Broomer Broomer - 7 months ago 10
HTML Question

delete from database not working using php

if(isset($_POST['submit']))
{
$Team = $_POST['Team'];
echo "$Team" ;
$sql = "DELETE FROM championsleauge WHERE Team = $Team ";
if($con->query($sql) === TRUE)
{
echo "New delete successfully";
}

}


the delete is not working. it does echo the team name to be deleted any ideas?

Answer

This does not answer your question, but it can open your eyes!

DELETE FROM championsleauge WHERE Team = $Team

Send this value to your POST variable named Team

5 OR 1=1

It will become

DELETE FROM championsleauge WHERE Team = 5 OR 1=1

And there you go, no more champion leagues!

BTW, your error is a simple typo. String values need to be quoted. Then you have no error checking at all. Then you need to go through

How can I prevent SQL-injection in PHP?