0

I've made a delete button and I want that whenever is get pressed it deletes a 'reservation' in my database. This is my code:

require_once"database.php";
if(isset($_POST["verwijderen"])) {
    $email = ($_SESSION["userId"]);
    $delete = mysql_query("DELETE FROM reserveringen WHERE Email = $email ");
}

verwijderen is the name of my delete button. $email gives me the email of the person who's logged in and $delete is the query. reserveringen is my table name and email is the colomn's name. I've tried this but it isn't working. $email does give me the email of the logged in person (I've checked it with echo($email)).

Edit: full code:

<?php
session_start();

$loggedIn = "";
if (isset($_SESSION["loggedIn"])) {
    $loggedIn = $_SESSION["loggedIn"];
} else {
    header('Location:reserveringssysteeminloggen.php');
}
$email = ($_SESSION["userId"]);


require_once"database.php";
if(isset($_POST["verwijderen"])) {
    $email = ($_SESSION["userId"]);
    $result = $mysql_query("DELETE FROM reserveringen WHERE Email = '$email' ");}

?>
Improve this question
12
  • 1
    Make sure you started your session before you use it with: session_start(); Also put quotes around $email like '$email' in your SQL Statement Commented Jan 24, 2015 at 17:26
  • 3
    "It isn't working". What's happening? Does your server explode? Does it make weird noises? Does it crash the users browser? Do you get a log message? An error? A warning? A notice? Is anything inside of your logs? Does it convince you that people can help you without any information? Does it prevent your SQL injection? Whenever you have SQL query problems, always echo the query and check if it looks right. Commented Jan 24, 2015 at 17:27
  • Warning: You are using an obsolete database API and should use a modern replacement. Commented Jan 24, 2015 at 17:27
  • I've put session_start(); in front of it and I've also put quotes around $email. Still not working. Commented Jan 24, 2015 at 17:28
  • @Max Please show us your entire code! And add error reporting at the top of your file! (<?php ini_set("display_errors", 1); error_reporting(E_ALL); ?>) And tell us the exact error messages Commented Jan 24, 2015 at 17:29

3 Answers 3

Reset to default
2

SQL uses single quotes (') to denote string literals, which you are currently missing:

$delete = mysql_query("DELETE FROM reserveringen WHERE Email = '$email'");

EDIT:
Obligatory warnings:

  1. mysql_query is deprecated, please consider either mysqli or PDO.
  2. This approach is vulnerable to SQL injection attacks. Consider using a prepared statement.
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Add a quotes around $email like:

$delete = mysql_query("DELETE FROM reserveringen WHERE Email = '$email' ");

Note aside: Your query is vulnerable to SQL Injection. You may consider using prepared statement.

Improve this answer

Comments

1

First of all, don't use mysql_query, it is deprecated. PDO::Mysql is the new standard to use, it is also much safer to use because of the prepare statement (and bindParam). This will safeguard you against SQL injections. It will also automatically place your string correctly into the sql-query.

$pdo = new PDO('mysql:host=localhost;dbname=DATABASENAME', "USERNAME", "PASSWORD");
if(isset($_POST["verwijderen"])){    
    $sql = "DELETE FROM reserveringen WHERE Email = :email";
    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(':email', $email, PDO::PARAM_STR);   
    $stmt->execute();
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.