0
votes

Warning: A non-numeric value encountered in /home/u914452720/domains/e-gilius.com/public_html/system/storagefnpzt1uybylm/modification/admin/model/catalog/manufacturer.php on line 349Warning: A non-numeric value encountered in /home/u914452720/domains/e-gilius.com/public_html/system/storagefnpzt1uybylm/modification/admin/model/catalog/manufacturer.php on line 349

I get this error when I execute delete function: admin/controller/catalog/manufacturer_download.php

function delete(){
        // var_dump("I AM IN DELETE");
        $this->load->model('catalog/manufacturer');
        $postData = array();
        if(isset($_POST['submitdelete'])){
            //  var_dump("DELETE SUBMITTED");
            $entryID = $_POST['entryID'];// <-- gotta protect from sql injection.
            //  var_dump($entryID);
            $this->model_catalog_manufacturer->deleteManufacturersDownload($entryID);
        }
    }

If I var_dump($entryID) it gives result: string(1) "5"

admin/model/catalog/manufacturer.php

public function deleteManufacturersDownload($id){
        $this->db->query("DELETE FROM ". DB_PREFIX . "manufacturer_downloads WHERE id =" + "'"+$id+"'");
        return "success";
    }

Where I made mistake?

2
Try to change your $id to (int)$id in your query - K. B.
Use parameterized queries instead of concatenating the values to the query string. - sticky bit

2 Answers

1
votes

You are mixing up the string concatenation:

change

$this->db->query("DELETE FROM ". DB_PREFIX . "manufacturer_downloads WHERE id =" + "'"+$id+"'");

to

$this->db->query("DELETE FROM ". DB_PREFIX . "manufacturer_downloads WHERE id =" . "'" . $id . "'");

The error comes from trying to add string and numbers together:

echo "FOO" + 1337; // Warning:  A non-numeric value encountered in[...]
1
votes

You are using + in query that is wrong not need that use following code

$this->db->query("DELETE FROM ". DB_PREFIX . "manufacturer_downloads WHERE id = '$id'");