Better to use get then request, for people who don't know why the above script doesn't work:
if($_GET['action']=="del")
{
$query = mysql_query("DELETE FROM `guestbook` WHERE `id`='{$_REQUEST['id']}'")or die(mysql_error());
}
That should do it.
not that there aren't enough replies to this, but i thought i would explain what Nile meant by his reply
$_REQUEST['id']
$_REQUEST is a super global variable inherent to the PHP language, meaning that its always available. If you have done any work with PHP or virtually any web scripting language you probably have heard the term GET or POST method, well the REQUEST method is in the same categorization as those, except has a broader scope. Meaning that REQUEST will capture any data that is sent through both the GET or POST method, however it will also capture data from the COOKIE as well. Personally I never like to use REQUEST, because it is too vague and has the potential to catch a lot more "garbage" (malicious) code.
I would suggest that instead you use either $_POST['id'] or $_GET['id'] because those are specific to the script and location of the variable you are trying to access. If you were doing this "delete" through a link on every post, it would probably be alot easier to use the GET method, because its embedded right into the url... eg
<a href="http://domain.com/delPost.php?id=34509834009128340">Delete Post</a>
where as if you were to do it as a slightly more secure, but not really POST method, it would look something along the lines of
<form name="something" action="http://domain.com/delPost.php" method="POST">
<fieldset>
<input type="hidden" name="id" value="34509834009128340">
<input type="submit" name="submit" value="Delete Post">
</fieldset>
</form>
as you can see... just in sheer coding, its probably easier to do with the link (GET) method.