-5

I have a table and one of the columns should have a button called delete. However I have tried different code-examples but the delete button still doesn't work.

This code here shows the delete button and it works really fine:

echo '<td><a class="btn btn-default" href="delete.php?courseId='.$row['courseId'].'">Delete</a></td>';

and the next code is my delete-code:

<?php include("dbconnect.php");  
$courseId =$_GET['courseId'];
$pdo = Database::connect();
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "DELETE FROM course WHERE courseId= $courseId";

        $q = $pdo->prepare($sql);
        $q->execute(array($courseId,$courseName,$desc));
        Database::disconnect();
        header("Location: courseList.php");     
?>

Thanks in advance~

Panshi
  • 17
  • 2
  • 2
    SQL injection vulnerability... *check*. Using `GET` to delete things... *check*. See: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php and http://stackoverflow.com/questions/46585/when-do-you-use-post-and-when-do-you-use-get – Mike Jun 01 '16 at 17:31
  • Not only are you vulnerable to SQL Injection but your href is completely wrong. You should take a look about how to handle forms properly in PHP. – Takoyaro Jun 01 '16 at 17:33

2 Answers2

3
echo '<td><a class="btn btn-default" href="delete.php?courseId='.$row['courseId'].'">Delete</a></td>';

you're missing a ? indicating the start of the query params.

Tyler Sebastian
  • 9,067
  • 6
  • 39
  • 62
-1

you were close

<?php include("dbconnect.php");  
$courseId =$_GET['courseId'];
$pdo = Database::connect();
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $sql = "DELETE FROM course WHERE courseId= :courseId";

        $q = $pdo->prepare($sql);
        $q->execute(array(':courseId'=>$courseId));
        Database::disconnect();
        header("Location: courseList.php");     
?>
Monteyne Tsogoo
  • 34
  • 4
  • your solution works, but instead of just deleting one row, it deletes all rows. Do you know how to just delete one row? Thanks!:) – Panshi Jun 01 '16 at 19:51
  • it will delete every rows that has same courseId, if you need to delete only one row you have to pass primary id (unique) of your row. – Monteyne Tsogoo Jun 01 '16 at 21:01