0

Each time "Removed!!!" is the result.... $na is declared in au.php ... Perhaps the DELETE query might be having problem..

<?php
date_default_timezone_set('Asia/KolKata');
$xyz = date(DATE_RFC2822);
include "../au.php";

$conn = mysql_connect('localhost', 'local', 'local');
mysql_select_db('sol_index', $conn);
$sid = $_GET['sid'];
$qqq = "SELECT * FROM $sid WHERE (one = '$na' AND three = 'liked')";

if (mysql_query($qqq)){
    mysql_query("DELETE FROM $sid WHERE (one='$na' AND three='liked')");
    echo "Removed!!!";
} else {
    mysql_query("INSERT INTO $sid (one, three) VALUES ('$na', 'liked')");
    echo "Liked!!!";
}

?>

Thanks for the cordination and help !!

Ishwar Sarade
  • 3
  • 3
  • 1
    Please, [don't use `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). Insert some error checking (and check the error logs) too, it'll help you find the problems. – Jay Blanchard Jan 12 '15 at 17:49
  • I don't that $na will be available after including au.php cause it is local to that file when not declared global. – th3falc0n Jan 12 '15 at 17:52
  • This is happening because this line `mysql_query($qqq)` will always return true. It runs the query it will only be false it there is an error on your query which isn't the case. – Jorge Campos Jan 12 '15 at 17:52

1 Answers1

2

Each time "Removed!!!" is the result

Rightly so.

$qqq = "SELECT * FROM $sid WHERE (one = '$na' AND three = 'liked')";
if (mysql_query($qqq)){
    mysql_query("DELETE FROM $sid WHERE (one='$na' AND three='liked')");
    echo "Removed!!!";
}

That if is incorrect, it will always return true as long as the query is valid, even if there is no data. You need to run that check on the number of records or the records themselves, and not just on the execution. For example You have to fetch data from that result and run your check on that.

How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
Hanky Panky
  • 46,730
  • 8
  • 72
  • 95