Mysql delete using query string variables

cykrider

I'm trying to delete a value from a table based on a query string value. However, I keep getting an error. I am able to delete it w/o the use of variables but when I use them, I get an error. I think showing the code would be the best way to explain:

(user clicks on a like: deletetest.php?testname=$field😉
and deletetest.php?testname=test is sent via query string to this php file:

<?
session_start(); //the variable username is registered here
$HTTP_GET_VARS['testnam'];
[connect and select db]
?>
<html>
<body>
<?
##mysql_query("drop table $testnam");
##echo mysql_error();

mysql_query("DELETE FROM $usersname WHERE testname=
' $testnam ' ");
echo mysql_error();

/*print<<<E
<script language="javascript">
<!--

-->
</script>

E;*/
?>
</body>
</html>

Supposedly the error is somewhere around: WHERE testname=
' $testnam' ");

I feel as though I've tried everything, from ' ".$testnam." ', to addslashes($testnam), to adding slashes manually. It's gotten to the point where I'm all out of ideas and it all looks the same to me. Any advice would be great. Thanks.

xblue

In general:
echo the query to see what it looks like (post it along with your table structure if necessary).
does mysql_error return anything?

One thing that possibly could cause problems:
in case register globals is disabled, use $_SESSION['username']

stolzyboy

or try $_GET['variablename'] and take out the spaces that are around the variable name, you have in your sql

where ..... = ' $varname '

make it .....= '$varname'