Delete user ID not set problem

Question

davidjennings 0 Junior Poster in Training

10 Years Ago

Hi I am having a problem with the user ID being set, resulting in not deleting the chosen record.

This is the data being passed in the url from view.php - delete.php http://localhost/crud/delete.php?91 . I have put in an if statement to check if the UserID is set and it fails.

Any help would be appriciated

Thanks

David

page view.php

<?php

include('include/db.php');

if ($result = $mysqli->query("select * FROM users ORDER BY UserID")){


    if ($result->num_rows >0){

            echo"<table border='0' cellpadding='10'>";
            echo "<tr><th>ID</th><th>Name</th><th>User Email</th><th>Update</th><th>Delete</th></tr>";
            while($row = $result->fetch_object())
            {
            echo "<tr>";
            echo "<td>" . $row->UserID . "</td>";
            echo "<td>" . $row->UserFullname . "</td>";
            echo "<td>" . $row->UserEmail . "</td>";
            echo "<td><a href='records.php?" .$row->UserID."'>Update</a></td>";
            echo "<td><a href='delete.php?" .$row->UserID."'>Delete</a></td>";
            echo "<tr>";

            }
            echo "</table>";
    }else {

            echo"No reslts found";
    }
}else {

        echo "error". $mysqli->error;
}
$mysqli->close();
?>

Page: delete.php

<?php

include('include/db.php');
if (isset($_POST['UserID']) ? $_POST['UserID'] : ""){
// if ($_POST['UserID'] == "true"){


    $stmt = $mysqli->prepare("DELETE FROM users WHERE UserID = ?");
    $stmt->bind_param('i', $_POST['UserID']);
    $stmt->execute(); 
    $stmt->close();
    exit;
}
else 
{
    echo "Error!! UserID not set";
    exit;
}
    $mysqli->close();
    header("location: view.php");

?>

php

Edited 10 Years Ago by davidjennings

2 Contributors
4 Replies
257 Views
1 Day Discussion Span
Latest Post 10 Years Ago Latest Post by davidjennings

diafol

10 Years Ago

Perhaps you should specify a key:

 http://localhost/crud/delete.php?user_id=91

Like:

echo "<td><a href='delete.php?user_id=" .$row->UserID."'>Delete</a></td>";

And then as you're passing this in the querystring, you need...

if (isset($_GET['UserID']) ? $_GET['UserID'] : ""){

However, manipulations should use POST not GET.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

davidjennings 0 Junior Poster in Training · Answer 1 · 2013-12-06T12:25:33+00:00

Hi Diafol, Thanks for your reply - I have made the changes to $_GET and it works. How can I change this to capture $_POST data as this was my orignal idea for security.

Thanks

David

diafol · Answer 2 · 2013-12-07T09:07:38+00:00

POST won't really help with security that much as headers can be spoofed.

You can set a form around the table and provide each button with a name and submit type.

davidjennings 0 Junior Poster in Training · Answer 3 · 2013-12-07T14:34:39+00:00

davidjennings 0 Junior Poster in Training

10 Years Ago

Thanks Diafol