Cannot delete a MySQL DB entry

Question

It is my first time setting up databases in MySQL and using them so I would appreciate any help as my hours of searching online have not helped me with this error.

I basically have one tables in my DB. Airport: Title- 3 Char & PublicKey AirportName- 100 Char & Not null

I have coded a webpage in php that should allow me to delete my entries depending on which one I select.

In short this is my php:

 $result = mysql_query("DELETE FROM airport WHERE Title=$Title")
 or die(mysql_error()); 

It gives me this error:

Unknown column 'ABC' in 'where clause'

If I run this in phpmyadmin:

DELETE FROM airport WHERE Title=ABC

It gives me this error:

Unknown column 'ABC' in 'where clause'

If I run this in phpmyadmin it works:

DELETE FROM airport WHERE Title="ABC"

But if I add quotes in my php code the page dies. Any pointers?

Answer 1

您需要用'ABC'引用ABC

Answer 2

since title field of your db is varchar, better encode $title with single quote and use mysql_real_escape_string too for cleaning unsafe db chars. like:

$result = mysql_query(sprintf("delete from airport where title = '%s'", mysql_real_escape_string($title));

Answer 3

You can also escape with \\" if you dont want to use ' Also you should sanitize all the variables you use in your queries.

$Title = mysql_real_escape_string($Title);
$result = mysql_query("DELETE FROM airport WHERE Title=\"$Title\"");

Answer 4

you are missing the quotes:

$result = mysql_query("DELETE FROM airport WHERE Title='$Title'")

You can use third part class, or PDO

Answer 5

The reason your PHP don't handle it when you just put double quotation marks there is because you used those to start the string. That means you effectively ended the string too, and thus caused some unrecognized code after the second quotation mark.

To fix that you can escape in-string quotation marks with backslash and thus your code would be something like

$result = mysql_query("DELETE FROM airport WHERE Title=\"$Title\"")
or die(mysql_error());

or use single quotation marks

$result = mysql_query("DELETE FROM airport WHERE Title='$Title'")
or die(mysql_error());

That will also solve your MySQL error which occurred because you sent in a string without quotation marks. That caused MySQL to use it as a column name instead, trying to put whatever was inside the column $Title, in this case ABC into the column specified, Title.

Also you should sanitize your input better because sending off a string unescaped to MySQL would in most cases be vulnerable to hacking. Giving the hacker more or less full control over your database.

You can do this with mysql_real_escape_string() or by using prepeared queries with PDO or mysqli (which is preferable for a lot of other reasons too, notably because it makes your code a lot easier to read).

$Title = mysql_real_escape_string($Title);
$result = mysql_query("DELETE FROM airport WHERE Title='$Title'")
or die(mysql_error());