0

Hi I am having a problem with the user ID being set, resulting in not deleting the chosen record.

This is the data being passed in the url from view.php - delete.php http://localhost/crud/delete.php?91 . I have put in an if statement to check if the UserID is set and it fails.

Any help would be appriciated

Thanks

David

page view.php

<?php

include('include/db.php');

if ($result = $mysqli->query("select * FROM users ORDER BY UserID")){


    if ($result->num_rows >0){

            echo"<table border='0' cellpadding='10'>";
            echo "<tr><th>ID</th><th>Name</th><th>User Email</th><th>Update</th><th>Delete</th></tr>";
            while($row = $result->fetch_object())
            {
            echo "<tr>";
            echo "<td>" . $row->UserID . "</td>";
            echo "<td>" . $row->UserFullname . "</td>";
            echo "<td>" . $row->UserEmail . "</td>";
            echo "<td><a href='records.php?" .$row->UserID."'>Update</a></td>";
            echo "<td><a href='delete.php?" .$row->UserID."'>Delete</a></td>";
            echo "<tr>";

            }
            echo "</table>";
    }else {

            echo"No reslts found";
    }
}else {

        echo "error". $mysqli->error;
}
$mysqli->close();
?>

Page: delete.php

<?php

include('include/db.php');
if (isset($_POST['UserID']) ? $_POST['UserID'] : ""){
// if ($_POST['UserID'] == "true"){


    $stmt = $mysqli->prepare("DELETE FROM users WHERE UserID = ?");
    $stmt->bind_param('i', $_POST['UserID']);
    $stmt->execute(); 
    $stmt->close();
    exit;
}
else 
{
    echo "Error!! UserID not set";
    exit;
}
    $mysqli->close();
    header("location: view.php");

?>

Edited by davidjennings

2
Contributors
4
Replies
28
Views
3 Years
Discussion Span
Last Post by davidjennings
1

Perhaps you should specify a key:

 http://localhost/crud/delete.php?user_id=91 

Like:

echo "<td><a href='delete.php?user_id=" .$row->UserID."'>Delete</a></td>";

And then as you're passing this in the querystring, you need...

if (isset($_GET['UserID']) ? $_GET['UserID'] : ""){

However, manipulations should use POST not GET.

0

Hi Diafol, Thanks for your reply - I have made the changes to $_GET and it works. How can I change this to capture $_POST data as this was my orignal idea for security.

Thanks

David

0

POST won't really help with security that much as headers can be spoofed.

You can set a form around the table and provide each button with a name and submit type.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.