Try WHERE EntryID IN (" . implode ($dele, ',') . ")"


1) Anybody could fake a form post or query url to delete any data in
your database
2) It would also be possible to create a more dangerous post that could
give the attacker control over your entire database

Thus, I assume that you will want to put a *lot* of checking around that


On Mon, 2002-10-07 at 16:05, Davy Obdam wrote:
> Hi people,.
> I have a guestbook admin page were i would like to delete one item or
> more items from the database if necessary. I have modified my normal
> guestbookpage so that it has checkboxes in front of every entry. This is
> my code:
> <input type=\"checkbox\" name=\"dele[]\" value=\"".$sql['entryID']."\">
> Now i can select multiple items. But i have tried to delete em, but it
> only deletes one item from the database, my query looks like this :
> DELETE  FROM gastenboek WHERE entryID=$dele . Can anyone help me. Thanks
> for your time.
> Best regards,
> Davy Obdam,
> -- 
> PHP General Mailing List (
> To unsubscribe, visit:

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to