0

I made a script which inserts a row from one table in another, but then it has to delete the record from one table. For some reason that isn't working. Could someone please help me out with this?

My code:

<html>
    <head>
        <link rel="stylesheet" type="text/css" href="css/layout.css"/>
        <?php session_start();
           if(!isset($_SESSION['login_id'])){
           $url = 'helpdesklogin.php';
           header("Location: $url");
            }
        ?>
    </head>
    <body>
    <?php
    $server="localhost";
    $username="root";
    $password="";
    $connect_mysql=mysql_connect($server,$username,$password) or die ("Connection Failed!");
    $mysql_db=mysql_select_db("helpdesk_middenpolder",$connect_mysql) or die ("Could not Connect to Database");
    $id=$_GET['id'];
    $query=mysql_query("INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'");
    $result=mysql_query($query);
    if($result=mysql_query($query)){
        $query2=mysql_query("DELETE FROM incidenten WHERE incidentID=$id");
    }
    else {
    echo mysql_error();
    }

    ?>
    </body>
</html>
Improve this question
2
  • 1
    use pdo instead of mysql_ functions Commented Jun 5, 2014 at 7:14
  • 1
    @gvgvgvijayan His question is still valid you cannot simply mark it down because you prefer pdo instead of mysql. I know its deprecated but he didn't ask advice on which method to use. Commented Jun 5, 2014 at 7:22

4 Answers 4

Reset to default
2

Wrong way:

$query=mysql_query("INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'");
$result=mysql_query($query);

You are executing your insert query twice by using "mysql_query()" twice

you can do:

$query="INSERT INTO afgehandelden_incidenten SELECT * FROM incidenten WHERE incidentID='$id'";
$result=mysql_query($query);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

please tick it correct after five minutes. It will help me gain reputation
I'll do that in a few minutes
1 
if($result=mysql_query($query))

will always return true, since it is just an assignment

Improve this answer

2 Comments

Your answer tickled me. I guess you are right, but if I want to check if the function is called right, could I use if( ( $result=mysql_query($query) ) === true )? Would that work?
No you would have to test against $result (the assingment will always return true AFAIK) but you would have to test if $result is false or something, $result will contain the result from the database query, or false on error (i.e. testing for true will generally not work). See php.net/mysql_query
0

You have forgotten the '' marks that inclose the id and also to check whether your query executed or not and whether you have any results use this

 row = mysql_fetch_row($result);
 if(!(is_empty($row)){
        $query2=mysql_query("DELETE FROM incidenten WHERE incidentID='$id'");
    }
Improve this answer

Comments

0

First, the lines

$result=mysql_query($query);
if($result=mysql_query($query)){
    $query2=mysql_query("DELETE FROM incidenten WHERE incidentID=$id");
}

will execute the $query twice. So, you should omit the first line, since if($result=mysql_query($query)) is enough.

Apart from that, checking $result on true or false will just tell you if an error occured or not. What you should do is to check if the INSERT statement affected any rows by using mysql_affected_rows:

if($result=mysql_query($query)){
    if(mysql_affected_rows($connect_mysql) > 0) {
        if($result2=mysql_query("DELETE FROM incidenten WHERE incidentID='".mysql_real_escape_string($id)."'") {
            /* The query did not return errors */
        }
        else { /* add error handling here */ }
    }
}
else { /* add error handling here */ }

Please note:

  • I renamed $query2 to $result2, because the variable does not contain a query, but a query result
  • Your code is very unsecure because of two reasons:
    • You put a $_GET parameter into a query without escaping it. That makes SQL Injection as easy as possible! I added the mysql_real_escape_string function as an easy way to most likely avoid SQL injection. You should add this function in the INSERT statement as well.
    • You use the mysql_* functions. These are deprecated and should not be used anymore. See here. Use mysqli functions or PDO istead.
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.