Delete a users data from SQL using PHP

Hi im trying to delete a users booking detials when the user clicks delete in my bookingbeforedeltion.php file but for some reason when I test my php file once I click delete it goes to my delete.php screen and says it failed to delete from database and has the error Undefined index: rn. Is my rn not defined? Sorry Im new to this. Here is my code below:

bookingbeforedeltion.php:

<!DOCTYPE HTML>
<html><head><title>BookingBeforeDeletion</title> </head>
<body>

<?php
include "config.php"; 
$DBC = mysqli_connect("127.0.0.1", DBUSER , DBPASSWORD, DBDATABASE);


if (!$DBC) {
echo "Error: Unable to connect to MySQL.n". 
mysqli_connect_errno()."=".mysqli_connect_error() ;
exit; 
};


echo "<pre>";  

$query = 'SELECT roomname, checkindate, checkoutdate FROM booking';

$result = mysqli_query($DBC,$query);


if (mysqli_num_rows($result) > 0) {


echo "Delete Bookings" ?><p><?php 
while ($row = mysqli_fetch_assoc($result)) {
  echo "Room name: ".$row['roomname'] . PHP_EOL;
  echo "Check in date: ".$row['checkindate'] . PHP_EOL;
  echo "Check out date: ".$row['checkoutdate'] . PHP_EOL;
  ?>

    <a href= 'delete.php?rn=$result[roomname]'>Delete</a> <a href="index.php">[Cancel]</a>
   
  <?php
  echo "<hr />";
}
mysqli_free_result($result);
}
echo "</pre>";


echo "Connectted via ".mysqli_get_host_info($DBC); 

mysqli_close($DBC);
?>


</body>
</html>

​x
 
<!DOCTYPE HTML><html><head><title>BookingBeforeDeletion</title> </head><body>​<?phpinclude "config.php"; $DBC = mysqli_connect("127.0.0.1", DBUSER , DBPASSWORD, DBDATABASE);​​if (!$DBC) {echo "Error: Unable to connect to MySQL.n". mysqli_connect_errno()."=".mysqli_connect_error() ;exit; };​​echo "<pre>";  ​$query = 'SELECT roomname, checkindate, checkoutdate FROM booking';​$result = mysqli_query($DBC,$query);​​if (mysqli_num_rows($result) > 0) {​​echo "Delete Bookings" ?><p><?php while ($row = mysqli_fetch_assoc($result)) {  echo "Room name: ".$row['roomname'] . PHP_EOL;  echo "Check in date: ".$row['checkindate'] . PHP_EOL;  echo "Check out date: ".$row['checkoutdate'] . PHP_EOL;  ?>​    <a href= 'delete.php?rn=$result[roomname]'>Delete</a> <a href="index.php">[Cancel]</a>     <?php  echo "<hr />";}mysqli_free_result($result);}echo "</pre>";​​echo "Connectted via ".mysqli_get_host_info($DBC); ​mysqli_close($DBC);?>​​</body></html>​

delete.php:

<!DOCTYPE HTML>
<html><head><title>BookingBeforeDeletion</title> </head>
body>

<?php
include "config.php"; 
$DBC = mysqli_connect("127.0.0.1", DBUSER , DBPASSWORD, DBDATABASE);


if (!$DBC) {
echo "Error: Unable to connect to MySQL.n". 
mysqli_connect_errno()."=".mysqli_connect_error() ;
exit; 
};


echo "<pre>";  

$roomname=$_GET['rn'];
$query = "DELETE bookingID, roomname, checkindate, checkoutdate, contactnumber,
bookingextras, roomreview, customerID, roomID FROM booking WHERE roomname = 
'$roomname'";
$result = mysqli_query($DBC,$query);

if($result)
{
echo "<font color='green'> Booking deleted from database";
}
else {
echo "<font color='red'> Failed to delete booking from database";
}

?>

 
<!DOCTYPE HTML><html><head><title>BookingBeforeDeletion</title> </head>body>​<?phpinclude "config.php"; $DBC = mysqli_connect("127.0.0.1", DBUSER , DBPASSWORD, DBDATABASE);​​if (!$DBC) {echo "Error: Unable to connect to MySQL.n". mysqli_connect_errno()."=".mysqli_connect_error() ;exit; };​​echo "<pre>";  ​$roomname=$_GET['rn'];$query = "DELETE bookingID, roomname, checkindate, checkoutdate, contactnumber,bookingextras, roomreview, customerID, roomID FROM booking WHERE roomname = '$roomname'";$result = mysqli_query($DBC,$query);​if($result){echo "<font color='green'> Booking deleted from database";}else {echo "<font color='red'> Failed to delete booking from database";}​?>​

Answer

and I think this will help:

As mentioned above, you need to print it from the PHP

<a href= 'delete.php?rn=$result[roomname]'>
// To 
<a href= 'delete.php?rn=<?= $row['roomname'] ?>'>
// Explanation:
// 1. <?= ... ?> is the short form of <?php echo ... ?>
// 2. The `roomname` came from $row, not $result ($result is the MySQLi Object)
// 3. You need to quote the `roomname` because without it `roomname` will be readed
//    as Constant, and may Throw a Warning message
//

 
<a href= 'delete.php?rn=$result[roomname]'>// To <a href= 'delete.php?rn=<?= $row['roomname'] ?>'>// Explanation:// 1. <?= ... ?> is the short form of <?php echo ... ?>// 2. The `roomname` came from $row, not $result ($result is the MySQLi Object)// 3. You need to quote the `roomname` because without it `roomname` will be readed//    as Constant, and may Throw a Warning message//​

Your DELETE is incorrect, the correct one is DELETE FROM ... WHERE ...

$query = "DELETE bookingID, roomname, checkindate, checkoutdate, contactnumber,
bookingextras, roomreview, customerID, roomID FROM booking WHERE roomname = 
'$roomname'";
// To
$query = "DELETE FROM booking WHERE roomname = '$roomname'";

 
$query = "DELETE bookingID, roomname, checkindate, checkoutdate, contactnumber,bookingextras, roomreview, customerID, roomID FROM booking WHERE roomname = '$roomname'";// To$query = "DELETE FROM booking WHERE roomname = '$roomname'";​

EXTRA: 3. You can assign a default value to $roomname

$roomname=$_GET['rn'];
// To
$roomname=$_GET['rn'] ?? 'default if null';

// if the rn index doesnt exist, the $roomname value will be `default if null` instead of throwing a Warning

 
$roomname=$_GET['rn'];// To$roomname=$_GET['rn'] ?? 'default if null';​// if the rn index doesnt exist, the $roomname value will be `default if null` instead of throwing a Warning​

Try to use Prepared-Statement SQL instead of writing it. (I dont know the example, but it can prevent SQL Injection)

Advertisement

Answer