0


I am using php code from w3schools that will let me delete a row from my database. I am getting an error "Error deleting record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version"
I can't seem to find the correct code for the server version that I am using.
This is my delete.php

<?php
$servername = "";
$username = "";
$password = "";
$dbname = "";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

// sql to delete a record
$sql = "DELETE FROM users WHERE id=$id";

if ($conn->query($sql) === TRUE) {
    echo "Record deleted successfully";
} else {
    echo "Error deleting record: " . $conn->error;
}

$conn->close();
?>

This is the page that links to my delete.php

<HTML>

<?php

$db = mysql_connect("", "", "");
mysql_select_db("",$db);
$result = mysql_query("SELECT * FROM users",$db);
echo "<TABLE BORDER=10>";
echo"<TR><TD><B>Username</B><TD><B>Password</B><TD><B>Email</B><TD><B>City</B><TD><B>Zip</B></TR>";
while ($myrow = mysql_fetch_array($result))
{
echo "<TR><TD>".$myrow["username"]."<TD>".$myrow["password"]."<TD>".$myrow["email"]."<TD>".$myrow["city"]."<TD>".$myrow["street"];
echo "<TD><a href=\"adminEdit.php?id=".$myrow[id]."\">Edit</a>";
echo "<a href=\"adminDelete.php?id=".$myrow[id]."\">Delete</a>";
}
echo "</TABLE>";

?>
</HTML>
Cory
  • 145
  • 4
  • 12
  • 2
    and `$id` isn't defined here, and if an int/string? Plus, you're using `mysqli_` in one, then `mysql_` in the other; *no love*. – Funk Forty Niner Mar 29 '16 at 15:17
  • Also depending on how `$id` is set you might be open to SQL injections with this code. You should look at prepared statements. – chris85 Mar 29 '16 at 15:18
  • I forgot about $id. Thanks! I am just messing around with mysqli and mysql. Thats why they are different. I was going to convert everything to mysqli once I practice both a little more. – Cory Mar 29 '16 at 15:21
  • 2
    `if(!empty($id)){ DELETE ... } else{ YIPE! fail...} ` ;-) – Funk Forty Niner Mar 29 '16 at 15:22
  • I suggest you to swap from mysqli_ to PDO: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Reversal Mar 29 '16 at 15:24
  • 1
    Little side note: You started typing in "mysqli" in your 1st code snippet and continued with mysql in second. I would suggest you using mysqli for all of your code. – Marcel Wasilewski Mar 29 '16 at 15:30
  • @Reversal why not use `mysqli` for injection prevention? – chris85 Mar 29 '16 at 17:38
  • mysqli is fine as well, it's all about using prepared statements. My first comment was vague, I'm sorry. – Reversal Mar 29 '16 at 18:57

0 Answers0