Question

I have searched everywhere and cannot find the answer, I believe I have the correct code but there could be a typo.

What is going wrong here?

I have the link that posts the product id correctly to the url as shown:

userAccount.php:

while($columnDelete = mysqli_fetch_array($query, MYSQLI_ASSOC)){
        echo "<section class='product'>
                <a href='extras/deleteProcess.php?productId=".$columnDelete['productId']."' class='deleteProduct' style='color:#990000;font-family:arial;font-weight:bold;font-size:12pt;background:transparent;'>Delete?</a>
                <section class='productImg'>
                    <a target='_self' href='fullProductInfo.php?productId=".$columnDelete['productId']."'>
                        <img src='http://www.littlepenguindesigns.co.uk/pages/CMX/images/products/".$columnDelete['productImg']."' alt='".$columnDelete['productName']."' border='0' width='230' height='200' border='0' />
                    </a>
                </section>
                <section class='productName'><a target='_self' href='fullProductInfo.php?productId=".$columnDelete['productId']."'>".$columnDelete['productName']."</a></section>
                <section class='productPrice'>&pound;".$columnDelete['price']."</section></section>";
    }

The $columnDelete['productId']; is posting the correct ID to the url and the deleteProcess.php page, I can see the productId in the URL and I have also echoed it out onto the page to check, it does show:

deleteProcess.php:

$productId = $_GET['productId'];
$con = mysqli_connect("BLAH","BLAH","BLAH","BLAH") or die('Server connection not possible.');
$sql = ("DELETE FROM `product` WHERE `product`.`productId`= $productId");
mysqli_query($con, $sql);

echo "Deleted product ID: $productId successfully.<br /><br /><br /><br /><br /><br /> <a href='../userAccount.php#deletion'>Go back to user account and delete another.</a>";

I cannot understand what is going on, the product gets called into deleteProcess.php and onto the page but doesn't delete, it shows no errors either. As I'm newish to php and mysql I thought I'd best research, as I came up with no answer I thought to ask, so can anybody tell me what I'm doing wrong or point me in the right direction.

Was it helpful?

Solution 

$sql = ("DELETE FROM `product` WHERE `product`.`productId`= $productId");
mysqli_query($con,$sql);

to

$sql = "DELETE FROM `product` WHERE `product`.`productId`= $productId";
mysqli_query($con,$sql) OR DIE(mysqli_error($con)); //useful for debugging

warning! this code is vulnerable to SQL injection. fix sql injection by sanitizing all user input.

$productId = mysql_real_escape_string($_GET['productId']); // use mysql_real_escape_string on $_GET
$con = mysqli_connect("BLAH","BLAH","BLAH","BLAH") or die('Server connection not possible.');
$sql = "DELETE FROM `product` WHERE `product`.`productId`= '$productId'"; //add single quotes around variable $productid to seperate string from query
mysqli_query($con, $sql);

OTHER TIPS

Check query execution return success or not

$productId = $_GET['productId'];
$con = mysqli_connect("BLAH","BLAH","BLAH","BLAH") or die('Server connection not possible.');
$sql = ("DELETE FROM `product` WHERE `product`.`productId`= $productId");

$result = mysqli_query($con, $sql);
if(!$result)
   die("Query failed".mysql_error());

echo "Deleted product ID: $productId successfully.<br /><br /><br /><br /><br /><br /> <a href='../userAccount.php#deletion'>Go back to user account and delete another.</a>";
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top