2

I am new to PHP and I have taken up an online tutorial, till now I had been working fine but now my database is not returning the query, though when I go to PHPmyadmin there I can get the query working fine.

Following is the code

    <?php 
ob_start();
//Delete Item question to admin and delete product

include"../storescripts/connect_to_mysql.php";

if (isset($_GET['deleteid'])) {
    echo 'Do you really want to delete the item with ID '.$_GET['deleteid'].'?<a href="inventory_list.php?yesdelete='.$_GET['deleteid'].'">Yes</a>|<a href="inventory_list.php">No</a>';
    exit();
    } 

if(isset($_GET['yesdelete'])){
    // Delete the actual product and delete picture also
    //delete from database
    //$id_to_delete = $_GET['yesdelete'];
    //echo  $id_to_delete;

     $sql =mysqli_query( "DELETE * FROM `products` WHERE `id`=2  LIMIT1 ");

    //mysql_query("DELETE * FROM `products` WHERE `id`='$id_to_delete'LIMIT1") or (mysql_error());

    //mysqli_query("DELETE * FROM products WHERE id=`$id_to_delete`LIMIT1");// or (mysql_error());

    //Unlink file from server
    $pictodelete=("../inventory_images/$id_to_delete");
    //echo $pictodelete;
    if(file_exists($pictodelete)){
        unlink($pictodelete);
        }

        header("location:inventory_list.php");
        exit();

    }   


?>

I would really appreciate the help, my server reads PHP Extension :mysqli .

user2736738
  • 30,591
  • 5
  • 42
  • 56
Raj Kumar
  • 21
  • 2
  • 2
    `LIMIT1` should probably be `LIMIT 1`, with a space... – vektor Mar 15 '15 at 11:09
  • **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. **Danger**: This code is [vulnerable to XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)). User input needs escaping before being inserted into an HTML document!. – Quentin Mar 15 '15 at 11:11

3 Answers3

1

i dont know what is inside connect_to_mysql.php but at first there is a procedure to connect to a database which i am assuming that you have done correctly, it consist of code which looks something like that at default settings

<?php
$servername = "localhost";
$username = "root";
$password = "";
$databasename="abc";

// Create connection
$conn = mysqli_connect($servername, $username, $password,$databasename);

// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
echo "Connected successfully";
?>

the second things i see in your code

$sql =mysqli_query( "DELETE * FROM `products` WHERE `id`=2  LIMIT1 ");

it contains syntax errors,it should be

$sql =mysqli_query( $conn,"DELETE FROM `products` WHERE `id`=2  LIMIT 1 ");
Maaz Rehman
  • 674
  • 1
  • 7
  • 20
0

A space after Limit.

You have not specified the connection in mysqli_query() function.

eg:

<?php
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

// Perform queries 
mysqli_query($con,"SELECT * FROM Persons");
mysqli_query($con,"INSERT INTO Persons (FirstName,LastName,Age) 
VALUES ('Glenn','Quagmire',33)");

mysqli_close($con);
?>

In your case

$sql =mysqli_query( $connectionname,"DELETE * FROM `products` WHERE `id`=2  LIMIT 1 ");
Antony
  • 512
  • 2
  • 18
0

Error at query : $sql =mysqli_query( "DELETE * FROM products WHERE id=2 LIMIT1 ");

  • replace DELETE * FROM products with DELETE FROM products.DELETE delete row from table.
  • Procedure like mysqli_query takes at least two argument
    1. Link identifier returned form mysqli_connect
    2. Query string

And you haven't specified link as first arguments you should use returned link in to mysqi_query. 

$con = mysqli_connect('localhost','root','password','db');
$sql =mysqli_query( $con,"DELETE FROM `products` WHERE `id`=2  LIMIT1 ");

This link helps you link mysqli_query

logsv
  • 544
  • 6
  • 17