Select quray is working but delete query not working.

<table border="1", align="center", width="98%", margin="auto", cellpadding="auto"> 
<caption><h2>View News</h2></caption> 
<th><input type="Submit" name="" value="Delete"></th> 
<th> S.No. </th> 
<th> Title</th> 
<th> Description</th> 
<th> Delete</th> 
<th> Edit</th> 
</tr> <?php
            $sel="select * from add_news";
            while ($fetch=mysql_fetch_array($exe)) {
            <td><input type="checkbox" name=""></td> 
            <td> <?php echo $fetch ['news_id']; ?> </td> 
            <td> <?php echo $fetch ['news_title']; ?> </td> 
            <td> <?php echo $fetch ['news_description']; ?></td> 
            <td> <?php
                        if (isset($_GET['id'])) {
                        $del="DELETE FROM add_news WHERE news_id=$id";
                        $query1 = mysql_query("select * from employee where news_id=$id");
                            while ($row1 = mysql_fetch_array($query1)) {
                        echo "<a href=\"http://localhost/website1%20-%20Copy/admin/viewnews.php?id=
                        $fetch ['news_id']\"> 
                        ?> </td> 
                        <td> Edit</td> 


                        <?php } ?> 
                        </table>Inline Code Example Here

Recommended Answers

All 2 Replies

Firstly, check that $id is an actual value. Also check if the user you're accessing the database as has delete privileges.
The table, depending on dtaabase design, could also have constraints that are preventing the delete from working.

Secondly, unless you're validating the id parameter before appending it to your SQL query, you're vulnerable to SQl injection attacks.
NEVER add un-verified inputs to an SQL query. That's a piece of advice that'll save you a lot of heartache one day.

This code has numerous problems. Number one, it is dangerous, obsolete code that has been completly removed from Php and will not work at all in current versions of PHP. You are wide open to an SQL Injection Attack and are potentially compromising the entire server and worse. If you have this online you need to take it down immediatly. If you have not already been hacked it is only a matter of time.

You are using obsolete HTML. We use HTML5 these days. You are using obsolete Mysql code. You need to use PDO with prepared statements.

We format pages with CSS now.

You NEVER EVER put variables in a query. You have no checks whatsoever. Anyone could easily wipe out your entire database.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.