0

I am trying to create a dynamic page to soft-delete record from various tables.

Can anyone help me to fix the following statement? I am so confused to the quotes when it comes to variables:

$table_name = $_REQUEST['t'];
$record_id = $_POST['rid'];
$field_id = print_var_name($rid);

$sql="UPDATE `$table_name` SET `is_delete` = 1 WHERE `$field_id` = '$record_id'";
Improve this question
3
  • 2
    i can't see any syntax error in the sql. all I know is it is vulnerable with sql injection. Commented Jun 25, 2013 at 6:42
  • Whatever you have typed here looks perfect and right to me Commented Jun 25, 2013 at 6:47
  • Thanks JW. I am just a beginner. These codes are only for password protected admin panel. I will learn hard to avoid sql injection through PDO but that's too advanced for me at this time. :( Commented Jun 25, 2013 at 7:52

2 Answers 2

Reset to default
1

I would do it in this way.

$sql="UPDATE `" . $table_name . "` SET `is_delete` = 1 WHERE `" . $field_id . "` = '$record_id'";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

try this.

 $table_name = $_REQUEST['t'];
    $record_id = $_POST['rid'];
    $field_id = print_var_name($rid);

    $sql="UPDATE ".$table_name." SET ". is_delete." = 1 WHERE " .$field_id. " =" .$record_id;

Or change your query like this.

  $sql="DELETE FROM ".$table_name." WHERE ".$field_id. "=".$record_id;
Improve this answer

1 Comment

the OP wants soft delete.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.