-8

I am testing some code to view and delete records from a list if the delete button is clicked. I am getting the following error with the code.

PHP Warning:  mysqli_error() expects exactly 1 parameter, 0 given in /home2/tcabsup1/public_html/TeachingPeriod/deleteTeachingPeriod.php on line 5

Table

CREATE TABLE TeachingPeriod (
    TPeriodIntake           VARCHAR(255),
    PRIMARY KEY             (TPeriodIntake)
);

deleteTeachingPeriod.php

<?php
include ('db_connect.php');
$TPeriodIntake=$_REQUEST['TPeriodIntake'];
$query = "DELETE FROM TeachingPeriod WHERE TPeriodIntake = '$TPeriodIntake'";  
$result = mysqli_query($conn, $query) or die (mysqli_error());
header("Location: viewTeachingPeriod.php"); 
?>

viewTeachingPeriod.php

<?php
include ('db_connect.php');
?>

<!DOCTYPE html>
<html>
<head>
<title>View Teaching Period</title>
</head>
<body>
<div class="form">
<h2>View Teaching Period</h2>
<table>
<thead>
<tr>
<th><strong>Teaching Period Name</strong></th>
<th><strong>Delete</strong></th>
</tr>
</thead>
<tbody>
<?php
$count=1;
$sel_query="Select * from TeachingPeriod;";
$result = mysqli_query($conn,$sel_query);
while($row = mysqli_fetch_assoc($result)) { ?>
<tr>
<td align="center"><?php echo $row["TPeriodIntake"]; ?></td>
<td align="center">
<a href="deleteTeachingPeriod.php?TPeriodIntake=<?php echo $row["TPeriodIntake"]; ?>">Delete</a>
</td>
</tr>
<?php $count++; } ?>
</tbody>
</table>
</div>
</body>
</html>

It seems a little odd because I can get the code working with the Project table but I cant get it working with the Teaching Period so it doesn't seem like its an issue with the database connection.

All I can imagine is its something to do with how Project has an auto-incrementing interger for a primary key whereas the Teaching period is a natural key with VARCHAR data type.

The only other difference is we only want to be able to delete a teaching period, there should not be an option to edit a teaching period.

The code that DOES work is below. Both reference the same database connection file.

CREATE TABLE Projects (
    ProjectID               INT(10) AUTO_INCREMENT,
    ProjectName             VARCHAR(255) NOT NULL,
    ProjectDescription      VARCHAR(255) NOT NULL,
    PRIMARY KEY             (ProjectID)
);

<?php
include ('../db_connect.php');
$ProjectID=$_REQUEST['ProjectID'];
$query = "DELETE FROM Projects WHERE ProjectID = $ProjectID"; 
$result = mysqli_query($conn,$query) or die (mysqli_error());
header("Location: viewProject.php"); 
?>

<?php
include ('../db_connect.php');
include '../head.php';
?>

<!DOCTYPE html>
<html>
<head>
<title>View Project</title>
</head>
<body>
<div class="form">
<p><a href="registerProject.php">Insert New Project</a> 
<h2>View Project</h2>
<table>
<thead>
<tr>
<th><strong>Project Name</strong></th>
<th><strong>Project Description</strong></th>
<th><strong>Edit</strong></th>
<th><strong>Delete</strong></th>
</tr>
</thead>
<tbody>
<?php
$count=1;
$sel_query="Select * from Projects ORDER BY ProjectName ASC;";
$result = mysqli_query($conn,$sel_query);
while($row = mysqli_fetch_assoc($result)) { ?>
<tr>
<td align="center"><?php echo $row["ProjectName"]; ?></td>
<td align="center"><?php echo $row["ProjectDescription"]; ?></td>
<td align="center">
<a href="editProject.php?ProjectID=<?php echo $row["ProjectID"]; ?>">Edit</a>
</td>
<td align="center">
<a href="deleteProject.php?ProjectID=<?php echo $row["ProjectID"]; ?>">Delete</a>
</td>
</tr>
<?php $count++; } ?>
</tbody>
</table>
</div>
 <?php include '../footer.php';?>
</body>
</html>

I have been trying to work this out for long enough that am not sure if I am doing something wrong or if I am missing something obvious with the debugging.

Student Work
  • 5
  • 6
  • 1
    https://www.php.net/manual/en/mysqli.error.php – RiggsFolly May 17 '22 at 11:45
  • `mysqli_error` needs to get the connection passed as parameter, as the manual _clearly_ explains. So `mysqli_query($conn, $query) or die (mysqli_error())` makes little sense to begin with - you want to know what the error was, in case you could _not_ establish connection - so you don't _have_ a connection to pass to this function. If anything, you should use https://www.php.net/manual/en/mysqli.connect-error.php in this place. – CBroe May 17 '22 at 11:47
  • 1
    [mysqli or die, does it have to die?](https://stackoverflow.com/questions/15318368/mysqli-or-die-does-it-have-to-die) (tldr: no, use mysqli error reporting instead of laboriously writing code for checking the outcome after every single command) – ADyson May 17 '22 at 11:47
  • 3
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson May 17 '22 at 11:48
  • 1
    https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 17 '22 at 11:48
  • There is a successful connection with the database in other PHP files with the "include ('../db_connect.php');" line so the connection itself shouldn't be the issue. – Student Work May 17 '22 at 11:48
  • Even if you are just doing this for a learning exercise rather than for real-life use, you should still learn to do things the proper way so you don't get into bad habits. – ADyson May 17 '22 at 11:49
  • I understand at the moment my code is weak for SQL injection attacks. I do plan on doing some more research into how to deal with that once all my code is functional. I appreciate the suggestions for when I am doing that. – Student Work May 17 '22 at 11:49
  • `I do plan on doing some more research into how to deal with that once all my code is functional`...that's a big waste of time because immediately after it's "functional" (although IMO no sensible definition of "functional" would include "contains known and obvious security flaws") you'll need to re-write - and then re-test! - significant and important chunks of it. Get it right now before you move on. – ADyson May 17 '22 at 11:51
  • If the "teaching period is a natural key with a VARCHAR data type", could it be that it needs to be URL-encoded before you pass it through to the delete routine? Might it contain spaces, or other things that cannot be passed in a URL? – droopsnoot May 17 '22 at 11:52
  • `so the connection itself shouldn't be the issue`...no, we never suggested it was. Your specific error comes because you're not using mysqli_error() correctly, and this is obscuring the _real_ error with your query. But please, use mysqli's global error reporting instead of this antiquated and overly-verbose approach. – ADyson May 17 '22 at 11:53
  • Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically, without needing all those repetitive `die` and `mysqli_error` calls. – ADyson May 17 '22 at 11:53

0 Answers0