Deleting data from a database when a button is clicked

Question

On a shopping cart, when I click the delete button, the row isn't being deleted from the database, any reason why?

<?php

if (isset($_POST['delete_button'])) {

  $id = $_POST['id'];

  $stmt = $pdo->prepare("DELETE FROM user_favourites WHERE user_fav_id = :user_fav_id");

  $stmt->bindParam(':user_fav_id', $id);

  $stmt->execute();

  header("Location: index.php?p=account");
  exit();
}
?>

And the button code

<form method="POST">
    <input type="hidden" name="id" value="<?php echo $fav['user_fav_id'] ?>">
    <button type="submit" name="delete_button">Delete</button>
</form>

score 0 · Answer 1 · answered Apr 14 '23 at 14:32

It works for me when I test your code, so by instinct I'd verify few things:

Make sure your $fav['user_fav_id'] is well echoed in your hidden input (a basic inspect the element will do the job) and its value is the one expected
Be careful to not modify your variable $id between the bindParam() and the execute() as with PDOStatement::bindParam() unlike PDOStatement::bindValue(), the variable is bound as a reference and will only be evaluated at the time that PDOStatement::execute() is called. See this post for more information
Try other DataBase manipulations elsewhere to check if your the link to the DB is not broken

Side note: Any user can modify the value of the hidden input. If this is is meant to go online, you should rethink how you manage this feature because a user A can delete the favourites of a user B by manipulating this value.

Deleting data from a database when a button is clicked

1 Answers1