Why delete query does not work in PHP?

Question

I am working on a comment system & I created a page that admins can be able to delete comments. I have coded everything & it seems to be right but I don't know why it's not working at all...

Here's the code to the admins page:

    <html>
    <head>
        <title>Admins Page</title>
    </head>
    <body>
    <?php 
    function getCM(){
        global $con;
        $get_comment = "select * from product_comments where type='0'";
        $run_comment = mysqli_query($con, $get_comment);
        while($row_comment = mysqli_fetch_array($run_comment)){
            $cmid = $row_comment["id"];
            $cmcode = $row_comment["productcode"];
            $cmemail = $row_comment["email"];
            $cmname= $row_comment["name"];
            $cmcomment = $row_comment["comment"];
            $cmdate = $row_comment["modified_date"];
            $cmtime = $row_comment["modified_time"];
            $cmtype = $row_comment["type"];

            echo "
                <div class='container'>
                  <div id='table' class='table-editable'>
                    <span class='table-add glyphicon glyphicon-plus'></span>
                    <table class='table'>
                      <tr>
                        <th>Comment ID #$cmid</th>
                      </tr>
                      <tr>
                        <td contenteditable='true'>$cmcomment</td>
                        <td>
                          <span class='table-remove glyphicon glyphicon-remove'></span>
                        </td>
                        <td>
                          <a href='delete.php?id=$cmid'>Delete</a>
                        </td>
                      </tr>

                </div>
            ";
        }
    }
    ?>
    </body>
</html>

And here's the code to delete.php page:

 <?php 
session_start();
if (!isset($_SESSION["manager"])) {
    header("location: admin_login.php"); 
    exit();
}
require '../php_includes/init/db_conx.php'; 
require '../functions/func.php'; 

    if (isset($_GET['cmid'])){
        $comment_id = $_GET['cmid'];
        mysqli_query("DELETE FROM product_comments WHERE id='$comment_id'") or die(mysql_error());
        echo "<script>alert('Comment has been deleted!')</script>";
        header("Location: product_comments.php");
    }
?>

Please if you know what's my problem please let me know that...

For errors, fix die(mysql_error()) to die(mysqli_error()), what happens when you execute the script? — William Madede, Nov 25 '15 at 14:45
You are missing `$con` in `mysqli_query("DELETE FROM product_comments...`. It should be `mysqli_query($con, "DELETE FROM product_comments...` — Sean, Nov 25 '15 at 14:48
@WilliamMadede `mysqli_error` requires the link -> `mysqli_error($con)` not `mysqli_error()` — Sean, Nov 25 '15 at 14:49
Don't put user input straight in to your queries. Always escape your data or preferably use prepared statements. Your code is open to SQL Injections. — M. Eriksson, Nov 25 '15 at 14:49
http://localhost/root/admin_area/delete.php?id=2 for example — , Nov 25 '15 at 14:53
@Fred-ii- I keep forgetting about the *Magic* setting - `ini_set('Magic', On);`. It would solve many of my codigng mistakes. :) — Sean, Nov 25 '15 at 15:12
@Sean Lordie, I love it when things are that simple ;-) seems I have some competition below. — Funk Forty Niner, Nov 25 '15 at 15:13
@Pouya ok, where are we with this question? I posted something below and made a few edits. So, check that out and read it in its entirety. There isn't much else I can say or do to further improve my answer. Good luck. — Funk Forty Niner, Nov 25 '15 at 15:15

score 4 · Answer 1 · edited May 23 '17 at 12:07

There are a few things wrong here.

You didn't connect to your query mysqli_query("DELETE...

That function requires a database connection parameter be passed.

Consult: http://php.net/manual/en/mysqli.query.php

Then mysql_error() that mysql_ function does not mix with anything other than its own API, use mysqli_error($con), assuming a successful connection with mysqli_ and $con as its variable.

Consult: http://php.net/manual/en/function.mysqli-connect.php

Your present code is open to SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

On the PHP side:

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

should there be errors elsewhere in your code.

which there is, in this part of your code:

    echo "<script>alert('Comment has been deleted!')</script>";
    header("Location: product_comments.php");

You are outputting before header, and need to remove the echo and adding exit; for the header.

Consult: How to fix "Headers already sent" error in PHP

Then this:

<a href='delete.php?id=$cmid'>Delete</a>

You are using ?id and referencing the $_GET['cmid'] array.

That bit ^ about the "id" is called "Teach a person HOW to fish".

Footnotes:

I have no idea where and how you are calling the getCM() function.

score 0 · Answer 2 · answered Nov 25 '15 at 15:10

0

the error you have is

$comment_id = $_GET['cmid'];

change it to this

  $comment_id = $_GET['id'];

toexplain whz

<a href='delete.php?id=$cmid'>Delete</a>

U called the cmid not id. hence u need to get id

answered Nov 25 '15 at 15:10

Noob

154
1
1
14

Why delete query does not work in PHP?

2 Answers2

Linked