stackoom
  简体   繁体   中英

SQL Syntax error when deleting row

 原文  2014-02-21 20:50:01       php/ mysql

Question

Ok, so I basically have an HTML form that consists of a hidden input and a submit button. When the button is pressed it will remove a specific row in my MySQL table. The code all actually does the function it should. However, I keep getting a syntax error displaying when I run it. Once I get the error, if I go back the row is gone, which is what I want. I am just not sure how to make it redirect after running like it should, rather than getting the error.

The error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1

Line 1 seems fine to me (hence the confusion).

The PHP code that is running(campaignPostDelete.php): 

<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$postID = $_POST['postID'];

$delete = mysqli_query($con,"DELETE FROM posts WHERE postID=" . $postID);

if (!mysqli_query($con,$delete))
  {
  die('Error: ' . mysqli_error($con));
  }

header("Location: index.php");
die();

mysqli_close($con);
?>

the HTML form with PHP in case it's needed: 

<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$campaignID = $_SESSION['campaignID'];


$result = mysqli_query($con,"SELECT posts.postID, posts.postDate, posts.postName, posts.postEntry FROM posts 
   INNER JOIN campaigns ON posts.campaignID= $campaignID
         AND posts.campaignID= campaigns.campaignID ORDER BY postDate desc");

while($row = mysqli_fetch_array($result))
  {
  echo "<div id='campaignPostContainer'>";
  echo "<ul class='campaignPostBox'>";
  echo "<p class='postInfo'>";
  echo "<form name='postDelete' action='campaignPostDelete.php' method='post'>
            <input type='hidden' name='postID' value=" . $row['postID'] . ">
            <input type='submit'>
        </form>";
  echo "Posted on:";
  echo "<li>" . $row['postDate'] . "</li>";
  echo "</p>";
  echo "<p class='postInfo'>";
  echo "Posted by:";
  echo "<li>" . $row['postName'] . "</li>";
  echo "</p>";
  echo "<li class='postEntry'>" . $row['postEntry'] . "</li>";
  echo "</ul>";
  echo "</div>";
  echo "<hr>";
  }


mysqli_close($con);
?>

1 answers

solution1
 2 ACCPTED  2014-02-21 20:51:48

You are enclosing the ID in single quotes. It is an integer so shouldn't be enclosed in quotes. 

$delete = mysqli_query($con,"DELETE FROM posts WHERE postID='$postID'");

should be: 

$delete = mysqli_query($con,"DELETE FROM posts WHERE postID=$postID");

However, you are also passing the connection string twice. So instead do this: 

$delete = "DELETE FROM posts WHERE postID=$postID";

if (!mysqli_query($con, $delete))
{
  die('Error: ' . mysqli_error($con));
}

But this still leaves you vulnerable to SQL injection. Do at least this to improve this overall: 

$delete = sprintf("DELETE FROM posts WHERE postID=%s", mysql_real_escape_string($postID));

if (!mysqli_query($con, $delete))
{
  die('Error: ' . mysqli_error($con));
}

You'll also want to sanitize your other inputs.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Deleting the last inserted row SQL when only 1 row is allowed sql syntax error with pro statement inserting row Error in SQL Syntax when Inserting Error when running SQL syntax SQL Row deleting by itself SQL error when deleting from MySQL Error in deleting a row in cakephp PHP | SQL syntax error when inserting array sql syntax error when creating column SQL syntax error when completing query on a database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM