开发者

SQL Delete Syntax Error, also some PHP and Jquery

问答 作者:

I have a database table named 'favoritecats' with the following fields:

  • id
  • catName
  • catId

I am using Jquery to run this function on click event of an element on DOM Ready.

// Delete a Favorite Category from SQL Database
    $('.deleteCatFavs').click(function(){      // On click of .deleteCatFavs
    var actionRequested = "AJAX_delFavCat";    // My Personal PHP Controller Identifier
    var url = "index.php";                     // URL to post to

// Now Im getting the data I want to post into variables.
    var catId = $("input[name=FavCats]:checked").val();
    var rowId = $("input[name=FavCats]:checked").attr("id");

// Now we make the post
    $.post(url, {AJAX_Action: actionRequested, rowId: rowId},
        function(data){
            $("#favCats").fadeIn().html(data);
           });
    });

This all Works Fine,

But below I have the PHP Code to delete the selected rowId from above from the database. Here is where im having the issue, Im sure its a SQL error.

public function AJAX_delFavCat(){

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

// My personal Loaders, I need help with the delete query above!!
$data = $this->database->query("SELECT * FROM favoritecats");
$this->load->view('Ajax_addToFavCats.php', $data, $ajax=1);

} // End

The "DELETE FROM 'favoritecats' WHERE id='$rowId'" doesn't work, what am I doing wrong?

开发者_如何学编程

[EDIT]

I get the following error through SQL: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''favoritecats' WHERE id='27'' at line 1

Also, How would I write a Jquery function using the $.ajax method instead of the $.post method im using now, does it really make a difference?

what am I doing wrong?

You've got a SQL-injection security hole.
See: How does the SQL injection from the "Bobby Tables" XKCD comic work?

Change this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM 'favoritecats' WHERE id='$rowId'");

To this

$rowId = isset($_POST['rowId'])?$_POST['rowId']:''; // Get Posted Variable
$rowId = mysql_real_escape_string($rowId);
// Below, I want to delete the posted rowId, from the DB,
$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

To properly escape your inputs.

Back to your question

$this->database->query("DELETE FROM `favoritecats` WHERE id='$rowId'");

Will fix your error.
Note the use of backticks around tablenames, Normal quotes are not allowed and are in fact a syntax error.

Table name should not be in single quotes. Use backticks or leave it as it is .

DELETE FROM 'favoritecats' - wrong
DELETE FROM `favoritecats` - correct
DELETE FROM favoritecats - also correct

继续阅读:databasephpsqlsql-delete

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9