Undefined index for deletion in php

Question

I'm still new at php (just started yesterday) and when I wanted to delete my data it says this
Notice: Undefined index: bookname in C:\wamp64\www\HelpingClass\delete.php on line 13
Notice: Undefined index: quantity in C:\wamp64\www\HelpingClass\delete.php on line 14
Notice: Undefined index: price in C:\wamp64\www\HelpingClass\delete.php on line 15

and this is my code for line 13,14,15

$bookname = $_POST['bookname'];
$quantity = $_POST['quantity'];
$price = $_POST['price'];

I even try to change those 13,14,15 lines to this

    if(isset($_POST['bookname']) && isset($_POST['bookname'])){
    echo $_POST['bookname'];
}
    if(isset($_POST['quantity']) && isset($_POST['quantity'])){
    echo $_POST['quantity'];
}
    if(isset($_POST['price']) && isset($_POST['price'])){
    echo $_POST['price'];}

the notice undefined index are gone but i still can't delete the data :(

this is my full code for delete.php

<?php
    include ('connection.php');
    session_start();
    if (!isset($_SESSION ['userid'])&& empty($_SESSION['userid'])){
        header ("location:login.php");
        exit;
    }
    else {
        $userid = $_SESSION ['userid'];
    }

    $bookid = $_GET['bookid'];
    $bookname = $_POST['bookname'];
    $quantity = $_POST['quantity'];
    $price = $_POST['price'];

    $query = mysqli_query ($conn, "DELETE FROM book SET WHERE Book_Id='$bookid';");

    if ($query == TRUE)
        {
            echo "<script language='javascript'>";
            echo "alert('Deleted.');";
            echo "window.location.href='action.php';";
            echo "</script>";
        }
        else
        {
            echo "<script language='javascript'>";
            echo "alert('Delete Failed.');";
            //echo "window.location.href='action.php';";
            echo "</script>";
        }


 ?>

I really do appreciate your help

`isset($_POST['quantity']) && isset($_POST['quantity'])` is same as `isset($_POST['quantity'])` : A and A = A only — Madhur Bhaiya, Sep 30 '18 at 12:35
Your query is invalid. The notices are not the reason your data doesn't get deleted. Check `mysqli_error($conn)` — rickdenhaan, Sep 30 '18 at 12:41
I retracted my close vote, because the duplicate I linked to is actually not related to the real problem here. — rickdenhaan, Sep 30 '18 at 12:43
`DELETE * FROM` is invalid remove the `*` and the `SET `. Use error reporting. You also are open to SQL injections, parameterize that. Also are you sending a `GET` and `POST` request? — user3783243, Sep 30 '18 at 12:46
@user3783243 I forgot to delete the * when I posted it . Great news ! when I remove * and SET it was a success . Thank you very much T_T — nh. m, Sep 30 '18 at 12:49
@nh.m Great, you should now familiarize yourself with http://php.net/manual/en/mysqli.error.php so in the future you can debug these easily. — user3783243, Sep 30 '18 at 12:57
what's with the "(CLOSED)" edit for the title? I had to edit that out. — Funk Forty Niner, Sep 30 '18 at 13:06
To the OP: About that ^ above; you should mark the question as solved with @MadhurBhaiya 's answer below. Accepting it marks the question as "closed". There's no need to make that part of the title, to which again I removed in an edit. — Funk Forty Niner, Sep 30 '18 at 13:12

Madhur Bhaiya · Answer 1 · 2018-09-30T13:04:28.450

There are quite a few issues in your code.

Most Importantly, Your database queries are open to SQL Injection related issues. Please use Prepared Statements.

An example of parametrized version could be:

// prepare the query statement
$stmt = $mysqli_prepare($conn, "DELETE FROM book 
                                WHERE Book_Id = ?");
// bind the parameters
$stmt->bind_param("i", $bookid);
// execute the query
$stmt->execute();
//fetching result would go here (in case of SELECT queries)
$stmt->close();

Secondly, check if a variable exists or not, using isset function. You can use ternary operators alongside.

eg:

$bookid = isset($_GET['bookid']) ? $_GET['bookid'] : 0;
$bookname = isset($_POST['bookname']) ? $_POST['bookname'] : '';
$quantity = isset($_POST['quantity']) ? $_POST['quantity'] : 0;
$price = isset($_POST['price']) ? $_POST['price'] : 0;

Thirdly, your DELETE query statement syntax is wrong. you cannot use * and SET. Also, do (int) typecasting on the $bookid (assuming it to be integer here). You also don't need a semicolon (;) in the query string, when using mysqli_query function.

It should be as follows:

$query = mysqli_query ($conn, "DELETE FROM book 
                               WHERE Book_Id = '" . (int)$bookid . "'");

From MySQL Documentation, syntax of DELETE statement is as follows:

DELETE [LOW_PRIORITY] [QUICK] [IGNORE] FROM tbl_name
    [PARTITION (partition_name [, partition_name] ...)]
    [WHERE where_condition]
    [ORDER BY ...]
    [LIMIT row_count]

the OP removed the asterisk in an edit earlier about the DELETE query. — Funk Forty Niner, Sep 30 '18 at 13:07

Undefined index for deletion in php

1 Answers1