I have this in PHP :

$dbo = new PDO("mysql:host=$host;dbname=$database", $user, $pass, $options);
$q4 = "DELETE FROM categories WHERE categories.Title = 'titletodelete'";
$dbo->exec($q4);

this works, however when I try to use a variable :

$dbo = new PDO("mysql:host=$host;dbname=$database", $user, $pass, $options);
$q = $_REQUEST["q"];
$q4 = "DELETE FROM categories WHERE categories.Title = '$q'");
$dbo->exec($q4);

it fails.

I have tried everything, help, please!

You have a stray closing parenthesis on the third line of your second snippet.

Research error reporting in PHP. You should consider configuring PHP to either display or log errors, depending on your environment and what works best for you:

https://www.php.net/manual/en/function.error-reporting.php
https://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors
https://www.php.net/manual/en/function.ini-set.php
https://www.php.net/manual/en/configuration.file.php

Others may be quick to point out the SQL injection vulnerability. This can be mitigated by using PDO quote or prepare, of which I am sure will follow shortly after this PHP/SQL exercise.

https://www.php.net/manual/en/pdo.quote.php​
https://www.php.net/manual/en/pdo.prepare.php​

I looked at the access logs and saw that the url was this :

deleteRow.php?q=%20selecteditem

So, doing this :

var e= document.getElementById("dropDown1");

var var1 = e.options[e.selectedIndex].text;

var xmlhttp = new XMLHttpRequest();

xmlhttp.onreadystatechange = function() {

if (this.readyState == 4 && this.status == 200) {

}

};

xmlhttp.open("GETddeleteRow.php?q=" + var1 , true);

xmlhttp.send();

the url worked as :

deleteRow.php?q=selecteditem

Before, it was this:

var var1 = e.options[e.selectedIndex].value;

Thanks!

Josheir