0

How to delete related data one by one in my PHP?

functions.php

$conn = mysqli_connect("localhost:3305","root","1234","dj"); //connect database
function getRealIpUser(){

    switch(true){

        case(!empty($_SERVER['HTTP_X_REAL_IP'])) : return $_SERVER['HTTP_X_REAL_IP'];
        case(!empty($_SERVER['HTTP_CLIENT_IP'])) : return $_SERVER['HTTP_CLIENT_IP'];
        case(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) : return $_SERVER['HTTP_X_FORWARDED_FOR'];

        default : return $_SERVER['REMOTE_ADDR'];

    }

}

cart.php

<include ("functions.php");> 
<div class="shopping-cart">
                <h6>My Cart</h6>
                <hr>
                <?php

                $ip_add = getRealIpUser(); //getRealIpuser from functions.php

                $select_cart = "select * from cart where ip_add='$ip_add'";

                $run_cart = mysqli_query($conn,$select_cart);

                while($row_cart = mysqli_fetch_array($run_cart)){

                    $pro_id = $row_cart['p_id'];

                    $pro_size = $row_cart['size'];

                    $pro_quantity = $row_cart['quantity'];

                  ?>

                        <form action="cart.php" method="post" class="cart-items">
                            <div class="border rounded">
                                <div class="row bg-white">
                                    <div class="col-md-6">
                                        <button type="submit" class="btn btn-warning">Save for Later</button>
                                        <button type="submit" id="<?php echo $pro_id;?>" class="btn btn-danger mx-2" name="remove">Remove</button>
                                    </div>

                                </div>
                            </div>
                        </form>


                    <?php }?>
</div>

database:

cart database including (p_id ip_add quantity size)

loading page:

loading page

my problem is, I want to delete related data one by one. But my ability limited, so how to write the PHP code with MySQL.

Here are my wrong codes:

<?php

    global $conn;
    if(isset($_POST['remove'])){

            $delete_product = "delete from cart where p_id='$pro_id'";

            $run_delete = mysqli_query($conn,$delete_product);

            if($run_delete){

                echo "<script>window.open('cart.php','_self')</script>";

            }

}

?>
nbk
  • 45,398
  • 8
  • 30
  • 47
Tokyo
  • 23
  • 4
  • if you don't know what prepared statements are, you need to find out fast, otherwise you end up in [this sort of situation](https://bobby-tables.com/). (That site also contains examples of how to use prepared statements and parameters to write your queries securely using php / mysqli, so please go ahead and take a look). – ADyson Feb 28 '20 at 23:55
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 29 '20 at 16:37

1 Answers1

0

you Form has to be like this with a hidden parameter, that can be identified by its name.

In this case productid

<form action="cart.php" method="post" class="cart-items">
    <div class="border rounded">
        <div class="row bg-white">
            <div class="col-md-6">
                 <input type="hidden" name="productid" value=<?php echo $pro_id;?>>
                <button type="submit" class="btn btn-warning">Save for Later</button>
                <button type="submit" id="<?php echo $pro_id;?>" class="btn btn-danger mx-2" name="remove">Remove</button>
            </div>

        </div>
    </div>
</form>

In you cart.php You then uset he hidden productid to delete

I changed you vulnerable code to Procedural style preprared statement.

<?php

    global $conn;
    if(isset($_POST['productid'])){

         if ($stmt = mysqli_prepare($conn, "delete from cart where p_id=?")) {

            /* bind parameters for markers */
            mysqli_stmt_bind_param($stmt, "s", $_POST['productid']);

            mysqli_stmt_execute($stmt);

            if(mysqli_affected_rows($conn) > 0 ){

                echo "<script>window.open('cart.php','_self')</script>";

            }else{
                echo mysqli_error($connection);
             }
         }
    }

 ?>

You should read urgently how to prevent sqlinjection

And you can also take a look at the Object oriented style of pho encoding

nbk
  • 45,398
  • 8
  • 30
  • 47
  • Yeah, it works , thanks for your suggestion. And I learned PHP these days, I like the traditional coding style, I try to use the Object style. – Tokyo Feb 29 '20 at 11:33
  • 1
    The else part is not going to work. Please remove it. Instead enable error reporting [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Feb 29 '20 at 16:38