DELETE statement php MySQL

Question

I need some help with my code, When I click the submit code it always says "User successfully kicked". However, the query is not executed successfully, the user is still in the database.

edit: Fixed mysql/msqli problem. Query now answers "Something went wrong" in stead of "User successfully kicked". But I wont get any errors from the mysql_error report. What could I do?

include 'connect.php';

if(empty($_POST['user_id'])) 
    {
            echo '<form method="post" action="">
                  User_id: <input type="text" name="user_id" />
                 <input type="submit" value="Kick user" />
                 </form>';

    }
    else 
    {
        $sql = "DELETE FROM users
                WHERE 
                user_id = '" .mysqli_real_escape_string($_POST['user_id']) . "'
                ";

        $result = mysqli_query($con, $sql);
        if($result)
        {
            //something went wrong, display the error
            echo 'Something went wrong!.';
            echo mysqli_error(); //debugging purposes, uncomment when needed
        }
        else
        {
            echo 'User successfully kicked!';
        }
    }

My connect.php looks like this:

<?php
$con=mysqli_connect ("localhost","root","","dps");
if (mysqli_connect_errno()) {
echo "failed to connect mysql: ". mysqli_connect_error();
}
?>

Your SQL string is made in the wrong block of the `if ... else ...` statement. — KIKO Software, Feb 06 '15 at 13:32
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Feb 06 '15 at 13:33
When adding error reports at the top i won't get errors. Also my database seems to work propper on other pages i made. Thanks for helping so far! — Maikel, Feb 06 '15 at 13:51

Bart Haalstra · Accepted Answer · 2015-02-06T14:02:56.047

You are setting your $sql var in the if part and try to access it in the else part. This does not work. Also you are mixing libraries which is bad (mysql is not the same as mysqli, use mysqli because mysql is deprecated and will be removed from php)

include 'connect.php';

if(empty($_POST['user_id'])) 
{
        echo '<form method="post" action="">
              User_id: <input type="text" name="user_id" />
             <input type="submit" value="Kick user" />
             </form>';

}
else 
{
    $sql = "DELETE FROM users
            WHERE 
            user_id = '" .mysqli_real_escape_string($con, $_POST['user_id']) . "'
            ";

    $result = mysqli_query($con, $sql);
    if(!$result)
    {
        //something went wrong, display the error
        echo 'Something went wrong!: ';
        echo mysqli_error($con) //debugging purposes, uncomment when needed
    }
    else
    {
        echo 'User succesfully kicked!';
        mysqli_free_result($result);
    }
}

You may need to alter connect.php to use mysqli

Edit: There where some errors they should be fixed now

Read up on http://php.net/manual/en/mysqli.real-escape-string.php then modify your answer accordinly ;-) — Funk Forty Niner, Feb 06 '15 at 14:00

score -1 · Answer 2 · answered Feb 06 '15 at 13:35

-1

Add :

$result = mysqli_query($con, $sql);

After :

$sql = "DELETE FROM 
                    users
                WHERE 
                    user_id = '" . mysql_real_escape_string($_POST['user_id']) . "'
                ";

answered Feb 06 '15 at 13:35

Mohammad

28
2
7

Not your DV, but if mysqli is in use, parameter binding would probably be better. Your escaping function is incorrect, too - don't mix `mysql` with `mysqli` functions. – halfer Feb 06 '15 at 13:36
2

@halfer actually, adding an `i` and passing DB connection needs to be done. But parametrized is better. – Funk Forty Niner Feb 06 '15 at 13:37
Another tip @Maikel: remember that the phrase "it doesn't work" on its own doesn't give people anything new to respond to. Try to be more detailed about the problem instead. – halfer Feb 06 '15 at 13:40

DELETE statement php MySQL

2 Answers2