I have a list.php which displays all the records that is in the database with 2 options Edit or Delete. When clicked its suppose to delete by id but instead it deleted everything. I'm not sure where i went wrong, please help.

list.php

<?php

include "db.php";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $stmt = $conn->prepare("SELECT * FROM myguestbook");
    $stmt->execute();

    $result = $stmt->fetchAll(); //fetchAll() function will grab the query result and store it in an associative array $result. grab more than one record.

    }
catch(PDOException $e)
    {
    echo "Error: " . $e->getMessage();
    }

$conn = null;
?>
<!DOCTYPE html>
<html>
<head>
  <title>My Guestbook</title>
</head>
<body>
<ol>
<?php
foreach($result as $row) {
  echo "<li>";
  echo "Name : ".$row["user"]."<br>";
  echo "Email : ".$row["email"]."<br>";
  echo "Date : ".$row["postdate"]."<br>";
  echo "Time : ".$row["posttime"]."<br>";
  echo "Comments : ".$row["comment"]."<br>";
  echo "Action : <a href=edit.php?id=".$row["id"].">Edit</a> / <a href=delete.php?id=".$row["id"].">Delete</a>";
  echo "</li>";
  echo "<hr>";
}
?>
</ol>

</body>
</html>

delete.php

<?php

if (isset($_GET['id'])) {

  include "db.php";

  try {
      $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
      $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

      $stmt = $conn->prepare("DELETE FROM myguestbook WHERE id = :record_id");
      $stmt->bindParam(':record_id', $id, PDO::PARAM_INT);
      $id = $_GET['id'];

      $stmt->execute();

      header("Location:list.php");
      }

    catch(PDOException $e)
    {
        echo "Error: " . $e->getMessage();
    }

    $conn = null;
  }
else {
  echo "Error: You have execute a wrong PHP. Please contact the web administrator.";
  die();
}

?>

The code seems to be okay, are you sure opcache is disabled? If you are using PHP 7.0 then it's enabled by default, so if you ran the delete.php script and this was cached by the engine, then even after changing the code you still hit the cached version, until expiration, so while developing you can get an unexpected result. If this is the case you should disable it.

Run:

print var_dump(opcache_get_status());
die;

To see the current status, it does not matter from which script you run it, if enabled, it will return the list of cached scripts

Actually, sorry all my fault. I didnt check my table structure properly. i forgot to auto_increment the id attribute. so all the records were getting id of 0. rookie move. sorry. thanks anyway.

commented: No problem, bye ;) +15

Also make the id field a primary key (or at least unique) to prevent this from happening at the application level.

Thanks for sharing this information

You do realize that anyone can delete your entire database as written right?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.