I have a table and I want to delete a line using a PHP webinterface. To do this I have two PHP files and there has to be a mistake somewhere. I think it has to do with the fact that the playername is written in characters, because the example I took this from had the value that is supposed to be deleted as integer.
Here are the two files (you can probably ignore the part that just calls the table!):
1) pdelete.php
<?php
$query = 'SELECT p.name, p.club, f.link, ROUND(2016-p.birthyear, 0) AS "age", p.position
FROM pplayers p, pflags f
WHERE p.country = f.country
ORDER BY name';
$result = pg_query($query) or die('Query failed: ' . pg_last_error());
?>
<form action="premove.php" method="POST">
<table border="1">
<tr> <th>Name</th>
<th>Team</th>
<th>Nationalität</th>
<th>Alter</th>
<th>Position</th>
<th><i>Select</i></th>
</tr>
<?php while ($x = pg_fetch_object($result)) {
echo "<tr>" .
"<td> $x->name </td>" .
"<td> $x->club </td>" .
"<td> $x->link </td>" .
"<td> $x->age </td>" .
"<td> $x->position </td>" .
"<td> <input type=\"radio\" name=\"name\" value=\"" . $x->name . "\"/> </td><tr>
" ;
}
?>
<tr>
<td colspan=6> <center><input type="submit" value="Delete selected"> </center></td>
</tr>
</table>
2) premove.php
<body>
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
pg_query("DELETE FROM pplayers WHERE name = " . test_input($_POST[name])) or die('Delete failed.');
echo "Spieler " . $_POST[name] . "aus der Datenbank entfernt!";
?>
</body>
The error message I get (in this example the player I want to delete is called "Thomas Müller"):
Warning: pg_query(): Query failed: ERROR: syntax error at or near "Müller" LINE 1: DELETE FROM pplayers WHERE name = Thomas Müller ^ in /srv/pc8/home/h1354320/SR/www/premove.php on line 13 Delete failed.
Sorry for the bad formatting. I hope it is kind of readable. Thanks in advance!!
syntax error at or near "Müller" LINE 1: DELETE FROM pplayers WHERE name = Thomas Müller ^ in
You seem to mess the query completely, as this makes no sense:
pg_query("DELETE FROM pplayers WHERE name = " . test_input($_POST[name])) or die('Delete failed.');
you need to close the query. and part or die... is also wrong. That'd be syntactically better:
pg_query(sprintf("DELETE FROM pplayers WHERE name = '%s'", test_input($_POST[name]))) or die('Delete failed.');
however your test_input() is pretty rubbish. There're dedicated functions to get data properly escaped for query -> pg_escape_string()
pg_query("DELETE FROM pplayers WHERE name = '" . test_input($_POST[name])."'") or die('Delete failed.');