PHP delete record with multiple non joined tables

Question

I am working on some code for a php assignment, I get the correct id from the URL, the table displays all the correct records that correspond to that person, my delete button does not however work right, I either delete records in the table pertaining to the person or I get errors.

My PHP Portion above the head

<?php require "config/config.php"; ?>
<?php
    if(isset($_GET['upd'])){
        $id = $_GET['upd'];
        $query = "SELECT * FROM persons WHERE id=$id";
        $fire = mysqli_query($con,$query) or die("Can not fetch the data.".mysqli_error($con));
        $user = mysqli_fetch_assoc($fire);
        }
?>

My delete Portion above the head

<?php   
        if(isset($_GET['delweight'])){
            $weightid = ($_GET['weightid']);
            $query = "DELETE FROM personweight WHERE weightid = $weightid";
            $fire = mysqli_query($con,$query) or die("Can not delete the data from database.". mysqli_error($con));

            if($fire) echo "Data deleted from database";

            }   
?>

My Table with the delete record

<table class="table table-striped table-dark" id="weightTable">
        <thead>
            <tr><th>weightid</th><th>Weight</th><th>Date</th><th>Delete</th></tr>
        </thead>
        <tbody>
            <?php       
                $query = "SELECT * FROM personweight WHERE id=$id";
                    $fire = mysqli_query($con,$query) or die("can not fetch data from datase ".mysqli_error($con));
                        if(mysqli_num_rows($fire)>0){
                        while($user = mysqli_fetch_assoc($fire)){ ?>
            </tr>
                <td><?php echo $user['weightid'] ?></td>
                <td><?php echo $user['weight'] ?></td>
                <td><?php echo $user['added'] ?></td>
                <td>
                    <a href="<?php $_SERVER['PHP_SELF'] ?>?delweight=<?php echo $user['id'] ?>" class="btn btn-sm btn-danger">Delete</a>
                </td>
            </tr>
                <?php }}  ?>
        </tbody>
    </table>

It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Oct 26 '19 at 21:19
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Oct 26 '19 at 21:20
I do not want to yet include PDO or worry about security. that is my next step, after i get it to function. — Jay1, Oct 27 '19 at 00:08
I mentioned in my comment that prepared statements are available with mysqli too. PDO is simpler to use than mysqli, but nobody is forcing you to use it. However, not using parameters to pass your data is a very serious problem for your code. It could easily be the cause of your current or future bugs. Even if you do not care about security, you should care about your code working properly. — Dharman, Oct 27 '19 at 00:10

PHP delete record with multiple non joined tables

0 Answers0