Jump to content

Recommended Posts

Hi everyone,

 

I don't understand why MySQL won't do execute query to delete record in phpmyadmin. I made a script in PHP, what did I do wrong?

 

First page:

 

<?php
session_start();
if ($_SESSION['user']) {
echo "<p>You are logging in as ".$_SESSION['user']." <a href='logout.php'>Log out</a></p>";
}
else {
header('location:denied.php');
}
require('require.php');
 
?>
<!doctype html>
<html>
<head>
<title>Delete your member's information</title>
<link href="rcd.css" rel="stylesheet" type="text/css">
<link href="submit.css" rel="stylesheet" type="text/css">
</head>
<body>
<center>
<p>Are you sure you want to delete this member's information?</p>
<form action="delete2.php">
<table>
<?php
 
$del = $_GET['delete'];
 
$show = "SELECT * FROM Members WHERE ID = '".$del."'";
$result = mysqli_query($Garydb, $show);
 
if (mysqli_num_rows($result)) {
while ($rows = mysqli_fetch_assoc($result)) {
echo "<tr><td>First Name: </td><td><input type='text' value='".$rows['FirstName']."'></td></tr>";
echo "<tr><td>Last Name: </td><td><input type='text' value='".$rows['LastName']."'></td></tr>";
echo "<tr><td>Birth Month: </td><td><input type='text' value='".$rows['Month']."'></td></tr>";
echo "<tr><td>Email: </td><td><input type='text' value='".$rows['Email']."'></td></tr>";
echo "<tr><td>Local: </td><td><input type='text' value='".$rows['Local']."'></td></tr>";
echo "<tr><td colspan='2'><a href='delete2.php?delete2=".$rows['ID']."' style='font-size:20px;'>Delete Member's Information</a></td></tr>";
}
}
 
?>
</table>
</form>
<p><a href="register.php">Return to register page</a></p>
</center>
</body>
</html>
 

Second Page

<?php

session_start();
if ($_SESSION['user']) {
echo $_SESSION['user'];
}else {
header('denied.php');
}

require("require.php");

if ($_GET['delete2']) {
$delete = $_GET['delete2'];
}

if ($delete) {
$del = "DELETE * FROM Members WHERE ID = '".$delete."'";
mysqli_query($Garydb, $del);
}

?>
<!doctype html>
<html>
<head>
<title>Deleted</title>
</head>
</html>
Edited by Ch0cu3r
Link to comment
https://forums.phpfreaks.com/topic/299522-delete-data-in-sql-in-php/
Share on other sites

Your query is malformed

 

 

$del = "DELETE * FROM Members WHERE ID = '".$delete."'";

 

There is no field list for a delete query, e.g. the *

 

Try this:

 

 

$del = "DELETE FROM Members WHERE ID = '".$delete."'";

 

Also, your code is full of security risks - particularly with SQL Injection. You should spend some time learning some best practices.

You should use prepared statements.

 

Manual escaping with mysqli_real_escape_string() is too error-prone (as you can see), and stripslashes() has nothing to do with security. It's a leftover from the early days of PHP when “Magic Quotes” still existed.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.