DELETE FROM users WHERE user_id = $id

Asked

Viewed 619 times

4

I have a script simple PHP+Mysql query:

<table >
  <tr>
    <td ><h2>GERENCIAR  ANUNCIOS </h2></td>
  </tr>
  <tr>
    <td >

<table >
  <tr>
    <th >ID</th>
    <th >Nome</th>
    <th >Email</th>
    <th >Ação</th>

</tr>
<?php

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

// Executa uma consulta
$sql = "SELECT `user_id`, `user_name` , `user_email` FROM `users`";
$query = $mysqli->query($sql);
while ($dados = $query->fetch_assoc()) {
    $id        = $dados["user_id"];
    $nome      = $dados["user_name"];
    $email = $dados["user_email"];

    echo "<tr>
    <td > $id </td>
    <td > $nome </td>
    <td > $email </td>
    <td > <a href='excluir.php?user_id=$id'>excluir </a></td>
    </tr>\n";
    }

echo 'Registros encontrados: ' . $query->num_rows . '<br><br>';

?>
</table>
</td>
</tr>
</table>

And a script excluir.php

<?php
    $mysqli = new mysqli('127.0.0.1', 'root', '', 'login'); 
    $id = 'user_id';

    $strSQL = "DELETE FROM users WHERE user_id = $id";
    mysqli_query($strSQL);

    // Fechar conexão com Banco de Dados
    mysql_close();
    header("Location: index.php");
    ?>

I can’t delete records from the database. What I’m doing wrong?

  • 1

    Probably the solution will be what @Luis replied, but you should pass the id by POST and process the data entering the SQL

  • 1

    Please note that when passing the $id through the link may have problems with Sqlinjection if it does not deal with that in query of DELETE.

3 answers

8

You are trying to delete a record that contains the value 'user_id'. Change your line 2 of excluir.php for: $id = $_GET['user_id'];

  • 4

    I do not program in php, but it is not correct to send the ID by GET when it is a data deletion.

  • Delete.php line 2 changed and not deleted yet

  • @Rod why it’s not right?

  • So you could delete records just by changing the link. Since sending is by GET. It wouldn’t be that?

  • @gmsantos o Gustavo, answered above, but it’s like I said, I don’t program in php

  • 1

    @Rod the parameter being sent by POST or GET does not change anything as it is possible to forge a POST request. In my view the correct thing would be to adopt REST and send a DELETE request. Alias, in Restfull applications the id to remove a resource is passed by the URL.

  • of course the POST can also be forged, however, should be aware, already the GET, is simple URL, if even by mistake the user type, there will be the exclusion, about Restfull, I do not know php to say something...

Show 2 more comments

4


In deleting.php in addition to already spoken, missed calling the method correctly, change:

mysqli_query($strSQL);

for

$mysqli->query($strSQL);

mysqli can be used in object-oriented or procedural mode, avoid mixing styles, in the procedural model it is mandatory to pass the connection as the first argument in the functions, see the example of query

To avoid the sql Injection as it was commenting can change your code to that way:

$id = $_GET['user_id'];

$strSQL = "DELETE FROM users WHERE user_id = ?";
$stmt = $mysqli->prepare($sql); //prepara e transforma a string em uma consulta
$stmt->bind_param('i', $id); //informa que será enviado um integer ao banco
if($stmt->execute() === false){ // efetua a operação
   echo $stmt->error;
}

While doing tests on the code comments the redirect lines so it is possible to view the errors.

bind_param - manual

prepare - manual

  • and or can also make a condition in the beginning if(!is_numeric($_GET['id'])){ header("Location: index.php"); exit;}

  • I altered and executed. Returned the following error: Fatal error: Call to Undefined method mysqli::bind_param() in C: wamp www login admin delete.php on line 7

  • @Renan, I changed the answer.

  • @rray, solved!

3

The problem is in select, you’re not selecting database records, you’re just returning user_id values, user_name , user_email, try taking Select’s simple quotes like this:

 // Executa uma consulta
 $sql = "SELECT user_id, user_name , user_email FROM users";
  • It worked, that’s it. I’m just now solving the issue of sql Injection.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.