1

I have a list of items that is being output via PHP / MySQL. I also have an Edit button and a Delete button in one column. I am trying to figure out how to delete a list item on a specific row by clicking the Delete button. I have tried the following:

$id = $_GET['id'];

if(isset($_POST["deletelist"])) {

    $query = "SELECT * FROM lists";
    $result = mysqli_query($db, $query);
    if(mysqli_num_rows($result) == 1) {

    $query = "DELETE FROM lists WHERE id = '$id'";
} else {
        echo "Cannot delete";
    }
}

This of course does not work. Can anyone help me out with this?

UPDATE

This is the code for the entire page:

https://pastebin.com/raw/qjnZkUU2

UPDATED CODE

$id = $_GET['id'];

if(isset($_POST["deletelist"])) {

    $query = "SELECT * FROM lists";
    $result = mysqli_query($db, $query);
    if(mysqli_num_rows($result) == 1) {

    $query = "DELETE FROM lists WHERE id = '$id'";
    mysqli_query($db, $query);
} else {
        echo "Cannot delete";
    }
}

What I am confused about is how does the query know which item to delete? Should I be appending the ID to the URL to pass the ID?

UPDATE

Ok I think I get it....In the delete button, I need to echo the ID of that row so when the query runs from clicking the delete button, it knows which ID to delete correct?

Improve this question
4
  • show the HTML code please Commented Jul 20, 2017 at 5:27
  • 3
    Learn about prepared statements to prevent sql injection Commented Jul 20, 2017 at 5:28
  • 3
    You never execute the delete query Commented Jul 20, 2017 at 5:29
  • Your code reads like an interview challenge. There are 5 really serious bugs in there and a lot of other issues. Learn how to solve one problem at a time and how to do it properly. Commented Aug 14 at 22:13

4 Answers 4

Reset to default
4

you have to execute query for any action in database

mysqli_query($db, $query);

so execute a delete query and then try it again

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You have to execute the query. There is no query execution code. Try this

$id = $_GET['id'];

if(isset($_POST["deletelist"])) {

    $query = "SELECT * FROM lists";
    $result = mysqli_query($db, $query);
    if(mysqli_num_rows($result) == 1) {

    $query = "DELETE FROM lists WHERE id = '$id'";
    mysqli_query($db, $query);
} else {
        echo "Cannot delete";
    }
}
Improve this answer

2 Comments

Should I be getting undefined index for I'd?
Be careful using user input from GET directly in a statement! Better use prepared statements with param binding. See stackoverflow.com/q/60174/1915746
0

In order to delete a specific row what I needed to do was echo the ID within a link/button. This would then pass the ID to the needed PHP to delete the row from the database.

Echoing the row ID in the button

echo "<a href='includes/deletelist.php?id=$row[id]'><input class=\"btn btn-danger\" value=Delete style=\"width: 85px;\"></a>

The PHP to delete the action row

<?php

include("db.php");

if (!isset($_GET['id'])) {
    echo 'No ID was given...';
    exit;
}
if ($db->connect_error) {
    die('Connect Error (' . $con->connect_errno . ') ' . $con->connect_error);
}
$sql = "DELETE FROM lists WHERE id = ?";
if (!$result = $db->prepare($sql)) {
    die('Query failed: (' . $db->errno . ') ' . $db->error);
}

if (!$result->bind_param('i', $_GET['id'])) {
    die('Binding parameters failed: (' . $result->errno . ') ' . $result->error);
}
if (!$result->execute()) {
    die('Execute failed: (' . $result->errno . ') ' . $result->error);
}
if ($result->affected_rows > 0) {
    echo "The ID was deleted with success.";
} else {
    echo "Couldn't delete the ID."; }
$result->close();
$db->close();
header('Location: ../account.php');
?>

This deletes the item row and then returns the user to account.php. Which in this case, the page never really changes.

Improve this answer

Comments

-1

Try like below 

if(isset($_POST["deletelist"]) && isset($_GET['id']) ) {
    $id = $_GET['id'];
    $query = "SELECT * FROM lists";
    $result = mysqli_query($db, $query);
    if(mysqli_num_rows($result) == 1) {

         $query = "DELETE FROM lists WHERE id = '".mysqli_real_escape_string($db,$id)."'";
        mysqli_query($db, $query);
    } else {
        echo "Cannot delete";
    }
}
Improve this answer

5 Comments

try like below is not an answer. Explain what you have changed and why
@Jens mysqli_real_escape_string need to use for remove the mysql ejection . and mysqli_query($db , $query) need to execute for any mysql action. Thanks
mysqli_real_escape_string does not prevent SQL injection completly.
This function add an escape character, the backslash, \, before certainly dangerous characters in a string passed in to this function. SO we can prevent this issue by using this function.
read here: stackoverflow.com/questions/32391315/…

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.