0

I'm student and I'm new to php and mysql. Please help me with this. Can you correct these codes and help me with your answers.
This is my html form :

<html>
    <head>
        <title>
            Subscribe
        </title>
    </head>
    <body>
        <form method="post" action="delete-subs.php">
Email:<input type="Text" id="semail" name="semail"><br>
<input type="Submit" name="submit" value="delete">
    </body>
</html>

This is delete-subs.php :

<html>
 
<head>
   <title>Delete subscribe</title>
</head>
 
<body>
    <center>
        <?php
 include'db/config.php';
        $semail = $_REQUEST['semail'];
$sql = "DELETE FROM sbscribers WHERE semail=$email";

if ($conn->query($sql) === TRUE) {
  echo "<h1 style='color: red;'>Thank you</h1><br>Successfully deleted.";
} else {
  echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
        ?>
    </center>
</body>

When I click the button nothing appears, no errors and nothing; please help me.
Barmar
  • 741,623
  • 53
  • 500
  • 612
Thejan Vishmitha
  • 1
  • 2
  • Warning your code is extremely vulnerable to sql injection attacks – Daniel A. White Sep 16 '22 at 19:25
  • Welcome to Stack Overflow! Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar Sep 16 '22 at 19:26
  • Using a prepared statement will also fix the problem, which is that you forgot to put quotes around `$email` in the SQL. – Barmar Sep 16 '22 at 19:26
  • If you don't see anything, neither the sucess message or the SQL error, there must be a syntax error in the script. See https://stackoverflow.com/questions/2687730/how-can-i-make-php-display-the-error-instead-of-giving-me-500-internal-server-er – Barmar Sep 16 '22 at 19:27
  • Add `` to the very top of your page .. This will display all warnings, notices and fatal errors for troubleshooting. – Zak Sep 16 '22 at 19:30

0 Answers0