[RESOLVED] Delete issues MySQL 4.0.25-standard

jmartinez

Here is the code

<?
include("../../includes/global.inc.php");
mysql_connect($glob['dbhost'      ],$glob['dbusername'  ],$glob['dbpassword'  ]); 
@mysql_select_db($glob['dbdatabase'  ]) or die( "Unable to select database");


$query = "DELETE FROM testimonials WHERE id LIKE '$id'";

mysql_query($query);
echo "Record Deleted";
mysql_close();
?>
<META HTTP-EQUIV="refresh" content="0;URL=admintestimonials.php">

the issue is that it is not deleting the record. the $id is an echo from another page. I can see that it is echoing the id number just does not delete the record. any ideas?

bradgrafelman

So let's start by debugging the MySQL code.

Try echo'ing out the query and verifying that the $id is set correctly.

Also, is MySQL trying to tell us something? Try killing the script if the query fails:

mysql_query($query) or die('MySQL said: ' . mysql_error());

jmartinez

There is no out put at all..

Changed code to

<?
include("../../includes/global.inc.php");
mysql_connect($glob['dbhost'      ],$glob['dbusername'  ],$glob['dbpassword'  ]); 
@mysql_select_db($glob['dbdatabase'  ]) or die(mysql_error());


$query = "DELETE FROM CubeCart_testimonials WHERE id LIKE '$id'";

echo "<!--\n$sql\n-->";

mysql_query($query);
echo "Record Deleted";
mysql_close();
?>

bradgrafelman

First, you should probably re-read my post, as I decided I didn't like how the Debugging 101 was setup (I swear I remember that being different.. must go hunting for that post later).

Second, you used $sql in your echo statement, when that isn't where your query was. Your query is in $query.

Third, the  HTML tags hide the data from the actual page, so you have to view the page source to see it.

As I said, re-read my post above as I explained how to make sure MySQL is outputting any errors that are occuring.

jmartinez

ok I have read the post did some debugging and now know what the problem is but not sure how to fix it.

the delete link does send the id number

www.sitename.com/removetestimonial.php?id=12

but I get this error

Notice: Undefined variable: q in /testimonials/removetestimonial.php on line 7
DELETE FROM testimonials WHERE id LIKE '' Record Deleted

obviously my querry is not getting the value 12 (or any values). Am I missing a step to pass the value with this version mysql? The code works perfectly with 4.1.xx

bradgrafelman

Ah. You must have been coding with register_globals set to on. Very very very bad idea.

If you want to access a variable set in the query string, what you are doing is passing data using the GET method. The POST method is used when POST'ing data from forms (i.e. sending them in the HTTP headers, NOT appending them to the URL). Respectively, the two methods have superglobals that you use to access data passed through them.

Since we are using the GET request, you'll retrieve the 'id' value like so:

$id = $_GET['id'];

Though, I would do some error checking, such as:

if(empty($_GET['id'])) {
     die('Error: No record ID to delete.');
} else {
     $id = intval($_GET['id']);
}

You'll notice that I also used the [man]intval[/man] function. This is to make sure people don't try to to some nasty SQL injection and that we know for sure that the 'id' we are using in the query is an integer, not a string of malicious data.

EDIT: For more information about these superglobals ($GET, $POST, etc.), visit the man page for: [man]variables.predefined[/man].

jmartinez

ahhh ha fixed it, great!!! point taken on register_globals.. I will change this. Could you briefly explain to me why having them on is bad? Or point me to a thread or site the can tell me?

Thanks!

bradgrafelman

Offhand, no, but you can search this board and get some good hits, or even Google it.