can any one helP me with my code im trying to delete a user from the database for some reason its not working session_start(); include ('connect.php'); if (isset($_POST["submit"])){ $user = $_POST['u_name']; $pass = $_POST['pwd']; if(!$user){ echo "please enter your username. <br>"; } if(!$pass){ echo "please enter your password"; header('Refresh: 9; deleteform.php'); } if ($user && $pass){ $sql= ("DELETE * FROM user_accounts WHERE username = '$user' AND password = '$pass' "); $res = mysql_query($sql); } ELSE { echo "invalid user name and password"; } } ?> PHP:
$res = mysql_query($sql) or die(mysql_error().'<br />'.$sql); PHP: I like to put a check on mysql errors It also pays to state which line gives the error. If the PHP is running then you need to be able to test the sql - cut and paste it into phpMyAdmin and see if it makes sense there. You should be addingslashes too. What if the username was O'Brien? Your sql would be broken. Can this be run by an outsider? Then you need to get all the sql injection checks in place.
<?php error_reporting(E_ALL); session_start(); include ('connect.php'); if (isset($_POST["submit"])) { $_POST = array_map('trim', $_POST); $user = $_POST['u_name']; $pass = $_POST['pwd']; if (empty($user)){ echo "Please enter your username."; } elseif (empty($pass)){ echo "Please enter your password."; } else { $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $sql = "DELETE FROM user_accounts WHERE username = '{$user}' AND password = '{$pass}'"; if (mysql_query($sql)){ echo "Succesfully deleted {$user}"; } else { echo "Error...".mysql_error(); } } } ?> PHP: Also are your passwords which are stored in the db using any hashing function such as md5()? (as you may need to md5() $pass before executing query...)