0

The following code is not working even though I've tested it by putting this on the page alone. To make this clear just after this query I'm doing a select query to display all the user in the DB.

$db->query("DELETE FROM Projet_Client WHERE username = '$_GET[d]'");
echo "<div class='alert alert-success text-middle'><strong>Succès</strong>, le 
client a été supprimé.</div>";

Here is the "echo" of the query to show you how it looks like : 

DELETE FROM Projet_Client 
WHERE 
username = 'a75ea99ce47306ec259d4c905bb9c3f762a531ee'

(I'm using my sql). Thank you.

I changed the code ant it looks like this :

    $db->setAttribute(PDO::ATTR_EMULATE_PREPARES,false);
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
    try {
        $stmt = $db->prepare('DELETE FROM Projet_Client WHERE username= :username');
        $stmt->bindParam(':username', $_GET['d']); 
        $stmt->execute();

    } catch(Exception $e){
            echo 'Exception -> ';
            var_dump($e->getMessage());
    }

However no exception are being throw.

The problem has been solved. I had to change the constraint with the foreign key : ON DELETE = CASCADE

Maneta Alexandre Maneta
  • 1
  • 1
  • 2
    Your code is vulnerable to [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [mysqli](https://secure.php.net/manual/en/mysqli.prepare.php) or [PDO](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). –  Apr 23 '18 at 07:08
  • `$_GET[d]` is not valid? it should be `$_GET['d']` or `$_GET["d"]`. As Dominik already mentioned you should use prepared statements to do this. – Sebastian Brosch Apr 23 '18 at 07:10
  • 1
    @SebastianBrosch As `$_GET` is in quotes no need to add quotes in index – B. Desai Apr 23 '18 at 07:11
  • @B.Desai - thank you for explanation. I tried this it is really working. I never used this that way :D - Learning everyday... – Sebastian Brosch Apr 23 '18 at 07:15
  • May be a typo in the original - but is 'Projet_Client' correct? – Nigel Ren Apr 23 '18 at 07:17
  • @NigelRen Yes, or should I say 'Oui', if you speak French. – Paul Campbell Apr 23 '18 at 07:26
  • If you try to use a prepare `$stmt = $db->prepare('/your query/ where username = :username')`, `$stmt->bindParam(':username', $_GET['d'])`, `$stmt->execute();`, is the delete working or not? Or do you have a db connection problem? – Mickaël Leger Apr 23 '18 at 07:52
  • Thanks for your help, I did use prepared statement before that and I checked for typos in request. I even added "`" to the query to see if this would change something. The only time this query worked is when it was alone in the page. So my conclusion is that there is something that I can't do if DELETE query is done. – Maneta Alexandre Maneta Apr 23 '18 at 08:27
  • Well, he cant go into the DELETE condition, because $GET[d] isnt defined -> he skips. if(iset($GET['d'])) should do it here. – Celebrombore Apr 23 '18 at 11:13
  • @Celebrombore it does validate that condition because the div inside is showing properly – Maneta Alexandre Maneta Apr 23 '18 at 12:39
  • Oh ok :D Is your a href right then? So does it show the correct values? – Celebrombore Apr 23 '18 at 12:52
  • @Celebrombore i think yes because the sql query in my post is done via the echo function after i clicked the href :( – Maneta Alexandre Maneta Apr 23 '18 at 14:09
  • Does the mysql user account used in the PDO connection have delete privilege on the specified table? Since you use [`$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);`](http://php.net/manual/en/pdo.error-handling.php) an `Exception` will not be thrown. I suggest setting it to throw an exception replacing `PDO::ERRMODE_WARNING` with `PDO::ERRMODE_EXCEPTION` so you can see the error messages. – Will B. Apr 23 '18 at 16:46

1 Answers1

0

Are you sure that the query is being executed properly ? Your query looks okay to me.

Maybe you can try to echo the error (if there is one) by using this : 

if ($conn->query($sql) !== false) {
echo "Record deleted successfully";} else {
echo "Error deleting record: " . $conn->error;

}

sarah_jayne_11
  • 1
  • 4