CODEWITHSUNDEEP
phpmysql
Max
Max

Reputation: 43

delete button in PHP not working

I've made a delete button and I want that whenever is get pressed it deletes a 'reservation' in my database. This is my code:

require_once"database.php";
if(isset($_POST["verwijderen"])) {
    $email = ($_SESSION["userId"]);
    $delete = mysql_query("DELETE FROM reserveringen WHERE Email = $email ");
}

verwijderen is the name of my delete button. $email gives me the email of the person who's logged in and $delete is the query. reserveringen is my table name and email is the colomn's name. I've tried this but it isn't working. $email does give me the email of the logged in person (I've checked it with echo($email)).

Edit: full code:

<?php
session_start();

$loggedIn = "";
if (isset($_SESSION["loggedIn"])) {
    $loggedIn = $_SESSION["loggedIn"];
} else {
    header('Location:reserveringssysteeminloggen.php');
}
$email = ($_SESSION["userId"]);


require_once"database.php";
if(isset($_POST["verwijderen"])) {
    $email = ($_SESSION["userId"]);
    $result = $mysql_query("DELETE FROM reserveringen WHERE Email = '$email' ");}

?>

Upvotes: 0

Views: 361

Answers (3)

Tom
Tom

Reputation: 433

First of all, don't use mysql_query, it is deprecated. PDO::Mysql is the new standard to use, it is also much safer to use because of the prepare statement (and bindParam). This will safeguard you against SQL injections. It will also automatically place your string correctly into the sql-query.

$pdo = new PDO('mysql:host=localhost;dbname=DATABASENAME', "USERNAME", "PASSWORD");
if(isset($_POST["verwijderen"])){    
    $sql = "DELETE FROM reserveringen WHERE Email = :email";
    $stmt = $pdo->prepare($sql);
    $stmt->bindParam(':email', $email, PDO::PARAM_STR);   
    $stmt->execute();
}

Upvotes: 1

Mureinik
Mureinik

Reputation: 311393

SQL uses single quotes (') to denote string literals, which you are currently missing:

$delete = mysql_query("DELETE FROM reserveringen WHERE Email = '$email'");

EDIT:
Obligatory warnings:

  1. mysql_query is deprecated, please consider either mysqli or PDO.
  2. This approach is vulnerable to SQL injection attacks. Consider using a prepared statement.

Upvotes: 2

SMA
SMA

Reputation: 37023

Add a quotes around $email like:

$delete = mysql_query("DELETE FROM reserveringen WHERE Email = '$email' ");

Note aside: Your query is vulnerable to SQL Injection. You may consider using prepared statement.

Upvotes: 1

Related Questions