My php script shows results as deleted, yet phpmyadmin shows results still

Question

I wrote a script for someone where they can easily delete quiz results from a database. The general gist of the script is user enters a username, php script queries the database for quiz results pertaining to the username. Then displays results

User can click delete link. Once this link is clicked, the results are then deleted and the database is re-queried showing updated results.

Everything seems to work fine on this end until I log into phpMyadmin to see that none of the results were deleted.

Question is can this be something wrong with the database itself? Or PHPmyAdmin?

Is there something wrong with how I'm doing my script?

Here is my code in this text file: http://andreawine.ladev.co/code-example.txt

Answer 1

$query1 = "DELETE FROM aw_wpsqt_user_data WHERE quizID='".$_GET['quizID']." AND username='".$_GET['username']."'";

It appears that this line is missing a closing quotation mark around quizID. Try correcting it to be:

$query1 = "DELETE FROM aw_wpsqt_user_data WHERE quizID='".$_GET['quizID']."' AND username='".$_GET['username']."'";

I should also mention that this isn't exactly the safest way to delete information, since it appears that I could use SQL injection for most of these fields (especially considering these $_GET variables appear on the URI! Take a look at http://codex.wordpress.org/WordPress_Coding_Standards#Formatting_SQL_statements for WordPress's standards for SQL statements.