-1

My add_id is a primary key. I have displayed all the addresses from the same cus_id but with different add_id. I want to delete a specified row of address but when I press the delete button, the page refresh but no data was deleted. Please look at my codes, thank you.

These are the codes involved, and my db:

my db

<?php
$cus_id = $_SESSION['id'];
//To show all the addresses with the same cus_id
$result2 = mysqli_query($connect, "SELECT * FROM customer_address WHERE cus_id='$cus_id'");
?>
<?php

if (isset($_GET['del'])) {
  $add_id = $_GET["id"];
  mysqli_query($connect, "DELETE FROM customer_address WHERE add_id='$add_id'");
}

?>
<?php
while ($row1 = mysqli_fetch_assoc($result2)) {
?>
  <div class="addrow">
    <div class="add_box">
      <p id="name_row"><?php echo $row1['name']; ?> </p>
      <p id="phone_row"><?php echo $row1['contact']; ?> </p>
      <p id="add_row"><?php echo $row1['address']; ?></p>
    </div>
    <div class="btn_box">
      <input type="button" name="editbtn" class="editbtn" value="Edit">
      <a href="cus_address.php?del&id=<?php echo $row['cus_id']; ?>"><input type="button" name="deletebtn" class="deletebtn" value="Delete"></a>
      <input type="button" name="defaultbtn" class="defaultbtn" value="Set As Default">
    </div>
  </div>
<?php
}
?>

<?php

if (isset($_GET['del'])) {
  $add_id = $_GET["id"];
  mysqli_query($connect, "DELETE FROM customer_address WHERE add_id='$add_id'");

  echo ("<script>location.href = 'cus_address.php?msg=$msg';</script>");
}

?>
André Walker
  • 588
  • 10
  • 30
Priscilla
  • 53
  • 9
  • Remove `input` fields and use only `a` link. When you use `input type button` it submits the data rather then following the link. – Aftabul Islam Dec 20 '20 at 15:00
  • @AftabulIslam These buttons aren't going to submit anything. There's no form tag. – El_Vanja Dec 20 '20 at 15:02
  • 2
    Implementing delete operation via link is not a good way. In this way anybody can bulk delete data only via visiting a link. It should be a post request with the delete id. – Aftabul Islam Dec 20 '20 at 15:03
  • 5
    Please note that the way you're building your query is unsafe. You're open to [SQL injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). You should use [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](https://www.php.net/manual/en/book.pdo) instead. – El_Vanja Dec 20 '20 at 15:03

1 Answers1

0

Firstly, you need to change from '$cus_id' to '".$cus_id."' because $cus_id is parameter.

<?php
      $cus_id = $_SESSION['id'];
      //To show all the addresses with the same cus_id
      $sql = "SELECT * FROM customer_address WHERE cus_id='".$cus_id."'";
      $result2 = mysqli_query($connect, $sql);
?>

When delete data, you need to add both cust_id and add_id on query follow as below:

<?php
     if (isset($_GET['del'])) 
     {
       $cust_id = $_GET["id"];
       $add_id = $_GET["add_id"];
       mysqli_query($conn, "DELETE FROM customer_address WHERE add_id='".$add_id."' and cus_id='".$cust_id."'");
     }
?>

Next, check data exist before looping and add "&add_id="

<?php 
if(mysqli_num_rows($result2) > 0) 
{
    while($row1 = mysqli_fetch_assoc($result2))
    {
?>
  <div class="addrow">
    <div class="add_box">
      <p id="name_row"><?php echo $row1["name"]; ?> </p>
      <p id="phone_row"><?php echo $row1["contact"]; ?> </p>
      <p id="add_row"><?php echo $row1["address"]; ?></p>
    </div>
    <div class="btn_box">
      <input type="button" name="editbtn" class="editbtn" value="Edit">
      <a href="cus_address.php?del&id=<?php echo $row1["cus_id"]; ?>&add_id=<?php echo $row1["add_id"];?>"><input type="button" name="deletebtn" class="deletebtn" value="Delete"></a>
      <input type="button" name="defaultbtn" class="defaultbtn" value="Set As Default">
    </div>
  </div>
<?php
    }
}else{
   //Display... when no data have been found 
}
?>
bowlnz
  • 21
  • 1