0

I am using delete method in angular and sending ID parameter to PHP REST Api but it is returning null. So how can I read params in PHP side?

delete.php

<?php
include('connection.php');

$extract = json_decode(file_get_contents("php://input"));
$idCourse = $extract->courses->idCourse;

$sql = "DELETE FROM courses WHERE idCourse='$idCourse'";
$conn->query($sql);
?>

course.component.html

<form>
  <label for='courseName'>Course name:</label>
  <input type="text" name="courseName" [(ngModel)]="course.courseName" />
  <label for='coursePrice'>Course price:</label>
  <input type="text" name="coursePrice" [(ngModel)]="course.coursePrice" />
  <button (click)="register(this.course)">Register</button>
  <button (click)="update(this.course)">Update</button>
  <button (click)="delete(this.course)">Delete</button>
</form>

<table border="1">
  <tr>
    <td>Course Name</td>
    <td>Price</td>
  </tr>
  <tr *ngFor='let course of courses'>
    <td>{{ course.courseName }}</td>
    <td>{{ course.coursePrice }}</td>
    <td><button (click)="listOne(course)">Select course</button></td>
  </tr>
</table>

listOne()

  listOne(course: Course) {
    this.course.idCourse = course.idCurso;
    this.course.courseName = course.courseName;
    this.course.coursePrice = course.coursePrice;
  }

course.component.ts

 delete(course: Course) {
    this.courseService.delete(course).subscribe((res: Course[]) => {
      this.courses = res;
      this.course = new Course();
      this.list();
    });
  }

course.service.ts

  delete(course: Course): Observable<Course[]> {
    const params = new HttpParams().set('idCourse', course.idCourse!.toString());
    return this.http.delete(`${this.url}delete.php`, { params: params }).pipe(map((res: any) => {
      this.courses.filter((c) => c.idCourse !== curso.idCourse);
      return this.courses;
    }))
  }

PHP error

[Wed Nov  9 18:13:12 2022] PHP Warning:  Attempt to read property "courses" on null in /var/www/api/backend/delete.php on line 5
[Wed Nov  9 18:13:12 2022] PHP Warning:  Attempt to read property "idCourses" on null in /var/www/api/backend/delete.php on line 5

PS: Other methods such as POST PUT and GET using similar JSON read method in PHP (json_decode) are working perfectly. Only DELETE method is returning null.

Kelson Batista
  • 406
  • 4
  • 25
  • People seem to have differing opinions here, https://stackoverflow.com/q/299628/1427878, on whether a DELETE request should have a request body in the first place. – CBroe Nov 10 '22 at 08:16

1 Answers1

0

You are adding the QueryParam idCourse to your request.

In your php code you are using $extract = json_decode(file_get_contents("php://input")); which will read the request body (not the query params) and parse it. Since you didn't pass a request body from angular (and probably shouldn't since this is a DELETE call, you should instead read the actual query param on server side.

There are different options to actually read a query string in PHP (see here: Get URL query string parameters), but here is an example:

$queries = array();
parse_str($_SERVER['QUERY_STRING'], $queries);
$idCourse = $queries['idCourse']

$sql = "DELETE FROM courses WHERE idCourse='$idCourse'";
$conn->query($sql);

Big warning

You are basically making your application vulnerable to SQL injections if you directly pass your query param to an SQL query. You should take a look at https://www.php.net/manual/en/security.database.sql-injection.php to see how you can avoid this.

Fabian Strathaus
  • 3,192
  • 1
  • 4
  • 26