-2

I want to delete a table-column with a certain title. What is wrong with this query? If I add the delete-URL (with the requested title; ...?name=) in my webbrowser, I get the last echo (Error-message)

    <?php 
    //Getting Id
    $name = $_GET['name'];

    //Importing database
    require_once('dbConnect.php');

    //Creating sql query
    $sql = "ALTER TALBE tische DROP `$name`";  

    //Deleting record in database 

    if(mysqli_query($con,$sql)){ 
    echo 'Element erfolgreich aus Abrechnung entfernt';
        }else{
            echo 'Konnte Element nicht aus Abrechnung entfernen';
    }

    //closing connection 
    mysqli_close($con);
user3713946
  • 27
  • 6
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Nov 08 '16 at 19:19
  • You quote values, not back tick them. `'$name'` – Jay Blanchard Nov 08 '16 at 19:20
  • 3
    'ALTER TALBE' is wrong. – Rene Limon Nov 08 '16 at 19:21
  • ***This is dangerous code!*** The query string of a URL can be used easily for SQL Injection attacks, not to mention you're letting users delete columns from a URL with no safety checking *at all*. I could just change the query string and easily delete your entire database or retrieve all of the data from it. – Jay Blanchard Nov 08 '16 at 19:24
  • I know that this code is not safe! I just want to use it for free-time activitys! I haven't much experience at coding, i just want to try it. If i use quotes instead of back ticks it also won't do what it should... and I don't know why... – user3713946 Nov 08 '16 at 19:33
  • It is unclear from what you've provided; are you trying to actually remove a column from the table, or delete a record from the table based on a column's value? – Uueerdo Nov 08 '16 at 20:01
  • I want to delete the complete column – user3713946 Nov 08 '16 at 20:02

1 Answers1

1

The syntax is:
ALTER TABLE table_name DROP COLUMN column_name

CptMisery
  • 612
  • 4
  • 15