0

I am trying to build a page that will allow the user to enter an employee number via a form and when they hit the "delete" button it will remove the corresponding record. The database is named "Crosshill", the Table is called "Employees" and the field I want to use is "employeeid".

It seems to connect fine to the DB, but the code below doesn't work. When you hit the "Delete" button it returns an error of:

Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE employeeid =' at line 1 Blockquote

<html>
<head>
<title>Delete an Employee</title>
</head>
<body>

<h3>Enter the Employee Number below to delete a record</h3>

<?php
if(isset($_POST['delete']))
{
$dbhost = '####';
$dbuser = '####';
$dbpass = '####';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}

$employeeid = $_POST['employeeid'];

$sql = "DELETE Employees ".
       "WHERE employeeid = $employeeid" ;

mysql_select_db('Crosshill');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Employee ID</td>
<td><input name="employeeid" type="number" id="employeeid"></td>
</tr>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="delete" type="submit" id="delete" value="Delete">
</td>
</tr>
</table>
</form>
<?php
}
?>
</html>
Improve this question
8
  • huge security hole in this code Commented Dec 15, 2013 at 19:23
  • Missed FROM word. Writing $employeeid = (int)$_POST['employeeid']; will fix this security hole) But I hope this is test purpose only code... Commented Dec 15, 2013 at 19:27
  • Could you elaborate? This is just for a test project, but I'm still learning and would like to know how to prevent that Commented Dec 15, 2013 at 19:29
  • 1
    @WJB: This question explains this in detail. Commented Dec 15, 2013 at 19:33
  • you always should sanitize your input, for example if I provide 'employeeid' value instead a numeric id SQL will DELETE FROM Employees WHERE employeeid = employeeid So we lost all employees... Commented Dec 15, 2013 at 19:33

2 Answers 2

Reset to default
6

It's DELETE FROM <table> WHERE <condition>, the FROM is missing in your query.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks very much! It is working now. I'll add points as soon as my rep allows. Appreciate the help!
0

You are missing "from" after delete.. It should be as DELETE from Employees WHERE condition.

To avoid such situations always do one thing, just echo the sql query and using "exit" after the same to terminate the further execution of the program.

Copy the query from browser and run the same in phpmyadmin or whatever other tool you use..

That practice will help you to find out the root cause of the problem..

Improve this answer

1 Comment

Thanks very much! It is working now. I'll add points as soon as my rep allows. Appreciate the help!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.