I tried to add a delete "button"(link to file with function) it should delete a row from the database, but it didn't work. I looked for tutorials and answers on forums but found nothing how solve for my problem.
<td><a href="includes/delete.inc.php?commentId=<?php echo $row["commentId"]; ?>">Delete</a></td>
link from code:
The link works correctly, but when I tried to delete it just doesn't want to take 'commentId' variable and go back to test.php page
Table on website:
dbh.inc.php
<?php
$serverName = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "php-login";
$conn = mysqli_connect($serverName, $dBUsername, $dBPassword, $dBName);
if (!$conn){
die("connection failed: " . mysqli_connect_error());
}
test.php
<?php
include_once 'header.php';
include "includes/dbh.inc.php";
include 'includes/test.inc.php';
?>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
</head>
<body>
<div class="container">
<div class="box">
<h4 class="display-4 text-center">Comments</h4><br>
<?php if (isset($_GET['success'])) { ?>
<div class="alert alert-success" role="alert">
<?php echo $_GET['success']; ?>
</div>
<?php } ?>
<table class="table table-striped">
<thead>
<tr>
<th scope="col">#</th>
<th scope="col">Username</th>
<th scope="col">Comment</th>
<th scope="col">Action</th>
</tr>
</thead>
<?php
$i=0;
while($row = mysqli_fetch_array($result)) {
?>
<td><?php echo $row["commentId"]; ?></td>
<td><?php echo $row["usersUid"]; ?></td>
<td><?php echo $row["comment"]; ?></td>
<td><a href="includes/delete.inc.php?commentId=<?php echo $row["commentId"]; ?>">Delete</a></td>
</tr>
<?php
$i++;
}
?>
</table>
</div>
</div>
</body>
</html>
test.inc.php
<?php
include "dbh.inc.php";
$sql = "SELECT * FROM commenttb ORDER BY commentId DESC";
$result = mysqli_query($conn, $sql);
delete.inc.php
<?php
include "dbh.inc.php";
if(isset($_GET['commentId'])) {
$id = $_GET['commentId'];
$delete = "DELETE FROM `commenttb` WHERE `commentId` ='$id'";
$result = mysqli_query($conn, $delete);
if ($result) {
header("Location: ../test.php?success=successfully deleted");
} else {
header("Location: ../test.php?error=unknown error occurred");
}
}else {
header("Location: ../test.php?error=smth gone wrong");
}
If I press on the link "delete" it should take 'commentId' variable from row e.g. 5 and by SQL query from delete.inc.php file delete row with this id from my database
I tried change $_Get to $_POST and add method="POST" to link on delete.inc.php file, but it didn't work
add method="POST" to link
...that only applies to forms, not links. Always read the manualroot
. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually needs in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup.mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
before yourmysqli_connect()
(ornew mysqli()
) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you don't need to clutter your script with repetitive code to keep checking errors after every mysqli command. Also you're losing info by just outputting "unknown error" when queries fail...it's not unknown, if you actually check for it! Your overall code is very archaic, unfortunately.