Execute a php DELETE request

Question

i'm using a php script in my Android project to delete a lign from the database . here is the php file content :

<?php
$pseudo = $_POST['pseudo']; 
define('HOST','localhost');
define('USER','root');
define('PASS','');
define('DB','ract');

$con = mysqli_connect(HOST,USER,PASS,DB);

$sql = "DELETE from utilisateur where pseudo=$pseudo";
$res = mysqli_query($con,$sql);
?>

I think that the main problem in comparing pseudo to $pseudo

Are you getting a error message? Is your connection successful? What is the expected behaviour? I'm assuming that `utilisateur.pseudo` exists in the database? — Henders, May 13 '16 at 11:21
Henders , the problem wastn't the connection , and the utilisateur.pseudo exists , the solution was to add mysqli_real_escape_string . thank you for the answers anyway — AbdallahJg, May 13 '16 at 11:23

noli · Answer 1 · 2016-05-13T11:21:04.913

1

For god sake, protect your query against SQL injection :

$sql = "DELETE from utilisateur where pseudo = '".mysqli_real_escape_string($con, $pseudo)."'";

edited May 13 '16 at 11:21

answered May 13 '16 at 11:17

noli

3,535
3
18
20

In addition, that's not an answer to his question. – Ralph Melhem May 13 '16 at 11:21
This worked , but with mysqli_real_escape_string($con,$pseudo). – AbdallahJg May 13 '16 at 11:22
@RalphMelhem It very well could be... – jeroen May 13 '16 at 11:22

score 0 · Answer 2 · answered May 13 '16 at 11:16

0

$sql = "DELETE from utilisateur where pseudo = '$pseudo'";

answered May 13 '16 at 11:16

KiwiJuicer

1,952
14
28

allready tested that and it didn't work :s – AbdallahJg May 13 '16 at 11:17
I've tried to delete by comparing an "Int" value in the condition and it worked – AbdallahJg May 13 '16 at 11:17
So is the pseudo an int or a string in your database? – KiwiJuicer May 13 '16 at 11:19
1

Although this code may answer the question, providing additional context regarding _why_ and/or _how_ it answers the question would significantly improve its long-term value. Please [edit] your answer to add some explanation. – Toby Speight May 13 '16 at 12:01

Execute a php DELETE request

2 Answers2