1

I am trying to delete a row from a table using PHP (PDO) on a page listing the rows entered into the database. I've been tinkering with the delete.php code to try to make it work but to no avail. I appreciate any help.

Below is my code:

listview.php 

   session_start(); 
   include_once('../includes/connection.php'); 
   include_once('../includes/events.php'); 
   $event = new Event; 
   $events =$event->fetch_all(); 


   if(isset($_SESSION['logged_in'])) { 
   //display index


   ?> 
   <html>
   <head>
<meta charset="utf-8">
<title>Welcome to the admin page</title>
</head>

<body>
  <div class="container">
     <h1>The List of Events</h1>

    <ol>
    <?php foreach ($events as $event) { ?> 
      <li> 

      <?php echo $event['event_name']; ?> 
      <?php echo $event['event_date']; ?>
      <?php echo $event['event_location']; ?>
      <?php echo $event['description']; ?>
      <?php echo $event['start_time']; ?>
      <?php echo $event['end_time']; ?>
       <?php echo $event['poc_name']; ?>
      <?php echo $event['poc_email']; ?>
      <?php echo $event['poc_number']; ?>  

       <!--edit/delete links--> 
       <a href="events.php?action=edit&event=<?php echo $event['event_id']; ?>">Edit</a>
       <a href="delete.php?id=<?php echo $event['event_id']; ?>">Delete</a>
       <!--end edit/delete links--> 

      </li>
     <?php } ?> 
    </ol>

  </div> 

</body>
</html>  




  <?php 
 } else {  
    if(isset($_POST['username'], $_POST['password'])) { 
       $username = $_POST['username']; 
       $password = $_POST['password']; 

       //check the fields in the login form
       if(empty($username) or empty($password)) { 
       $error = 'All fields are required'; 
       } else { 
         $query = $dbh->prepare("SELECT * FROM admin WHERE username = ? AND userpassword = ?");    
         $query->bindValue(1, $username); 
         $query->bindValue(2, $password); 

         $query->execute(); 

         $num = $query->rowCount(); 

         if($num == 1) { 
           //correct
           $_SESSION['logged_in'] = true; 
           header('Location: index.php'); 
           exit(); 

         } else { 
            //incorrect
            $error = 'Incorect details'; 
         } 

       } 

 } 

   ?> 
   <html>
<head>
<meta charset="utf-8">
<title>Squeegee Admin Login</title>
</head>

<body>

  <div class="container">
    <a href="index.php" id="logo">Squeegee Admin</a>
    <br/>  

    <?php if (isset($error)) { ?> 
      <small style="color:#aa000; "><?php echo $error; ?> </small>
    <?php } ?> 

    <form action="index.php" method="post" autocomplete="off"> 
       <input type="text" name="username" placeholder="Username" /> 
         <input type="password" name="password" placeholder="Password" />
     <input type="submit" value="Login" />
    </form>

  </div> 
</body>
</html>


 <?php } ?>

Connection 

<?php
// mysql hostname
$hostname = 'localhost';
// mysql username
$username = 'root';
// mysql password
$password = '';
// Database Connection using PDO
try {
$dbh = new PDO("mysql:host=$hostname;dbname=squeegee", $username, $password);
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
?>

events.php

    <?php 
    class Event {  

      //queries from database
      public function fetch_all() { 
        global $dbh; 

        $query = $dbh->prepare("SELECT * FROM events"); 
        $query->execute(); 

        return $query->fetchAll(); 
      } 

      //queries specific article via id 
      public function fetch_data($event_id) { 
        global $dbh;  
        $query = $dbh->prepare("SELECT * FROM events WHERE event_id = ? ");
        $query->bindValue(1, $event_id);  
        $query->execute(); 

        return $query->fetch(); 
      } 
    }  


    ?>

delete.php

<?php
    include('../includes/connection.php');
$event_id=$_GET['event_id'];
$result = $dbh->prepare("DELETE FROM events WHERE event_id= :event_id");
$result->bindParam(':event_id', $event_id);
$result->execute();
header("location: index.php");

?>
Improve this question
1
  • Side note: you need to add some authorisation check on your delete code. As it stands anyone could systematically delete your entire table. Commented Dec 20, 2014 at 7:50

1 Answer 1

Reset to default
1

As your question stands, it seems you're accessing the wrong index.

In your link it is defined as id:

<a href="delete.php?id=<?php echo $event['event_id']; ?>">Delete</a>
                  // ^

But then accessed in your PHP file as:

$event_id=$_GET['event_id'];

Must be: $event_id = $_GET['id'];

Either you change your url as ?event_id in the anchor or change the array index in your PHP $event_id = $_GET['id'];. The important things is they must match.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It is strongly discouraged to trigger a DELETE event on your server from a $_GET request. Basic crawlers could purge your database table for you while you sleep!
@mickmackusa i suppose you have a point there, but it might be even more sensible to put csrf token + session on crud actions minus the reading then you'd know the operation is from an authenticated user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.