What's Wrong Now!

[flishess]

New Question: I need help finishing this-

I am trying to make a delete command:

form to delete:

<?
include("./config.php");
?>
<html>
<form method="post" action="deleteplatform.php">

<h3>Delete Platform:</h3>
<select name="developer">
<?php echo $company; ?>
</select>
<br>
<br>
<INPUT TYPE="submit" name="submit" value="submit">
</form>
</html>

delete code:

<? 

if($_POST['submit'])
{
   include("./config.php");

  [COLOR=Red] $platform = mysql_real_escape_string($_POST['platname']);[/COLOR]

   $result=MYSQL_QUERY("DELETE FROM platform (platname)".
      "VALUES ('$platform')"); 

   echo "Query Finished"; 
}
?>

I think the change needs to be in the line that is red.

 

[Eric]

<?php

if (!empty($_POST['submit']))
{
	include('./config.php');

	// Convert all the posts to variables:
	$title = mysql_real_escape_string($_POST['title']);
	$description = mysql_real_escape_string( $_POST['description']);
	$aka = mysql_real_escape_string($_POST['aka']);
	$platform = mysql_real_escape_string($_POST['platform']);
	$release_us = mysql_real_escape_string($_POST['release_us']);
	$msrp = mysql_real_escape_string($_POST['msrp']);
	$buylink = mysql_real_escape_string($_POST['buylink']);
	$developer = mysql_real_escape_string($_POST['developer']);
	$publisher = mysql_real_escape_string($_POST['publisher']);
	$esrb = mysql_real_escape_string($_POST['esrb']);
	$genre = mysql_real_escape_string($_POST['genre']);
	$boxart = mysql_real_escape_string($_POST['boxart']);

	// Insert the values into the correct database with the right fields
	$result = mysql_query("
		INSERT INTO gamepage (title, description, aka, platform, release_us, msrp, buylink, developer, publisher, esrb, genre, boxart)
		VALUES ('$title', '$description', '$aka', '$platform', '$release_us', '$msrp', '$buylink', '$developer', '$publisher', '$esrb', '$genre', '$boxart')
	") or die(mysql_error());
	echo 'Query Finished';
}

?>

 

[Kate]

mysql_real_escape_string is the function that should be used to avoid SQL injection/parsing errors. But there is one caveat: you need to have a connection to the DB because the behavior is connection-dependent. So I would suggest to wrap it in a function.

 

[Daniel]

mysql_real_escape_string is the function that should be used to avoid SQL injection/parsing errors. But there is one caveat: you need to have a connection to the DB because the behavior is connection-dependent. So I would suggest to wrap it in a function.

I would guess config.php makes the connection...

 

[flishess]

new question, look at top, I made an edit - forum said I had max threads. :td:

 

[nick-8318]

DELETE FROM gamepage WHERE platform='$platform'

 

[flishess]

DELETE FROM gamepage WHERE platform='$platform'

where exactly does that go?

 

[death001]

where exactly does that go?

As result

$result=MYSQL_QUERY("DELETE FROM gamepage WHERE platform='$platform'");