PDO PHP: How to make a logged-in user delete their account?

Asked

Viewed 350 times

1

The user accesses the logged in page:

<?php
session_start();
echo 'Bem vindo, '.$_SESSION['username'];
?>
<br /><a href='logout.php'>Logout</a>

I want him to press a button or link and that will delete his own account (without having to type anything).

<?php
if(isset($_POST["button"])){
$hostname='localhost';
$username='root';
$password='';

try {
$dbh = new PDO("mysql:host=$hostname;dbname=projeto",$username,$password);

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this     line
$del = "DELETE FROM tbl_users WHERE id =".$_SESSION['id'];


if ($dbh->query($sql)) {
echo "<script type= 'text/javascript'>alert('Conta deletada com sucesso');  </script>";
}
else{
echo "<script type= 'text/javascript'>alert('Falha');</script>";
}

$dbh = null;
}
 catch(PDOException $e)
{
echo $e->getMessage();
}

}
?>

How do I do?

  • 2

    Even if it is off-topic, I believe I should NEVER delete a user and not even grant privileges to user database for this! In its place, you can use a column Status or isDeleted or equivalent, for example. That way if the user is "deleted" you compare whether the "Status" is as deleted or not by updating via UPDATE. This is extremely safer, in several factors, a first because users may regret having deleted that or had their accounts accessed by third parties, so you can recover easily. ;)

  • Okay. But if you want to delete right, like you would?

  • I believe there is no error, at least the query seems correct, but I also don’t use PDO. However, you are using if(isset($_POST["button"])){, therefore the input (or button) must have the attribute name defined to button. For example: <form action='logout.php' method="post"><input name='button' type='submit' value='EXCLUIR'></form>, the HTML shown contains only one a, who alone is already unable to make a POST, if you are using the quoted HTML to delete, this may be the reason.

  • Still nothing. Could you be more specific?

1 answer

0

            <?php
            session_start();

            if(isset($_POST["button"])){
            $hostname='localhost';
            $username='root';
            $password='';

            $user = $_SESSION['id'];

            try {
            $dbh = new PDO("mysql:host=$hostname;dbname=projeto",$username,$password);

            $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this     line

            $del = "DELETE FROM tbl_users WHERE id = :id";
            $deletar = $dbh->prepare($del);
            $deletar->bindValue(':id', $user);
            $retorno = $deletar->execute();


            if ($dbh->query($sql)) {
            echo "<script type= 'text/javascript'>alert('Conta deletada com sucesso');  </script>";
            }
            else{
            echo "<script type= 'text/javascript'>alert('Falha');</script>";
            }

            $dbh = null;
            }
             catch(PDOException $e)
            {
            echo $e->getMessage();
            }

            }
            ?>
  • I click and nothing happens. Does it have something to do with my html declaration? <input type="button" name="button" value="Delete Account">

Browser other questions tagged

You are not signed in. Login or sign up in order to post.