if(isset($_POST['submit']))
{
$Team = $_POST['Team'];
echo "$Team" ;
$sql = "DELETE FROM championsleauge WHERE Team = $Team ";
if($con->query($sql) === TRUE)
{
echo "New delete successfully";
}
}
the delete is not working. it does echo the team name to be deleted any ideas?
This does not answer your question, but it can open your eyes!
DELETE FROM championsleauge WHERE Team = $Team
Send this value to your POST variable named Team
5 OR 1=1
It will become
DELETE FROM championsleauge WHERE Team = 5 OR 1=1
And there you go, no more champion leagues!
BTW, your error is a simple typo. String values need to be quoted. Then you have no error checking at all. Then you need to go through
How can I prevent SQL injection in PHP?
PDO is not as scary as it sounds, you code can be as simple as this
$dbh = new PDO('mysql:dbname=testdb;host=127.0.0.1', $user, $password);
$sth=$dbh-prepare("DELETE FROM championsleauge WHERE Team = ?");
$sth->execute(array($Team));
