PHP Delete Request

Question

so I am very new with php technology and I am trying to display a database and be able to delete some of the rows. I have tried this code but It doesn't work as intended. I have made the conexion with mySQL database and the GET Request works but I don't get why this DELETE request doesn't.

<!DOCTYPE html>
<html lang="EN">
  <head> 
    <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
    <title> My database </title> 
    <script> 
       function removeSelectedEmails(){
        var aux = "";
        for (x in selectedEmails) {
          if(x== 0) {aux += "?email[]=" + selectedEmails[x];}
          else {aux += "email[]=" + selectedEmails[x];}
          if(selectedEmails[x] != selectedEmails.slice(-1)[0]) {
            aux += "&";
          }

          var xmlhttp2 = new XMLHttpRequest();
          xmlhttp2.onreadystatechange = function() {
          if (this.readyState == 4 && this.status == 200) {
            showEmails(last_q);
          }
        };
        xmlhttp2.open("DELETE","db.php" + aux,true);
        xmlhttp2.send();
        }
     </script>
 <body> 
   <?php
    if($_SERVER['REQUEST_METHOD'] === 'DELETE') {
        $query = "DELETE FROM emails WHERE email=" . $value;

          if ($conn->query($query) === TRUE) {
            echo "Record deleted successfully";
          } else {
            echo "Error deleting record: " . $conn->error;
          }
      }
    ?>
</body> 
</html>

It seems like it not executing the PHP part but the JS is working fine and I copy paste the GET request that is working and just change the "GET" to "DELETE" and stop working. Thank you in advance for the help.

See about sql injection, and the importance of prepared and bound queries — Strawberry, Dec 09 '20 at 01:07
**WARNING**: When using `mysqli` you should be using [parameterized queries](https://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](https://php.net/manual/en/mysqli-stmt.bind-param.php) to add any data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](https://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or data *of any kind* directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Dec 09 '20 at 01:20
Tip: Avoid using `=== TRUE`. Most of the time this can be omitted as `if` already tests for truth. It's just clutter. — tadman, Dec 09 '20 at 01:21
If you're just getting started with PHP and want to build applications, I'd strongly recommend looking at various [development frameworks](https://www.cloudways.com/blog/best-php-frameworks/) to see if you can find one that fits your style and needs. They come in various flavors from lightweight like [Fat-Free Framework](https://fatfreeframework.com/) to far more comprehensive like [Laravel](https://laravel.com/). These give you concrete examples to work from and guidance on how to write your code and organize your project's files. — tadman, Dec 09 '20 at 01:22
There's a lot missing in this code. It looks like you're trying to submit an array parameter, that's what the `[]` usually indicates, but you never actually pick it up out of `$_POST`. `$value` isn't something that will spontaneously exist, you need to define it. — tadman, Dec 09 '20 at 01:23
Your database query is broken, but this whole code needs to be rethought using strategies in the answers to the marked duplicate. Also be aware that web browsers cannot make DELETE requests, only GET and POST. — miken32, Dec 09 '20 at 02:18
@tadman Yes sure, I didn't show up all my code just the not working parts. I can tell you that I have the right data in the URL. Thanks for the == TRUE fact. — victorcavero14, Dec 09 '20 at 14:21
@miken32 OH I didn't know that!!! That should be the problem, that I can't really create the DELETE when I execute the code in Chrome! — victorcavero14, Dec 09 '20 at 14:22

PHP Delete Request

0 Answers0