Delete Query not working in MySQL from a form

Question

<form>
<input type='text' name='source' placeholder='source'/>
<input type='text' name='destination' placeholder='destination'/>
<input type='text' name='trainid' placeholder='trainid'/>
<input type='submit' name='deletetrainid'/>
</form>
<?php
if(isset($_POST['deleteTrain'])){
echo "ENTER TRAINID,SOURCE AND DESTINATION TO DELETE TRAIN ROUTE";
echo "<form action='adminPage.php' method='POST'><input type='text' 
name='trainid'/>";
echo"<input type='text' name='source' placeholder='ENTER SOURCE'/>";
echo"<input type='text' name='destination' placeholder='ENTER 
DESTINATION'/>";
echo"<input type='submit' name='deletetrainid'/>";
echo"</form>";
if (isset($_POST['deletetrainid'])) {
    $source = $_POST['source'];
    $destination = $_POST['destination'];
    $trainid =  $_POST['trainid'];
    $query = "DELETE FROM trains WHERE trainid=$trainid AND source=$source 
    AND destination=$destination";
    $result = mysqli_query($connection, $query);
    if(!$result){
        die("QUERY FAILED". mysqli_error($connection));
    }
    else
    echo "Record Deleted";
    }
    }

On clicking the button having name=deletetrainid nothing happens and the input fields are shown empty be filled again. No data/row is deleted. Any help please?

Answer 1

Looking at your code I can see several things that could go wrong. SQL injection attacks being just one of them, like mentioned @Luca.

But well, I did my own version of your code, and here's what I could fix for you to get the information somewhere.

<form action='adminPage.php' method='POST'>
    <input type='text' name='source' placeholder='source'/>
    <input type='text' name='destination' placeholder='destination'/>
    <input type='text' name='trainid' placeholder='trainid'/>
    <input type='submit' value'Submit'/>
</form>
<?php
    if (isset($_POST)) {
        $source = $_POST['source'];
        $destination = $_POST['destination'];
        $trainid =  $_POST['trainid'];
        $query = "DELETE FROM 
                      trains 
                  WHERE
                      trainid=$trainid 
                  AND 
                      source='$source' 
                  AND destination='$destination'";
        $result = mysqli_query($connection, $query);
        if(!$result){
            die("QUERY FAILED". mysqli_error($connection));
        }
        else
        echo "Record Deleted";
    } else {
        echo "Houston, we have a problem.";
    }

So, FIRST: The information you expect on the first ISSET deleteTrain is not displayed anywhere, and not set anywhere, it would never trigger the form.

SECOND: You don't need two forms, plus, only the second one had the method='POST' and action set, you could set that in the first one.. without this, you would only get the information by $_GET.

THIRD: You forgot to put quotes on the text variables on the query. That wouldn't work since strings are required to be quoted.

You are bound to make mistakes (several of them, really), so don't let that pull you down. Make use of things like: var_dump, get_defined_vars(), print|echo|print_r, die()... Everything that can help you figure out what's happening with your code before you need to ask for help, so you can, at least, have a general idea of what's wrong and where.

Answer 2

In your form, you can't add attributes: action and method. the value in action in your subject is "" and that of method is POST