How to delete data from SQL, using PHP/HTML form

Question

I have a question about deleting data from SQL by using php form.

My php form is something like this:(it's just HTML I guess)

<html>
    <body>
        <form action="delete.php" method="get">
          Uporabniško ime <input type="text" name="user"><br>
          <input type="submit" value="Submit">
        </form>
    </body>
</html>

and then I have code that should delete from my sql called delete.php:

<?php
    $servername = "localhost";
    $username = "test";
    $password = "test";
    $dbname = "iss";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } 

    $user = $_POST['user'];


    /*if (is_int($_GET['up_ime']) 
        $query = "DELETE FROM uporabniki WHERE up_ime = " . $_GET['up_ime'];
        $result = mysqli_query($con, $query);
        // Check the result and post confirm message
    }*/

    $sql = "DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = " .$_POST['user'];

?>

In my sql database I have DB called "iss" and table "uporabniki". up_ime is Unique and is basicly username. So I'm trying to make form, where I can write username, and when I click submit, that user should be deleted from SQL database. I have no idea what I'm doing wrong and why this isn't working.

Answer 1

As refered to this W3 document http/1.1 Methods definition

This should be how to write a form dedicated to delete something

<html>
    <body>
        <form action="delete.php" method="delete">
          Uporabniško ime <input type="text" name="user"><br>
          <input type="submit" value="Submit">
        </form>
    </body>
</html>

And this would be the php receiving the request (also I would recommend you to use, instead of mysqli, PDO which I will use then in my answer)

<?php
    $host= "localhost";
    $username = "test";
    $password = "test";
    $dbname = "iss";

    // Create connection and catch possible error
    try {
        $conn = new PDO('mysql:host='.$host.';dbname='.$dbname.', '.$username.', '.$password);}
    catch (Exception $e)
    {
        die('Error : ' . $e->getMessage());
    } 

    if (isset($_DELETE['user'] && !empty($_DELETE['user'])) {
        $user = $_DELETE['user'];
    } else {
        // if $_DELETE['user'] is not set or empty we close the transaction
        $pdo = null;
        die('Error : user is undefined');
    }
    $stmt = $conn->prepare("DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = :user");
    // we bind parameter to reduce the risk of injection
    $stmt->bindparam(:user, $user, PDO::PARAM_STR);
    $stmt->execute();
    $stmt = null;
    $pdo = null;
?>

hoping this will help you or someone else in the future!

Answer 2

Just change the form method like this:

<form action="delete.php" method="post">

And also don't forget to execute the query:

$sql = "DELETE FROM iss.uporabniki WHERE uporabniki.up_ime = " .$_POST['user'];
$delete_result = mysqli_query($conn, $sql) ;

Answer 3

you write method="get" in html and in php you used $_POST. Change this correctly and your code will run successfully.