0

i cannot seem to create a delete button to delete specific items from my database. i have create a database to store images in images table:

enter image description here

the images will appear in my shop.php and from there, i want to create a delete button where i can delete the images from the database.

snippet of my shop.php:

<?php

while ($row = mysqli_fetch_array($result))
{

    echo "<div class='col-sm-4'>";
    echo "<div class='product-image-wrapper'>";
    echo "<div class='single-products'>";
    echo "<div class='productinfo text-center'>";

    echo "<div id='img_div'>";
    echo "<img height='250' src='images/".$row['image']."' >";
    echo " <h2>$56</h2>";
    echo "<p>".$row['image_text']."</p>";
    echo "</div>";
    echo "<div class='choose'>";
    echo  "<ul class='nav nav-pills nav-justified'>";
    echo  "<li><a href=''><i class='fa fa-plus-square'></i>Add to wishlist</a></li>";
    //echo  "<li><a href=''><i class='fa fa-times'></i>Delete</a></li>";
    echo "<li><a href='delete.php?id=" . $row['id'] . "'><i class='fa fa-times'></i>Delete</a></li>";
    echo  "</ul>";
    echo  "</div>";
    echo "</div>";
    echo "</div>";
    echo "</div>";
    echo "</div>";

}
?>

and here is my delete.php:

<?php
if (is_int($_GET["id"]) {
    $query = "DELETE FROM images WHERE id = " . $_GET["id"];
    $result = mysqli_query($con, $query);
    // Check the result and post confirm message
}
?>
aynber
  • 22,380
  • 8
  • 50
  • 63
Naem Jin
  • 1
  • 1
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Oct 18 '17 at 16:59
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Oct 18 '17 at 16:59

0 Answers0