0

I have displayed an html table with user information for admin viewing. I created a link/icon to delete the specific user(row) but i am receiving a 500 internal server error.

Their is another similar question on here that got me pretty far but i am still receiving errors

My table:

$query = "SELECT zone, firstname, lastname, email, business, reg_date, phone FROM UserList";
      // Display users is a table format
      $result = $conn->query($query);
      if ($result->num_rows > 0) {
          // output data of each row
          while($row = $result->fetch_assoc()) {
              echo "<tr><td> " . $row["zone"]. "</td><td> " . $row["firstname"]. "</td><td> " . $row["lastname"] . "</td><td> " . $row["email"]. "</td><td> " . $row["business"]. "</td><td> " . $row["reg_date"]. " <a class='deleteRow' id='.$row->id.' href=''><i class='fa fa-times' aria-hidden='true'></a></td></i></tr><br> ";
          }
      } else {
          echo "<div class='no_results'>No Users Added</div>";
      }

My jQuery/Ajax:

$(function(){
    $(document).on('click','.deleteRow',function(){
        var del_id= $(this).attr('id');
        var $ele = $(this).parent().parent();
        $.ajax({
            type:'POST',
            url:'removeUser.php',
            data:{'del_id':del_id},
            success: function(data){
                 if(data=="YES"){
                    $ele.fadeOut().remove();
                 }else{
                        alert("can't delete the row")
                 }
             }

            });
        });
});

My removeUser file:

<?php
include('config.php');
$user_id = $_POST['del_id'];
//echo $user_id
$qry = "DELETE FROM UserList WHERE id = '$user_id'";
$result = mysql_query($qry);
if(isset($result)) {
  echo "YES";
} else {
  echo "NO";
}
?>

Why am i getting a 500 internal server error and how can i fix it? Thanks.

DLzer
  • 159
  • 11
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 25 '17 at 16:37
  • Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky May 25 '17 at 16:38
  • Since you got already solution with some good advice I will give you another advice that when you encounter any problem, investigate it according to error message. In this case you got 500 status code and there you go. Take a look at this [WHY AM I GETTING A 500 INTERNAL SERVER ERROR MESSAGE?](https://mediatemple.net/community/products/dv/204644990/why-am-i-getting-a-500-internal-server-error-message) – Orgil May 25 '17 at 17:09
  • Thank you Munkh, i just bookmarked that! – DLzer May 25 '17 at 17:50

1 Answers1

0

Multiple Issues:

1 Update your select query to get id from table 

$query = "SELECT id, zone, firstname, lastname, email, business, reg_date, phone FROM UserList";

2 $row is an associative array not an object`

<a class='deleteRow' id='.$row['id'].'>

3 no need to use single quote with integer values

$qry = "DELETE FROM UserList WHERE id = $user_id";

Note: You should use Mysql PDO prepared statements to avoid SQL Injection like below:

$con =  new PDO( "mysql:host=".$dbHost.";"."dbname=".$dbName, $dbUsername, 
$dbUserPassword); 
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$qry = "DELETE FROM UserList WHERE id = ?";
$q = $con->prepare($qry);

$response = $q->execute(array($user_id));
Mahesh Singh Chouhan
  • 2,558
  • 1
  • 16
  • 26