-1

The page contains a button when click show confirmation bok if press ok I wont to delete from the database. if you press cancel go to another page.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>test</title>
</head>

<body>

<button onclick="myFunction()">Try it</button>

<script>
function myFunction() {
  let text;
  if (confirm("Are you sure to delete?") == true) {
    // Here I want to run PHP code  
    <?php 
            $q = "delete from tblreservation where rno=$rno";
            mysqli_query($c, $q) or die("Error in $q" . mysqli_error($c));
        ?>;
  } else {
    // Here I want to run PHP code  
    <?php header('location: cancel_book.php')?>;
  }
}
</script>

</body>

</html>
Yousuf Fadhil
  • 1
  • 2
    PHP runs first, send an AJAX request. Also use prepared statements and parameterize query, this would be injectable. – user3783243 May 18 '22 at 20:30
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 18 '22 at 21:10
  • You have an error. [`mysqli_error()`](https://www.php.net/manual/en/mysqli.error.php) needs one argument. Please consider switching error mode on instead. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman May 18 '22 at 21:10

0 Answers0