitch to mysqli or PDO and use "prepared statements" and "parameter binding" instead. – arkascha Feb 08 '14 at 10:39
  • can u provide url from where you are getting id value? – Dev Feb 08 '14 at 10:40
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 08 '14 at 10:48
  • 1
    I'm tempted to vote this down as code like that is "not useful" to anyone. – DanMan Feb 08 '14 at 11:01
  • i replaced 'del' with 'a' and its working now – Trupti Feb 08 '14 at 11:22

2 Answers2

0

try accessing the script directly in a browser and compare it to the link in your address bar when you access the script from your delete page.

For your code to work it needs to look something like this:

http://path/to/yourscript.php?del=1&a=<id to delete>

If that works, then your calling script/form is not set up correctly, you'll need a form input that has the name 'a'. e.g. <input type='text' name="a"> and an input called 'del', probably your submit button.

Loopo
  • 2,204
  • 2
  • 28
  • 45
0

You are sending in your query the value of ID as string. Try: 

$q="DELETE FROM Registration WHERE ID=$i";

Also make sure that you are getting an int.

$i=(int)$_GET['a'];
mehmetseckin
  • 3,061
  • 1
  • 31
  • 43
Ed Capetti
  • 339
  • 2
  • 10