cannot delete record with php script

Question

when i go to produkdelete.php i can view the record that i want to delete, but when i confirm to delete there is no deleted record

this is my script :

$key = @$_GET["key"];

case "I": // Get a record to display

   $tkey = $key;
   $strsql = "SELECT * FROM `produk` WHERE `id`=".$tkey;

   $rs = mysql_query($strsql, $conn) or die(mysql_error());

    if (mysql_num_rows($rs) == 0)
    {
        ob_end_clean();
        header("Location: "."produklist.php");
    }

    $row = mysql_fetch_assoc($rs);
    $x_id = $row["id"];
    $x_kdprod = $row["kdprod"];
    $x_namaprod = $row["namaprod"];
    $x_diskripsi = $row["diskripsi"];
    $x_harga = $row["harga"];

    mysql_free_result($rs);
    break;

case "D": // Delete

    // Open record
    $tkey = $key;
    $strsql = "DELETE FROM `produk` WHERE `id`=".$tkey;

    $rs = mysql_query($strsql, $conn) or die(mysql_error());

    mysql_free_result($rs);
    mysql_close($conn);

    ob_end_clean();
    header("Location: produklist.php");
    break;

the key variable is send from "produkdelete.php?key=".urlencode($row["id"]);

and everytime i run this the output just come like this :

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '=' at line 1

Have you tried dumping out what the SQL statement being attempted actually is? — Rowland Shaw, Dec 27 '14 at 20:47
Why don't you post your _actual_ code? Where's the `Switch` statement? — The Blue Dog, Dec 27 '14 at 20:49
mysql_ functions are deprecated, please use [mysqli](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/tr/book.pdo.php) instead of mysql_ functions. — salep, Dec 27 '14 at 20:49

score 0 · Accepted Answer · edited May 23 '17 at 12:12

In SQL Management Studio this won't run.

$strsql = "DELETE FROMprodukWHEREid=".$tkey;

Lose the ` and it should execute.

With PDO for added security (explanation below)

    $myServer = "put url to your server here";
    $myDB = "put name of database here";
    $name = "login name db";
    $pw= "password db";

    try 
    {
        $dbConn = new PDO("mysql:host=$myServer;dbname=$myDB", $name, $pw);
    }
    catch( PDOException $Exception ) 
    {   
        //Uncomment code to show error
        //var_dump($Exception);
    }       

    function doPDOQuery($sql, queryArguments = array())
    {   
        $sth = $db->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
        $sth->execute($queryArguments );
    }

    $sql = 'SELECT * FROM produk WHERE id= :id';
    doPDOQuery( $sql, array(":id" -> $tkey) );

This should execute on your server. It's using the PDO module for creating prepared queries. That means that the query itself is created by the database-driver itself. This prevents SQL-injection. This is a reason why MySQL_functions are deprecated.

For delete, update and insert the code above is sufficient. You need to do a $sth->fetchAll() to retrieve rows from a select.

Why are PHP's mysql_ functions deprecated?

@EdyPrasetyo You've made an edit to my answer, to provide a comment. Please use the `add comment` button. I think your local webserver is no longer supporting `mysql_query`. Please switch to PDO or mysqli — Mouser, Dec 29 '14 at 16:37

cannot delete record with php script

1 Answers1