Delete help for my script

Question

So I almost have my delete function working...I have the page loading correctly without any fatal errors but still not doing the trick

Here is the portion of my while loop:

echo "<a href='http://www.@#@$#%##%#.org/Profile.php?id=".$prof-&gt;id."'&gt;";
echo " delete";
echo "</a>";

and here is the portion of my query which is obviously wrong:

$query = "UPDATE `ProfileComments` SET `status` = 'dead' WHERE `id` = '".$prof->id."' LIMIT 1";

so how do I get this to delete the comment on the page? and mark the status dead in the db?

Thanks

Answer 1

Just because you're not seeing fatal errors, your code doesn't have to behave like you want it to.

Examine the content of $prof->id by, inside of the loop, putting it through var_dump and then die, this will let you control what the property holds at the moment you want to print it out.

The same thing applies in your query, var_dump to see what it contains.

Answer 2

Not seeing more of your code (and not knowing your experience level), I'm not sure where you actually need help, so forgive me if my question/advice is obvious and too basic for you:

How is $prof->id getting populated in Profile.php? Are you pulling it off of the request (like so: $id = $_REQUEST["id"])?

And as Michael said, do please use parameterized queries. (If you don't care about children, at least think of the kittens!)

Answer 3

From your sql it looks like you are doing a soft delete, which is fine. Your select statement needs to exclude comments that have a status of 'dead'

SELECT columns FROM ProfileComments WHERE status != 'dead' AND id = {$prof->id}

Of course that's a guess without seeing how you populate prof->id when you generate the link.

There's a couple of other problems with your post though:

1. As others have suggested, you should use parameterized queries otherwise you leave yourself open to sql injections
2. You shouldn't be doing the delete via a get request (using a naked anchor). Either do the delete using AJAX or via a form. Modifying server data via a get is a bad practice.

Answer 4

Your SQL statement looks fine, and the html code is fine too. To locate the problem

1. You need to make sure your SQL is getting the right parameter, the id in this case. just echo it out, if the id is missing or wrong you know $prof->id needs fixing.

2. also check the link dumped by your php, again does it contain the right id?

3. Make sure you don't have any errors before you execute the SQL, basically make sure that SQL query statement is called. and make sure your db connection is live.

4. When mysql statement is wrong it won't throw a fatal error, you need to print the error yourself by mysql_error().