I have two pages, the first shows all items from a particular field in a MySQL database:
DatabaseEntries.php
<?php
include('connect.php');
$result = mysqli_query($db, "SELECT * FROM names")
or die(mysqli_error($db));
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>Firstname</th> <th>lastname</th> <th>Email</th><th></th> ";
while($row = mysqli_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['firstname'] . '</td>';
echo '<td>' . $row['lastname'] . '</td>';
echo '<td>' . $row['email'] . '</td>';
echo '<td><a href="delete.php?email=' . $row['email'] . '">Delete</a></td>';
echo "</tr>";
}
?>
the second page contains the delete function:
Delete.php
<?php
include('connect.php');
// check if the 'id' variable is set in URL, and check that it is valid
if (isset($_GET['email']) )
{
// get id value
$email = $_GET['email'];
// delete the entry
$result = mysqli_query($db, "DELETE FROM names WHERE email=$email")
or die(mysqli_error($db));
// redirect back to the view page
header("Location: DatabaseEntries.php");
}
else
// if id isn't set, or isn't valid, redirect back to view page
{
header("Location: Error.php");
}
?>
I get the following error when trying to delete an item from the database:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 1
Can anyone tell me why? and what to do to fix it?
Thanks
