I currently have a database with a table called rooms; which has two attributes: roomID and roomType. I have inserted data into this using MySql which is all fine. I am using PHP and MYSQL in order to show what's currently in the database on the page (which is working just fine) and then a delete.php page where I have a text field for Room ID and Room Type. I wish to delete whatever I prefer from the 'rooms' table however I keep getting the Unknown table 'roomid' in MULTI DELETE error, even though I only have the one table.
Below is my current PHP
<?php
include ('connect.php');
if(isset($_POST['roomID'])){
$roomID = $_POST['roomID'];
$roomType = $_POST['roomType'];
$sql = "DELETE FROM rooms WHERE roomID='"$roomID"' AND roomType='"$roomType"' ";
if ($conn->query($sql) === TRUE) {
echo "Record deleted successfully";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
}
?>
Would appreciate any help
Little Bobby says your script is at risk for SQL Injection Attacks.. Even escaping the string is not safe!
If only you had used prepared statements you wouldn't have had to worry about concatenating the variables properly. The following portion of your query line is missing the proper concatenation:
WHERE roomID='"$roomID"' AND roomType='"$roomType"'