php - DELETE mutiples table doesn't work - 


$sql = "delete t1, t2, t3, t4, t5, t6, t7     bla1 t1, bla2 t2, bla3 t3, bla4 t4, bla5 t5, bla6 t6, bla7 t7   t1.id = t2.id ,   t2.id = t3.id ,   t3.id = t4.id   ,   t4.id = t5.id ,   t5.id = t6.id ,   t6.id = t7.id ,   t1.id = {$_get["id"]}";

ok, i'll bite.

you've got sql injection hole in code
here: 

t1.id = {$_get["id"]}";  <<-- never inject php `get` sql!

see answers question: how can prevent sql injection in php?

if want webmaster, knowing sql-injection , xss 2 important things.
learn 2 things , you'll have happy customers.

back business:

mysql delete
have syntax error in delete statement.
delete not follow same syntax select.
select selects columns, delete works on rows, it's mix of metaphors mention columns in delete statement.

see here correct syntax: http://dev.mysql.com/doc/refman/5.5/en/delete.html

because did not explain in question intended do, i'll have guess. looks tying multi-table delete.
e.g. deleting rows multiple interlinked tables.
how , why tables interlinked important, did not state i'll have guess.

multi-table delete manual:

delete [low_priority] [quick] [ignore]
tbl_name[.] [, tbl_name[.]] ...
table_references
[where where_condition] 

$stmt = $pdo->prepare('delete t1, t2, t3, t4, t5, t6, t7   (t1.id = t2.id)     , (t2.id = t3.id)     , (t3.id = t4.id)       , (t4.id = t5.id)     , (t5.id = t6.id)     , (t6.id = t7.id)     , (t1.id = :id'); $id = get["id"]; $stmt->execute(array(':id' => $id));

note because you're using mysql pdo, immune sql-injection.
see here on info prepared data objects pdo


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre...
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a...
Read more