0

I am doing a system with php code,But delete function with SQL is not working.I don't know why it happens.

Below is my code:

function deleteEmployee($params)
{
    $tid = $_SESSION['tmid'];
    $data = array();
    //print_R($_POST);die;
    $sql = "delete from `cusinfo` WHERE TICKET_ID='".$params["id"]."' AND AGENT_CODE_STAFF_ID IN (SELECT id FROM `users` where tm_groupid = '$tid')";
    echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");
}
Shanu k k
  • 1,235
  • 2
  • 18
  • 43
Qiu Xue
  • 163
  • 12
  • 1
    "cannot works" is not a problem description. _Why_ doesn't it work? – HoneyBadger Jun 01 '17 at 06:00
  • 2
    replace the `die` string with `mysqli_error($this->conn)`. It should tell you if there is a mysql error – Jelmergu Jun 01 '17 at 06:06
  • @Jelmergu , It still show nothing while I click delete – Qiu Xue Jun 01 '17 at 06:43
  • @Jelmergu , Sorry , you have solve my problem.I just replace die with `mysqli_error($this->conn)` , then it work properly – Qiu Xue Jun 01 '17 at 06:47
  • Thankyou for helping me:) – Qiu Xue Jun 01 '17 at 06:48
  • it didn't give a error? Do note though that the or might have unexpected results. After trying `echo $test = "hello" or die("test");` there was a 1(true) displayed on the screen! not hello or test, meaning that your problem could still be unresolved – Jelmergu Jun 01 '17 at 07:00

2 Answers2

1
echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");

In above line you are execution query and echo it. But if it is not executed you are echo your own message. This will prevent you from actual error message. And if the row that you are going to delete from TICKET_ID not exsist you cannot see it, you only see your message "error to delete employee data".

To solve this:

echo mysqli_error($this->conn);

This will give you connection error.

Or:

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
if ($result) {
    echo "Record deleted successfully";
} else {
    echo "Error deleting record: " . $conn->error;
}

Many many function have to handle these errors. stackoverflow question, php manual and this.

Blasanka
  • 21,001
  • 12
  • 102
  • 104
1

The problem probably is in the line echo $result = mysqli_query($this->conn, $sql) or die("error to delete employee data");

As I said in one comment, replacing the die string with mysqli_error($this->conn) should display an error.

However after some testing I found that assigning a variable in a echo might give strange results, i test echo $test = "hello" or die("test"); and found that neither hello nor test was displayed on the screen, but 1 was displayed, which probably was the boolean true.

A better way to see if the query was executed could be:

    //other code that stayed the same
    $statement = mysqli_prepare($this->conn, "delete from `cusinfo` WHERE TICKET_ID=? AND AGENT_CODE_STAFF_ID IN (SELECT id FROM `users` where tm_groupid = ?)");
    $statement = mysqli_stmt_bind_param($this->conn, $params['id'], $tid); //
    $sql = msyqli_stmt_execute($statement); // returns either true or false
    if ($sql === true) {

        echo "Successfull"; // executing successfull code
    }
    else {
        var_dump(mysqli_stmt_error_list($statement)); // handling error
        die;
    }

This will handle some sql errors in a way that is expected(they are 'dumped and died').

Using prepared statements the correct way will mean that most sql injections are able to be stopped, and with a DELETE query, you want to make sure that sql injections are stopped.

Note: I am no expert on sql injections
Note 2: I would have used PDO for prepared statements though, it seems to me to be much more logical to work with

Jelmergu
  • 973
  • 1
  • 7
  • 19