PHP to delete a row from mysql database

Question

I have a PHP that I am unable to get it to work. Its function is to connect to my db and delete the input email address from the database. But for some reason, the result is always "Data Not Deleted". I am sure of all the details like db connect details and columns names etc. still the code doesn't work.

Code:

<?php

// php code to Delete data from mysql database 

if(isset($_POST['delete']))
{
    $hostname = "localhost";
    $username = "root";
    $password = "";
    $databaseName = "newsletter";

    // get id to delete
    $email = $_POST['email'];

    // connect to mysql
    $connect = mysqli_connect($hostname, $username, $password, $databaseName);

    // mysql delete query 
    $query = "DELETE FROM `email_user` WHERE `email` = $email";

    $result = mysqli_query($connect, $query);

    if($result)
    {
        echo 'Data Deleted';
    }else{
        echo 'Data Not Deleted';
    }
    mysqli_close($connect);
}

?>

<!DOCTYPE html>

<html>

    <head>

        <title> PHP DELETE DATA </title>

        <meta charset="UTF-8">

        <meta name="viewport" content="width=device-width, initial-scale=1.0">

    </head>

    <body>

        <form action="unsub.php" method="post">

            ID TO DELETE:&nbsp;<input type="text" name="email" required><br><br>

            <input type="submit" name="delete" value="Clear Data">

        </form>

    </body>

</html>

Please point out what I am doing wrong in here?

Thanks

Answer 1

You need to add quotes around $email in your query as it is a string.

$query = "DELETE FROM `email_user` WHERE `email` = '$email'";

Note:- Your code is wide-open for SQL INJECTION.You have to use prepared statements

Help reference:-

mysqli::prepare

PDO::prepare

Answer 2

Try modifying the query to following:

"DELETE FROM `email_user` WHERE `email` = '$email'"