Home/ Questions/Q 6772809
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T15:35:33+00:00

in the following code, i would like to get the row result for column

  • 0

in the following code, i would like to get the row result for column “id” as a result for $selectedmovieid. The ‘commenid’ is the primary key attribute. Sorry for not knowing how to use mysql_fetch_assoc properly.

<?php
require ("connect-comment.php");
$deleteid=$_GET['commentid'];
$query1=mysql_query("SELECT id FROM comment WHERE commentid='$deleteid'");
$selectedmovieid= mysql_fetch_assoc($query1);
$query2=mysql_query("DELETE FROM comment WHERE commentid='$deleteid'");
header("Location: reload.php?id=$selectedmovieid");
?>

EDIT 1: I will do up the security injection much later, just need to get the syntax right and get the right result. So this is what i have done so far:

<?php
require ("connect-comment.php");
$deleteid=$_GET['commentid'];
$query1=mysql_query("SELECT id FROM comment WHERE commentid='$deleteid'");
while ($selectedmovieid= mysql_fetch_assoc($query1))
{echo $selectedmovieid['id'];};
$query2=mysql_query("DELETE FROM comment WHERE commentid='$deleteid'");
header("Location: reload.php?id=$selectedmovieid");
?>

Now this doesn’t make much sense to me cos i am not parsing the correct $selectedmovieid value into the reload.php?id=

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try changing

    $deleteid=$_GET['commentid'];
// ...
header("Location: reload.php?id=$selectedmovieid");

    to

    $deleteid = mysql_real_escape_string($_GET['commentid']);
// ...
header("Location: reload.php?id={$selectedmovieid['id']}");

    Also, as Pekka rightly suggests, try reading the manual page for mysql_fetch_assoc() and reading up on SQL injection.

    As a side note, you should not use relative paths for Location: header redirects. RFC’s specify that this field should contain a full URL and, while many browsers will correctly interpret relative paths, this behaviour should not be relied upon. In other words, Location: reload.php?id=... should be Location: http://mysite.tld/reload.php?id=

    EDIT Try this complete version of your sample code:

    <?php

  require ("connect-comment.php");
  $deleteid = mysql_real_escape_string($_GET['commentid']);

  // Added LIMIT 1 to the query, because you are only using one result
  if (!$query1 = mysql_query("SELECT `id` FROM `comment` WHERE `commentid` = '$deleteid' LIMIT 1")) {
    // Do NOT show the output of mysql_error() to the user in a production environment!
    exit("Something went wrong with query 1: ".mysql_error());
  } else if (mysql_num_rows($query1) < 1) {
    exit("No results from query 1");
  }
  $selectedmovieid = mysql_fetch_assoc($query1);
  $selectedmovieid = $selectedmovieid['id']; // $selectedmovieid now contains the id you want

  if (!$query2 = mysql_query("DELETE FROM `comment` WHERE `commentid` = '$deleteid'")) {
    // Do NOT show the output of mysql_error() to the user in a production environment!
    exit("Something went wrong with query 2: ".mysql_error());
  }

  // If we get this far, everything should be fine
  // You still need a full URL here though, not a relative path...
  header("Location: reload.php?id=$selectedmovieid");

?>
    • 0