I am developing an Android application, and I have connected my application to the cloud server. Now I want to delete a particular user from the login database, users table in the server. The input is given from the app. The input is the email id. The problem that I am facing is, that I am always getting the result as true even though the data in the database does not exist. Example: if there is an email id "example@email.com" in the database, if the input given is "example@email.com", the query result is true. If the input email is "no@email.com" which does not exist in the database, the result is always true... Below is my PHP code to communicate with the database as well as with the Sndroid app. <?php $email = $_GET['email']; $servername = "localhost"; $usernamedb = "root"; $passworddb = "smartlock"; $dbname = "login"; $conn = mysqli_connect($servername,$usernamedb,$passworddb,$dbname); $sql = "DELETE FROM `users` WHERE (`email`='".$email."')"; if ($conn->query($sql) === TRUE) { $response = array('message'=>'success'); echo json_encode($response); } else { $response = array('message'=>'wrong'); echo json_encode($response); } mysqli_close($conn); ?>

Reputation: 21

Always TRUE result in PHP code when delete query is used

I am developing an Android application, and I have connected my application to the cloud server. Now I want to delete a particular user from the login database, users table in the server. The input is given from the app. The input is the email id.

The problem that I am facing is, that I am always getting the result as true even though the data in the database does not exist.

Example: if there is an email id "[email protected]" in the database, if the input given is "[email protected]", the query result is true.
If the input email is "[email protected]" which does not exist in the database, the result is always true...

Below is my PHP code to communicate with the database as well as with the Sndroid app.

<?php
    $email = $_GET['email'];

    $servername = "localhost";
    $usernamedb = "root";
    $passworddb = "smartlock";
    $dbname = "login";
    $conn = mysqli_connect($servername,$usernamedb,$passworddb,$dbname);
    $sql = "DELETE   FROM  `users` WHERE (`email`='".$email."')";

    if ($conn->query($sql) === TRUE)  {
        $response = array('message'=>'success');
        echo json_encode($response);
    } 
    else {
        $response = array('message'=>'wrong');
        echo json_encode($response);
    }

    mysqli_close($conn);
?>

Upvotes: 1

Answers (3)

Abid Khan

Reputation: 309

It's normal the way the condition is written you will always get a TRUE value, cause it doesn't perform the query it just checks if the query is executable or not. You need to use mysql_affected_rows or $mysqli->affected_rows to see if actually the row gets affected or not.

Upvotes: 0

ThatGuyInIT

Reputation: 2239

$conn->query($sql) will be true unless there was an error executing the query. If you want to know how many rows were affected you will need to use the mysql_affected_rows function.

Note that this line:

$sql = "DELETE   FROM  `users` WHERE (`email`='".$email."')";

would allow for a SQL injection attack. Look into prepared statements.

Upvotes: 1

Aditya

Reputation: 851

Query function Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE.

You can use

   $mysqli->affected_rows

to find number of rows deleted and then figure out if rows were deleted actually

Upvotes: 1

Always TRUE result in PHP code when delete query is used

Answers (3)

Related Questions