How to debug why a DELETE query is not working, in PHP?

Question

Here is the error I am receiving:

Notice: Undefined index: id in C:\EasyPHP-12.1\www\final project\book\admin\process_del_contact.php on line 9 can't Execute...

And here is my code:

$link=mysql_connect("localhost","root","")or die("Can't Connect...");

        mysql_select_db("shop",$link) or die("Can't Connect to Database...");



        $query="delete from contact where con_id =".$_GET['id'];

        mysql_query($query,$link) or die("can't Execute...");


        header("location:contact.php");

MySQL database:

con_id / con_nm / con_email /con_query

Answer 1

Some advises for the future:

• Never ever use GET parameters when you do writes in the database (yes DELETE is also a write)
• Always check the input before you pass it to the database sever (in_array, isset, array_key_exists)
• Always validate your input and cast them to the proper type manually before you use them.
• Always use prepared statements and parameter binding when you use parameters in your query.
• Do not use mysql_* functions, they are deprecated, use mysqli_* or PDO instead

The problem with your query is how you build it. You did not checked that the 'id' key exists or not in your $_GET array.

Also, please try to figure out what will happen if I send this as the 'id' GET parameter: 1 OR 1=1

+1 suggestion Do not use the root user in production environment to acces the database! Create a new user and grant the required (and only the required) permissions.

Answer 2

Try adding single quotes within the query:

$query="delete from contact where con_id ='" . $_GET['id'] . "'";

Answer 3

make it simplier, try to make new variable for 'id' :

$id = $_GET["id"];
$query = mysql_query ("delete from contact where con_id = '$id'");
if($query) {
    echo "deleting data success";
} else {
    echo "deleting data failed".mysql_error();
}

and make sure your code is connected with the database. sorry bad english