a href not working on my echo php

Question

Hi I cant seem to figure this out. I have a table and i wanted to add a delete function here's my code

<?php         
$delete = "delete";
    $user = $_SESSION['hlbank_user']['user_id'];  
    $sql = "SELECT * FROM tbl_complains where user_id='".$user."' ORDER BY create_date asc ";
    $result = dbQuery($sql);
    while($row = dbFetchAssoc($result)){

      if($row['eng_id']==0){
        $engid= 'N/A';
      }else{
    $sqls = "SELECT * FROM tbl_engineer where eid='".$row['eng_id']."'";
    $results = dbQuery($sqls);
    $rows = dbFetchAssoc($results);
      $engid= $rows['ename'];
      }
      echo '<tr class="row1" style="height:25px;">
            <td align="center">'.$row['acc_no'].'</td>
            <td align="center">'.$row['comp_name'].'</td>
            <td align="center">'.$row['comp_desc'].'</td>
            <td align="center">'.$row['status'].'</td>
            <td align="center">'.'<a href='delete.php?id=".$row['user_id']."'>'.'Delete'.'</a>'.'</td>';
            //The problem is in this line. When ever i try putting a href the whole table will not show.

      echo '</tr>';

    }
?>

and here's my delete.php

<?php

if(isset($_GET['user_id'])) {
$id = $_GET['user_id'];

$con = new mysqli('localhost', 'root', '', 'db_hlbank');
$sql = 'DELETE FROM tbl_complains WHERE user_id = ?';
$delete = $con->prepare($sql);
$delete->bind_param('i', $id);
$delete->execute();

if($delete->affected_rows > 0) {
    header('Location: index.php');
}
}

?>

Another questions: Is there a way to integrate this without calling delete.php?

Thank you very much!

Answer 1

Some of the unnecessary quotes+dots. Do like below:-

<td align="center"><a href="delete.php?id='.$row['user_id'].'">Delete</a></td>';

So code will be:-

echo '<tr class="row1" style="height:25px;">
          <td align="center">'.$row['acc_no'].'</td>
          <td align="center">'.$row['comp_name'].'</td>
          <td align="center">'.$row['comp_desc'].'</td>
          <td align="center">'.$row['status'].'</td>
          <td align="center"><a href="delete.php?id='.$row['user_id'].'">Delete</a></td>';
      echo '</tr>';

Answer 2

To avoid getting into a mess with quotes in future,you can write something like:

<?php foreach($results as $result): ?>

//say you have stored the results in $results as an associative array after executing a query

<tr>  //looping an entire row
<td align=""><?=$result['name']?></td>
<td align=""><?=$result['email']?></td>
.
.
.
<td align=""><a href="delete.php?id=<?=$result['id']?>">Delete</a></td>
</tr>  //end of row

<?php endforeach; ?>   //end of loop

Answer 3

Change this line

<td align="center">'.'<a href='delete.php?id=".$row['user_id']."'>'.'Delete'.'</a>'.'</td>';

to

<td align="center"><a href="delete.php?id='.$row['user_id'].'">Delete</a></td>';

Answer 4

If you look at the syntax highlighting of the code in your post, you should be able to spot the error.

That said there are a couple of things you should read up on, in order to greatly improve the quality of your code.

The first thing is JOINs in SQL.
In this case you want to do an INNER JOIN on the tbl_engineer table, on the foreign key relation you've already set up. This'll make the query look something like this:

SELECT [fields] FROM companies AS c
INNER JOIN engineers AS e ON e.id = c.engineer_id
ORDER BY c.date

This will help you greatly reduce the number of queries you run. From 1+x, where x is the number of records, to 1. If you have a couple thousand records, the resource consumption of your script rapidly increases.

Second thing is that you have a couple of security issues here. Namely with SQL injections via the session data, as you haven't used prepared statements here; And XSS-attacks via the table, as you haven't used htmlspecialchars() to prevent your users from injecting HTML into your source.

A third thing is that you should always use die() after a header() redirect. Otherwise the PHP script will continue to run, and execute most/all of the code after the redirect.

A fourth, and minor issue, is that your indenting could do with some cleaning up. Make sure you indent consistently, and properly. This will help both you and others read your code later on, and lessen the probability for bugs to occur.

Also, you cannot "incorporate" the deletion into the script without a "delete.php" page. This is because of how HTTP communication work, as you need to have a page on the server which receives and handles the user's request.
The closest you can come, is to move the delete code into the script that fetches the data from the database. If you do, then you need to add a second parameter in the URL to tell your script to run that branch of the code.

Answer 5

There is issue with the quotes

Replace

<td align="center">'.'<a href='delete.php?id=".$row['user_id']."'>'.'Delete'.'</a>'.'</td>';

With

<td align="center">'.'<a href="delete.php?id='.$row['user_id'].'">Delete</a></td>';

This will definitely work.

Answer 6

You are missing quotes.

'<td align="center"><a href="delete.php?id='.$row['user_id'].'">Delete</a></td>';

I would suggest you use delete.php if you need to be able to delete multiple users from one page. You can however use jQuery AJAX to handle the request without reloading the page.

Answer 7

This should work:

echo '<tr class="row1" style="height:25px;">
        <td align="center">'.$row['acc_no'].'</td>
        <td align="center">'.$row['comp_name'].'</td>
        <td align="center">'.$row['comp_desc'].'</td>
        <td align="center">'.$row['status'].'</td>
        <td align="center">'.'<a href="delete.php?id='.$row['user_id'].'">'.'Delete'.'</a>'.'</td>';