1

I have a PHP chat script that calls a MySQL database when a user signs out to delete them from the database.

My script is:

  if(isset($_GET['logout'])){
    mysql_query("DELETE FROM users WHERE username='" .$user['username']. "' AND rank='0'");
    header("Location: login_mini.php?logout=1");
  }

What I want to do is delete the user if they have a rank of 0 when they leave. Why isn't this script working?

Improve this question
14
  • Echo your query, then try directly inputting the query into MySQL. Commented Sep 30, 2013 at 0:58
  • 1
    If you're trying to reference a value from an array it should be username='{$user['username']}'. Note the curly brackets and the quotes around the key. Commented Sep 30, 2013 at 1:00
  • 1
    watch out for SQL injection with any of the answers so far Commented Sep 30, 2013 at 1:02
  • 1
    @user2036031, really? have you tried running the query in phpmyadmin? Just run DELETE * FROM users WHERE username='myusername' AND rank='0' Commented Sep 30, 2013 at 1:13
  • 1
    By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks. Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. bobby-tables.com/php has examples to get you started, and this question has many examples in detail. Commented Sep 30, 2013 at 1:24

4 Answers 4

Reset to default
2

DELETE doesn't take column arguments

Remove the *

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
mysql_query("DELETE FROM users WHERE username='$user[username]' AND rank=0");

There is no * or any columns in DELETE operation because you are deleting the whole row(s).

Improve this answer

Comments

1

Are you sure that users table have a record that have rank == 0 ? Check it by

SELECT COUNT(*)
FROM users
WHERE rank='0'

then if there is check your variable $user['username'] if it has value.

var_dump($user);

then if both has value then try to execute this manually on your mysql

SELECT *
FROM users
WHERE username = #the value of the username
    AND rank = '0'

If there is a result then maybe your PHP is throwing an error while executing the mysql_query. try to insert this code after the mysql_query

if (mysql_error()) {
    die(mysql_error());
}
Improve this answer

1 Comment

by the way for security reason enclosed your $user['username'] with mysql_real_escape(). this to protect your query from SQL Injection.
0

The syntax for MYSQL Delete example:

DELETE FROM somelog WHERE user = 'jcole'
ORDER BY timestamp_column LIMIT 1;

So you're query is wrong that's the reason why it is not running:

It should be 

//without * and add quotes in your $user['username']
    mysql_query("DELETE FROM users WHERE username=" .$user['username']. " AND rank='0'");
Improve this answer

6 Comments

+1 This is mostly a consolidation of all the comments but it's also the only complete and correct answer.
@user2036031 , have you tried running the query in mysql? if it's not running then my suggestion is to put the rest of your code.
Have it echo the query: "DELETE FROM users WHERE username='" .$user['username']. "' AND rank='0'". Connect to the database directly and paste that exact string. What happens?
Also, @DrixsonOseña, it looks like you removed the single quotes from the query on your edit - those should be in there since the column is presumably a varchar or other string type.
@user2036031 - echo "DELETE FROM users WHERE username='" .$user['username']. "' AND rank='0'" prints 1?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.