-1

I've spent a lot of time messing around with PHP and MYSQL and I've finally managed to create a "to do list" sort of thing that allows the user to submit a "to do" task and for it to add it to a database and then show it. I've followed many tutorials as I've tried to teach myself PHP blah blah. But for some reason i cannot get the delete script working.

echo "<td><a href='delete.php?=Delete" . $row['task_id']."'>Delete"."</a>"."</td></tr>" . "$record->ID";

Above is the code for the delete button

Here is the delete script apologies for the many commented out lines I've tried many 'solutions'.

    $ID = $_GET['task_id'];
    //$delete_query = "DELETE FROM Tasks WHERE ID =  $ID" ;
    $sql = "DELETE FROM Tasks WHERE task_id = $ID;";
    echo $row['task_id'];
    // $delete_query = "DELETE FROM Tasks WHERE task_id = ['task_id'] ";
    
    /* if(isset($GET['task_id'])){
       $delete = $_GET['task_id'];
        mysqli_query($connect, "DELETE FROM Tasks WHERE task_id = '$delete'");
    } */
    
    
    
    echo("Succesfully deleted");
    mysqli_close($link);

The script runs and it says "successfully deleted" but the entry still shows. In the F12 Menu/Network tab I get this error

And when I click "view source" it shows the ID of the row. I can't seem to figure out what is wrong.

Slava Rozhnev
  • 9,510
  • 6
  • 23
  • 39
daniel fitton
  • 1
  • 4
  • It should be `echo "Delete".""."" . "$record->ID";`. Also, you're open to [SQL injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). – kmoser Nov 29 '20 at 05:15
  • Thanks for the response, however that did not work either. I am only experimenting atm just for fun I will look into SQL Injections – daniel fitton Nov 29 '20 at 05:18
  • However, that change did make the F12 Menu display the ID not the "empty" – daniel fitton Nov 29 '20 at 05:20
  • See about sql injection and the importance of prepared and bound queries (I would treat any answers that ignored this with scepticism) - and consider whether a hard delete is really something that you want to allow users to do. – Strawberry Nov 29 '20 at 07:47
  • **Never** use GET for deletion. Bots can visit those urls and you could lose data. – El_Vanja Nov 29 '20 at 16:00
  • @danielfitton Task id is string or integer? – Ngo Tuan Nov 30 '20 at 03:58

3 Answers3

0

I am try to delete data using php pdo. and data can deleted successfully so you can try this code.

I have created 2 file. first req.php and second delete.php.

Here req.php file can fetch data and delete.php file can delete this data from send req.php file id.

req.php

<?php

require "connection.php";

//This is a fetch data from database
$sql = "SELECT * FROM test";
$select = $conn->prepare($sql);
$select->execute();

?>
<html>
<head>
    <title>Data</title>
</head>
<body>
    <table>
        <thead>
            <tr>
                <th>ID</th>
                <th>NAME</th>
                <th>EMAIL</th>
                <th>Delete</th>
            </tr>
        </thead>
        <tbody>
        <?php
        
            while($data = $select->fetch())
            {
            ?>
                <tr>
                    <td><?php echo $data['id']; ?></td>
                    <td><?php echo $data['student_name']; ?></td>
                    <td><?php echo $data['email_address']; ?></td>
                    <td><a href="delete.php?id=<?php echo $data['id']; ?>"><button onclick="return conformation();">Delete</button></a></td> <!-- This is a delete data button ---> 
                </tr>
            <?php
            }
        ?>
        </tbody>
    </table>
</body>
</html>
<script>
    //This is a conformation function if it will return true then data can delete otherwise data cannot deleted.
    function conformation() {
        let conform = confirm("Can you delete this data ?"); 
        
        if (conform == true) {
            return true;
        } else {
            return false;
        }
    }
</script>

delete.php

<?php

require "connection.php";

if(isset($_GET['id']))
{
    $sql = "DELETE FROM test WHERE id = ?";
    $deleteData = $conn->prepare($sql);
    
    if ($deleteData->execute([$_GET['id']])) 
    {
        header('location: http://local.test/req.php');
    }
}

?>

Viral Ghodadara
  • 70
  • 1
  • 6
  • Thanks for the reponse, I tried to create a new test page to see if it worked but it wouldn't return any of the data so I tried to add it into the existing code like: echo "Delete"; But now when I hover over the link it shows it as : /test/delete.php?id= – daniel fitton Dec 09 '20 at 23:17
  • Also this code does not show the text, it has the amount of entries in the database but does not show text only white space with the delete button visible – daniel fitton Dec 12 '20 at 14:31
-1

You can solve this or debug it by doing the following.

  1. parse the right URL parameter

       echo "<td><a href='delete.php?task_id=" . $row['task_id']."'>Delete"."</a>"."</td></tr>" . "$record->ID";

this will send a task_id value to the delete page.

  1. checking and logging the response of my SQL in delete.php

         if(isset($_REQUEST['task_id'])){

      //escape to avoid SQL injection
      $delete = mysqli_real_escape_string($connect, $_REQUEST['task_id']);

      $process = mysqli_query($connect, "DELETE FROM Tasks WHERE task_id = '".$delete."'");

      if($process){
         echo("Succesfully deleted");
      }else{
        echo("Error description: " . mysqli_error($connect));
     }
   }else{
     echo("no id supplied");
   }

in your question, you also had this: $GET['task_id'], which I believe was null.

Bruce Mubangwa
  • 45
  • 5
-1

The first issue is trying to get task_id from REQUEST params while you sending "Delete" key.

The second is you passed the task_id to db as a string, while I think it's an Integer type in the database.

So you have to do that:

echo "<td><a href='delete.php?task_id=" . $row['task_id']."'>Delete"."</a>"."</td></tr>" . "$record->ID";

$task_id = mysqli_real_escape_string($connect, $_GET['task_id']);

if (!empty($task_id)) {
    $delete_query = mysqli_query($connect, 'DELETE FROM Tasks WHERE task_id = '.$task_id);
   if ($delete_query) {
      echo 'deleted successfully';
   } else {
      echo("Error: " . mysqli_error($connect));
   }
} else {
     echo 'task_id is empty !';
}
Khaled Al-Haj Salem
  • 9
  • 1