PHP/SQL deleting data from tables

Question

I'm currently struggling with my code. I want to delete certain row from my table, but I can't figure out what's wrong.

This is my .php for delete function:

<?php 
$connect = mysqli_connect("localhost", "root", "", "produktai") or die (mysql_error());
mysqli_select_db($connect,'dazai');
if (isset($_GET['recordID']))
{
    $id = $_GET['recordID'];
    $query = "DELETE FROM dazai WHERE id = '$id'";
    header("refresh:0; url=Dazai.php");
}
else
{
    echo "Not Delete";
}
?>

That's my main .php:

<?php
session_start();
if(!isset($_SESSION['uid']))
{
   header("Location:signup.php");
}
$connect = mysqli_connect("localhost", "root", "", "produktai");
$query = "SELECT * FROM dazai ORDER BY id ASC";
$result = mysqli_query($connect, $query);
if(mysqli_num_rows($result) > 0) 
{
    while($row = mysqli_fetch_array($result))
    {
?>
  <tr>
    <td><?php echo $row['id'];?></td>
    <td><?php echo $row['pavad'];?></td>
    <td><?php echo $row['Gamintojas'];?></td>
    <td><?php echo $row['Spalva'];?></td>
    <td><?php echo $row['Kiekis'];?></td>
    <td><?php echo $row['Blizgumas'];?></td>
    <td><?php echo $row['Kaina'];?>€</td>
    <td><?php echo $row['Kategorija'];?></td>
    <td><?php echo $row['sandely'];?></td>
    <td><a href="delete.php?recordID=<?php echo $row['id'];?>">X</a>
  </tr>
<?php
    }
}
?>

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 23 '17 at 16:31

score 1 · Answer 1 · answered May 23 '17 at 16:34

1

$query = "DELETE FROM dazai WHERE id = '$id'";
$result = mysqli_query($connect, $query);

answered May 23 '17 at 16:34

Exprator

26,992
6
47
59

try printing the id you are recieving, check if its blank or not – Exprator May 23 '17 at 16:38

score 1 · Accepted Answer · answered May 23 '17 at 16:40

1

You probably don't want this...

 mysqli_select_db($connect,'dazai');

as it is changing the database you are connected to.

answered May 23 '17 at 16:40

Nigel Ren

56,122
11
43
55

score 0 · Answer 3 · answered May 23 '17 at 16:38

You miss to run the query and connect to bd in your delete.php file

Try this:

$connect = mysqli_connect("localhost", "root", "", "produktai");

if (isset($_GET['recordID'])) {
$id = $_GET['recordID'];

$query = "DELETE FROM dazai WHERE id = $id";
mysqli_query($connect, $query);

header ("refresh:0; url=Dazai.php");
}

else {
echo "Not Delete";
}
?>

PHP/SQL deleting data from tables

3 Answers3