php delete $row not working

Question

I have a table with registered users. My code is suppose to delete a row when clicking delete in the table. This is in the database.php

.....
 while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
    echo '<tr><td align="left">' . $row['Id'] . '</td><td align="left"><a href="delete.php?id=' . $row['Id'] . '">Delete</a></td></tr>';
  }
......

So, I'm getting the id when clicking delete. So far, this part works but when I tried to run the delete query it doesn't work. delete.php

<?php
session_start();
include 'connection.php';
   if (isset($_POST['Id']) && is_numeric($_POST['Id'])){
   $id = mysqli_real_escape_string($conn, $_POST['Id']);
   $result = mysqli_query("DELETE FROM table_name WHERE Id= '$id' ")
   or die(mysqli_error());

   echo "<h3><br><br><a href=database.php> <b> Go Back</a></h3>";
   echo "Data Deleted";
   }else {
      echo "Error";
      echo "<h3><br><br><a href=database.php> <b> Go Back</a></h3>";
   }  
?>

I just get "Error" and it doesn't remove the row. How can I fix it?

Edit:

<?php
session_start();
include 'connection.php';

if (isset($_GET['Id']) && is_numeric($_GET['Id']))
{
$id = mysqli_real_escape_string($conn, $_GET['Id']);
$result = mysqli_query("DELETE FROM User_reg WHERE Id= '$id' ")
or die(mysqli_error());



echo "<h3><br><br><a href=AdminLog.php> <b> Go Back</a></h3>";
echo "Data Deleted";
}else {
echo "Error";
echo "<h3><br><br><a href=AdminLog.php> <b> Go Back</a></h3>";
}
?>

Still getting the same result with the delete query not working. Also "Id" name is set in the same way as in the database.

**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). Accidentally unescaped data is a serious risk. — tadman, Mar 20 '17 at 23:09
it's already been said that `id` is case-sensitive. The `?id` and `$_GET['Id']` do not match. — Funk Forty Niner, Mar 20 '17 at 23:35
@– Fred -ii- I have fix that. But now I get an empty page instead of th echo message. — Kdoinnt, Mar 20 '17 at 23:37

score 0 · Accepted Answer · edited May 23 '17 at 11:54

0

$_POST['Id'] is not set, because you got to that script via a link.

<a href="AdminDelete.php?id=' . $row['Id'] . '">Delete</a>

links are GET requests, not POST requests. So, $_GET['id'] (note that it is $_GET['id'] rather than $_GET['Id'] because you used id in your link) should be set, but it's not really safe to use a link to delete things to begin with.

There are various ways to get around this issue. One way is to have the delete link in your table direct you to a intermediate confirmation page that posts to the actual delete script.

edited May 23 '17 at 11:54

Community

1
1

answered Mar 20 '17 at 23:12

Don't Panic

41,125
10
61
80

I have replaced the POST with GET, but still get the same result with no delete. – Kdoinnt Mar 20 '17 at 23:21
Also see [this comment](http://stackoverflow.com/questions/42915572/php-delete-row-not-working/42915646#comment72930209_42915572) about the case sensitivity of 'id' vs. 'Id'. I edited the answer to show that (`$_GET['id']` instead of `$_GET['Id']`). – Don't Panic Mar 20 '17 at 23:23
but in the database I'm using "Id" is the name of the column not "id" – Kdoinnt Mar 20 '17 at 23:26
The key in `$_GET` is not related to what's used in your database. It only depends on what you used in the URL here: `AdminDelete.php?id=` – Don't Panic Mar 20 '17 at 23:28
Ok, I just got it. But now I'm getting an empty page instead of echo "Data Deleted"; – Kdoinnt Mar 20 '17 at 23:33
1

You haven't added your connection to the `mysqli_query` call. That function takes two arguments (see the "Procedural Style" section in [the manual](http://php.net/manual/en/mysqli.query.php)). The first should be your connection (`$conn`). – Don't Panic Mar 20 '17 at 23:39
Yes, I was missing that part. I have modified the delete.php so many time that I didn't even realize that. Thank you so much! – Kdoinnt Mar 20 '17 at 23:42

score 0 · Answer 2 · edited Mar 20 '17 at 23:41

0

it would not work because you are sending a get parameters and checking for post and note the comment above for prepared statement and also try not to use get to delete data because a programmer can easily change the id and delete another user info use post instead because it cant be tweaked that is why social use let me callm it ajax to delete, because a deleted cannot be retrieved unless you create an alternative so use POST METHOD instead change this

 if (isset($_POST['id']) && is_numeric($_POST['id'])){
 $id = mysqli_real_escape_string($conn, $_POST['id']);

to this

 if (isset($_GET['id']) && is_numeric($_GET['id'])){
$id = mysqli_real_escape_string($conn, $_GET['id']);

This should work

edited Mar 20 '17 at 23:41

Funk Forty Niner

74,450
15
68
141

answered Mar 20 '17 at 23:20

chiz

71
1
1
8

I have replaced the POST with GET but I'm still getting the same result. – Kdoinnt Mar 20 '17 at 23:22
change make you id small letter edited my answer id are case sensitive and note if you data is going to go wide meaning a lot of user try not to use post to delete – chiz Mar 20 '17 at 23:26

php delete $row not working

2 Answers2