0

I tried to delete user from mysql database with this code 

if (isset($_POST['user_delete'])) {
    $key = $_POST['keyToDelete'];
    $check = "DELETE FROM user WHERE id = ". $key or die(mysqli_error($connection));

    $result2 = $connection->query($query);
    if($result2->num_rows >0){
         $query_delete = "DELETE FROM user WHERE id =". $key or die(mysqli_error($connection));

    var_dump($query_delete);
} else {

}

but it don't want to delete my database. but the sql already right and I also got the id because I tried to var_dump it. please help what was wrong with my code

Improve this question
4
  • 2
    Well, that's not going to delete the entire database, it's only possibly going to delete a user. What are you actually trying to do? Commented Jul 2, 2019 at 9:16
  • You never execute the second query (which is the same as the first?). You also die() to the querystring, not the execution of the query. Commented Jul 2, 2019 at 9:17
  • 1
    "I tried to delete from mysql database" I guess? Commented Jul 2, 2019 at 9:19
  • yes that's what I mean. sorry Commented Jul 2, 2019 at 11:57

1 Answer 1

Reset to default
6

You have a few issues here,

  1. Your or die(mysqli_error($connection)) is to the querystrings, not the actual queries. Besides, instead of manually checking for errors it's much better to configure to throw errors automatically. For this add the following line to the connection code:

    mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

  2. You attempt to delete it twice? Though the second query is never executed, you just define the querystring (and never run it).

  3. num_rows is only usable on select-statements. You want affected_rows to check if the query actually deleted any data.
  4. You're not using a prepared statement.
if (isset($_POST['user_delete'])) {
    $key = $_POST['keyToDelete'];
    $query = "DELETE FROM user WHERE id = ?";
    $stmt = $connection->prepare($query);
    $stmt->bind_param("s", $key);
    $stmt->execute();
    if ($stmt->affected_rows) {
        echo "Deleted ".$stmt->affected_rows." rows";
    } else {
        echo "No rows matched the criteria.";
    }
    $stmt->close();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

12 Comments

it's not good to hardcode the error reporting into the application code. Let me edit your code with the proper error reporting?
Also, quite unexpectedly, but (3) is not true, these functions are interchangeable
The error-handling was merely an example (and to nudge in the direction of "don't display errors to the end-user") - feel free to improve it.. I've never seen num_rows work on delete queries though? No mention of it in the manual either that I can recall - do you have a source for that?
So here is my take on the error reporting. first, it makes the code less bloated. Second, it makes error reporting more flexible, as it can be configured at the application level.
It means that there are values in the mitra table that depend on the values you are trying to delete. So, either delete those first, or you can alter your foreign key to be ON DELETE CASCADE (so it deletes the rows in mitra when you delete the user). Alternatively ON DELETE SET NULL if that's possible.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.