1

I tried to add a delete "button"(link to file with function) it should delete a row from the database, but it didn't work. I looked for tutorials and answers on forums but found nothing how solve for my problem.

<td><a href="includes/delete.inc.php?commentId=<?php echo $row["commentId"]; ?>">Delete</a></td>

link from code:

link from code

The link works correctly, but when I tried to delete it just doesn't want to take 'commentId' variable and go back to test.php page

Table on website:

table on website

dbh.inc.php

<?php

$serverName = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "php-login";


$conn = mysqli_connect($serverName, $dBUsername, $dBPassword, $dBName);


if (!$conn){
    die("connection failed: " . mysqli_connect_error());
}

test.php

<?php
include_once 'header.php';
include "includes/dbh.inc.php";
include 'includes/test.inc.php';
?>


<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css" integrity="sha384-Gn5384xqQ1aoWXA+058RXPxPg6fy4IWvTNh0E263XmFcJlSAwiGgFAW/dAiS6JXm" crossorigin="anonymous">
</head>
<body>
    <div class="container">
        <div class="box">
            <h4 class="display-4 text-center">Comments</h4><br>
            <?php if (isset($_GET['success'])) { ?>
            <div class="alert alert-success" role="alert">
              <?php echo $_GET['success']; ?>
            </div>
            <?php } ?>
            <table class="table table-striped">
              <thead>
                <tr>
                  <th scope="col">#</th>
                  
                  <th scope="col">Username</th>
                  <th scope="col">Comment</th>
                  <th scope="col">Action</th>
                </tr>
              </thead>
              <?php
                $i=0;
                while($row = mysqli_fetch_array($result)) {
                ?>
                
                <td><?php echo $row["commentId"]; ?></td>
                <td><?php echo $row["usersUid"]; ?></td>
                <td><?php echo $row["comment"]; ?></td>
                <td><a href="includes/delete.inc.php?commentId=<?php echo $row["commentId"]; ?>">Delete</a></td>
                </tr>
                <?php
                $i++;
                }
                ?>
            </table>      
        </div>
    </div>
</body>
</html>

test.inc.php

<?php  

include "dbh.inc.php";

$sql = "SELECT * FROM commenttb ORDER BY commentId DESC";
$result = mysqli_query($conn, $sql);

delete.inc.php

<?php

include "dbh.inc.php";
if(isset($_GET['commentId'])) {
   $id = $_GET['commentId'];
   $delete = "DELETE FROM `commenttb` WHERE `commentId` ='$id'";
   $result = mysqli_query($conn, $delete);
   if ($result) {
      header("Location: ../test.php?success=successfully deleted");
   } else {
      header("Location: ../test.php?error=unknown error occurred");
   }
}else {
   header("Location: ../test.php?error=smth gone wrong");
}

If I press on the link "delete" it should take 'commentId' variable from row e.g. 5 and by SQL query from delete.inc.php file delete row with this id from my database

I tried change $_Get to $_POST and add method="POST" to link on delete.inc.php file, but it didn't work

Improve this question
20
  • 2
    add method="POST" to link...that only applies to forms, not links. Always read the manual
    – ADyson
    Commented Jan 3, 2023 at 16:49
  • Warning: Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.
    – ADyson
    Commented Jan 3, 2023 at 16:49
  • phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the mysqli documentation and this: How can I prevent SQL injection in PHP? . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again.
    – ADyson
    Commented Jan 3, 2023 at 16:49
  • Never configure your web app to login to the database as root. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually needs in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup.
    – ADyson
    Commented Jan 3, 2023 at 16:50
  • Please bring your error handling into the 21st century. Add mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); before your mysqli_connect() (or new mysqli()) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you don't need to clutter your script with repetitive code to keep checking errors after every mysqli command. Also you're losing info by just outputting "unknown error" when queries fail...it's not unknown, if you actually check for it! Your overall code is very archaic, unfortunately.
    – ADyson
    Commented Jan 3, 2023 at 16:50
Related questions
1
EF CodeFirst migrations not working
3
EF 6 CodeFirst Migrations Not Working
22
How to apply migrations from code (EF Core)
Load 7 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.