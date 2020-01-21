PHP PDO Delete Query

#1

Sorry if this is a duplicate question, but I’m trying to figure out how to create a delete query using PHP PDO and MySQL.

I have a table on a webpage that has an action column with two buttons. One for editing and one for deleting (like this):

image

The edit code redirects the user to another page to edit the user’s information. The edit code is functional, but the delete code doesn’t appear to work.

Here is what I have so far:

<?php

include ('../dbconnect.php');

$id = $_GET['id'];

$stmt = "DELETE FROM users WHERE id = :id";
$stmt->bindParam(':id', $id);

// Delete
if(isset($_POST['btn_delete'])) { 
  $id = $_GET['id']; 
  $stmt->execute();
  header('Location: ../../users.php');
}

?>

My goal is to redirect the user back to the users.php file where the table is. I have a confirmation as well using a Bootstrap Modal (code shown below) that shows when the user clicks the Delete Icon in the users table:

<div class="modal fade" id="deleteModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalLabel" aria-hidden="true">
    <div class="modal-dialog" role="document">
      <div class="modal-content">
        <div class="modal-header">
          <h5 class="modal-title" id="exampleModalLabel">Delete User</h5>
          <button class="close" type="button" data-dismiss="modal" aria-label="Close">
            <span aria-hidden="true">×</span>
          </button>
        </div>
        <div class="modal-body">Are you sure you want to delete this user?</div>
        <div class="modal-footer">
          <button class="btn btn-secondary" type="button" data-dismiss="modal">Cancel</button>
		  <a class="btn btn-danger" href="api/users/delete.php">Delete</a>
        </div>
      </div>
    </div>
  </div>

I currently see these two errors when I run the script:

Notice: Undefined index: id in C:\xampp\htdocs\ccrp\api\users\delete.php on line 5

Fatal error: Uncaught Error: Call to a member function bindParam() on string in C:\xampp\htdocs\ccrp\api\users\delete.php:8 Stack trace: #0 {main} thrown in C:\xampp\htdocs\ccrp\api\users\delete.php on line 8

Am I doing this right? How do I fix it?

#2

  1. $_GET['id'] expects an ID to be in your URL, but there isn’t one. An example would be api/users/delete.php?id=42

  2. You check for $_POST['btn_delete'], but there is no form in your HTML, so there will never be post data. Either make it a form (recommended) or change the check to something else.

#3

@rpkamp I’d rather not use a form for this since the edit code uses one. I want the user to just click the button and confirm they want to delete the user account. I also noticed this line of code twice:

$id = $_GET['id'];

Is it necessary to have it twice?

#4

The request can’t be GET and POST at the same time, it can be one or the other.
A form (via POST) is recommended for delete requests. A simple link with a GET variable can get inadvertantly crawled, and delete all your data.