0

I stored some products using multiple tables to insert different elements (one table is for title and description, another for images, etc). I know how I can select together everything using inner join by a variable called $codrif, and it works.

But now I have to put a delete option in each product and delete all records in three tables with the same variable $codrif.

I tried this code but it's not working:

Product page:`

    ...
  echo '<td><a href="delete.php?codrif=' . $row['codrif'] . '">Delete</a></td>';
    ...

delete.php

    <?php


// check if the 'codrif' variable is set in URL, and check that it is valid
 if (isset($_GET['codrif']))
 {
 // get codrif value
 $codrif = $_GET['codrif'];


$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

// sql to delete a record
$sql = "DELETE FROM singleimageupload, uploads, exposition
 USING exposition
    INNER JOIN singleimageupload ON singleimageupload.codrif = exposition.codrif
    INNER JOIN uploads ON uploads.codrif = exposition.codrif
    WHERE exposition.codrif=$codrif";

if ($conn->query($sql) === TRUE) {
    echo "Record deleted successfully";
} else {
    echo "Error deleting record: " . $conn->error;
}

 }

$conn->close();
?>

Any suggestion?

James69
  • 229
  • 1
  • 6
  • 17
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 12 '17 at 14:35
  • I assume you dont have any foreign key constraint setup so that a delete of a product would cascade the delete to all appropriate subordiate rows in other tables? – RiggsFolly May 12 '17 at 14:37
  • Are you getting any error when deleting? – Masivuye Cokile May 12 '17 at 14:38
  • 1
    *"I tried this code but it's not working"* - So what did PHP's error reporting and `echo "Error deleting record: " . $conn->error;` show you? You never said what wasn't working. And where is `$row['codrif']` coming from? – Funk Forty Niner May 12 '17 at 14:40
  • and what's the value of `$codrif`, is it an integer or a string? edit: you can @ me if you want; I left the question. Look into your possible errors. – Funk Forty Niner May 12 '17 at 14:41
  • I got this error: "Error deleting record: Unknown column 'P003' in 'where clause'" – James69 May 12 '17 at 14:50
  • P003 is a codrif – James69 May 12 '17 at 14:50

0 Answers0