0

I have a question about deleting data from SQL by using php form.

My php form is something like this:(it's just HTML I guess)

<html>
    <body>
        <form action="delete.php" method="get">
          Uporabniško ime <input type="text" name="user"><br>
          <input type="submit" value="Submit">
        </form>
    </body>
</html>

and then I have code that should delete from my sql called delete.php:

<?php
    $servername = "localhost";
    $username = "test";
    $password = "test";
    $dbname = "iss";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 

    $user = $_POST['user'];


    /*if (is_int($_GET['up_ime']) 
        $query = "DELETE FROM uporabniki WHERE up_ime = " . $_GET['up_ime'];
        $result = mysqli_query($con, $query);
        // Check the result and post confirm message
    }*/

    $sql = "DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = " .$_POST['user'];

?>

In my sql database I have DB called "iss" and table "uporabniki". up_ime is Unique and is basicly username. So I'm trying to make form, where I can write username, and when I click submit, that user should be deleted from SQL database. I have no idea what I'm doing wrong and why this isn't working.

Improve this question
6
  • 2
    Your form method is incorrect; use "post". Notice this => $_POST Commented Dec 10, 2014 at 18:11
  • Also make sure that the user you wish to delete, is an int and based on a user ID number. Otherwise, ".$_POST['user']; will add to the code's failure. Not to mention that your present code is open to SQL injection. Commented Dec 10, 2014 at 18:17
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string concatenation to accomplish this because you will create severe SQL injection bugs. This code is scary dangerous. Commented Dec 10, 2014 at 18:24
  • FYI: Use jQuery ajax call if you can, It will be efficient and prevent refreshing the browser. Commented Dec 10, 2014 at 18:29
  • wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers & w3cyberlearnings.com/… Commented Dec 10, 2014 at 18:56

3 Answers 3

Reset to default
2

you write method="get" in html and in php you used $_POST. Change this correctly and your code will run successfully.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

Just change the form method like this:

<form action="delete.php" method="post">

And also don't forget to execute the query:

$sql = "DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = " .$_POST['user'];
$delete_result = mysqli_query($conn, $sql) ;
Improve this answer

5 Comments

Yeah, the missing query escaped me; that's what happens when looking at code for too long. Well, I'll +1 but do take note that this is still open to SQL injection and should not be trusted.
I did exaclty as you said and I get error: Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\wamp\www\8\delete.php on line 24 Call Stack # Time Memory Function Location 1 0.0005 242584 {main}( ) ..\delete.php:0 2 0.0022 252248 mysqli_query ( ) ..\delete.php:24
yeah, you need to put the link for mysqli_query. answer updated
no more error, but it still won't delete user from database
would you plz echo the $sql and run the query directly from mysql?
0

As refered to this W3 document http/1.1 Methods definition

This should be how to write a form dedicated to delete something

<html>
    <body>
        <form action="delete.php" method="delete">
          Uporabniško ime <input type="text" name="user"><br>
          <input type="submit" value="Submit">
        </form>
    </body>
</html>

And this would be the php receiving the request (also I would recommend you to use, instead of mysqli, PDO which I will use then in my answer)

<?php
    $host= "localhost";
    $username = "test";
    $password = "test";
    $dbname = "iss";

    // Create connection and catch possible error
    try {
        $conn = new PDO('mysql:host='.$host.';dbname='.$dbname.', '.$username.', '.$password);}
    catch (Exception $e)
    {
        die('Error : ' . $e->getMessage());
    } 

    if (isset($_DELETE['user'] && !empty($_DELETE['user'])) {
        $user = $_DELETE['user'];
    } else {
        // if $_DELETE['user'] is not set or empty we close the transaction
        $pdo = null;
        die('Error : user is undefined');
    }
    $stmt = $conn->prepare("DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = :user");
    // we bind parameter to reduce the risk of injection
    $stmt->bindparam(:user, $user, PDO::PARAM_STR);
    $stmt->execute();
    $stmt = null;
    $pdo = null;
?>

hoping this will help you or someone else in the future!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.