Delete query is not working in PHP

Question

I am trying to delete a particular id from a table in PHP. I have written two queries in the same php.

something like this:

 <?php

  include("db.php");


  $response = array();

  if (isset($_POST['userID'])) 
  {

$userID = $_POST['userID'];


$result1 = mysql_query("DELETE FROM profile WHERE userID = '$userID'");
$result2 = mysql_query("DELETE FROM profile_details WHERE userID = '$userID'");


if ($result1 && $result2 ) 
{
    $response["success"] = 1;
    $response["message"] = "row successfully created.";

    echo json_encode($response);
} 
else 
{
    $response["success"] = 0;
    $response["message"] = "Oops! An error occurred.";


    echo json_encode($response);
 }
} 

else 
{
  $response["success"] = 0;
  $response["message"] = "Required field(s) is missing";

   echo json_encode($response);
 }
?>

I get the following error:

Parse error: syntax error, unexpected '$result1' (T_VARIABLE) in /homepages/htdocs/radiansa.com/extras/a/test2.php on line 16

I am not sure what could be wrong here..

Is this really all the code? The error suggests there's possibly a missing `;` in the line just before `$result1 =`. The code as posted is not syntactically invalid. — Michael Berkowski, Aug 27 '14 at 13:51
My assumption is that Magic Quotes is adding an extra single quote making your statement syntactically wrong, see here how to disable Magic Quotes http://php.net/manual/en/security.magicquotes.disabling.php alternatively try to skip single quote, you are vulenrable to SQL Injection this way. $userID = str_replace("'", "", $_POST['userID']); — EGN, Aug 27 '14 at 13:54
@MichaelBerkowski - This is the real code. I don't have anything before $UserID... and I have the condition which says if $results1 and $ results2 then do something.. That is all — TheDevMan, Aug 27 '14 at 13:56
@TheDevMan If this is indeed the entire real code, are you certain this is the line causing an error? Also, though I would not expect the stated error message, and PHP is generally tolerant of this, try erasing & retyping the code entirely, in case some non-printable character left over from a copy/paste is causing a parse error. — Michael Berkowski, Aug 27 '14 at 13:58
if the userID is a number don't put the qoutes $result1 = mysql_query("DELETE FROM profile WHERE userID = $userID "); — may saghira, Aug 27 '14 at 13:58
@TheDevMan So line 16 appears to be `if ($result1 && $result2 )`. Ignore all the comments suggesting anything about the quoting strategy or data types of the query. This is a parse error, not a query runtime error. Check and retype the whitespace around the faulty line. — Michael Berkowski, Aug 27 '14 at 14:03
@MichaelBerkowski I am using the same type of syntax for adding.. Things are working fine there. I just removed the query and updated with Delete part that is all. — TheDevMan, Aug 27 '14 at 14:06
@TheDevMan It's likely a whitespace issue, try copying and pasting the text into a new file — andrew, Aug 27 '14 at 14:15
@TheDevMan It isn't due to permission. PHP cannot parse the code -- whatever occurs immediately before `$result1` even if you cannot see anything before it, is at fault. If you comment out the two `DELETE` queries, you will find that you still get the same error. If you comment out the `if/else` block at line 16, the error won't appear. — Michael Berkowski, Aug 27 '14 at 14:15
@MichaelBerkowski and others... I solved the issue. I recreated the file as per Michael's advice. And tested each line. It started working.. Strangely I didn't change anything... Anyways.. Thanks for the great help guys. — TheDevMan, Aug 27 '14 at 14:25
I've copied the code into Netbeans and it doesn't highlight any errors. Others suggest a whitespace issue which is almost certainly the case. Are you using an IDE or a text editor? Netbeans is free and excellent for most PHP work, it also saves having to pose this kind of question... usually :-) — Ian Lewis, Aug 27 '14 at 14:25

score 0 · Answer 1 · edited Aug 27 '14 at 14:24

0

First of all... stop using mysql_ and switch to PDO or mysqli_. The old ext/mysql mysql_*() functions were deprecated in PHP 5.5 and will eventually be removed entirely.

This needs attention also. Too vulnerable to anything.

$userID = $_POST['userID'];

For your problem, now. Change:

$result = mysql_query("xxxxxxx");

to

$result = mysql_query("xxxxx") or die(mysql_error());

It will help you debug your problem and point you to the right direction

edited Aug 27 '14 at 14:24

War10ck

12,387
7
41
54

answered Aug 27 '14 at 13:54

andrew

2,058
2
25
33

3

Please always mention _why_ to stop using `mysql_*()`. It isn't obvious or known to everyone. – Michael Berkowski Aug 27 '14 at 13:55
@MichaelBerkowski - you are correct, i forgot to mention – andrew Aug 27 '14 at 13:56
@MichaelBerkowski the simple answer is (in addition to being deprecated): it's just not secure. It allows malformed/dangerous statements like '); drop table students' in it. PDO is my preferred method, because it supports prepared (read:safer) statements, and it allows simultaneous connections (if the need should arise). – Aug 27 '14 at 14:07
@user Of course I know all that - purpose of my comment here was to encourage more thorough answers to be posted... It's my edit that adds the deprecation warning above. – Michael Berkowski Aug 27 '14 at 14:13
@MichaelBerkowski I agree with your deprecation warning, but I often want to know the "why" behind it... even when the "what to switch to" is often more pertinent. ;) – Aug 27 '14 at 14:19
@user Favorite [this question (the community's reference question on the issue)](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) to which you can direct users when explaining this issue. I'll edit it in above. – Michael Berkowski Aug 27 '14 at 14:20
@War10ck indeed, but much to my chagrin it didn't support simultaneous connections. Either is still better than using flat-out mysql. – Aug 27 '14 at 14:32

Delete query is not working in PHP

1 Answers1