-1

School project. Am making a page which show data from db to table and should have change and delete option. I was using multiple tutorials so there is a lot of diff code. Main problem: i think i am not getting id from my table.php page. And now that i think of it i am not sure that i "connected" 2 php files, dk how to acly, but i may be wrong.

 <!DOCTYPE html>
<html>
    <head>

</head>
<body>
    <table>
        </tr>
        <th>ID</th>
        <th>Ime</th>
        <th>Tim</th>
        <th>Bodovi</th>
        <th colspan="2">Opcije</th>
        </tr>
        <?php
        $conn = mysqli_connect("localhost", "admin", "admin", "seminarski");
        
        if ($conn-> connect_error) {
            die("Connection Failed". $conn-> connect_error);
        }

        $sql = "SELECT id, racename, team, points from f1_tabela";
        $result = $conn-> query($sql);
        ?>
        <?php
        
            while ($row = $result-> fetch_assoc()): ?>
                <tr>
                <td><?php echo $row['id']; ?></td>
                    <td><?php echo $row['racename']; ?></td>
                    <td><?php echo $row['team']; ?></td>
                    <td><?php echo $row['points']; ?></td>
                    <td>
                    <a href="tabela.php?edit=<?php echo $row['id'];?>"> Izmjeni</a>
                    <a href="insert.php?delete=<?php echo $row['id'];?>"> Izbrisi</a>
            </td>
            </tr>
        <?php endwhile; ?>
    </table>
</body>

PHP proces file

if (isset($_GET['delete'])){
    $id = $_GET['delete'];
    $mysqli->query("DELETE FROM f1_tabela WHERE id=$id") or die($mysqli->error()); // here is error//
}
?>
Danilo Vracar
  • 1
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 29 '22 at 18:24
  • It is a very bad idea to use `die(mysqli_error($$conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman May 29 '22 at 18:24
  • You have a lot of errors in this code. Are you following some bad tutorial? – Dharman May 29 '22 at 18:25
  • It looks like you are using some really bad tutorial. I highly encourage you to find something better. If you are only starting to learn PHP then you should learn PDO instead of mysqli. PDO is much easier and more suitable for beginners. Start here https://phpdelusions.net/pdo & https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection. Here are some good video tutorials https://youtu.be/2eebptXfEvw & https://www.youtube.com/watch?v=sVbEyFZKgqk&list=PLr3d3QYzkw2xabQRUpcZ_IBk9W50M9pe- – Dharman May 29 '22 at 18:25
  • We don't really know how these two files are connected. If PHP tells you that the variable is null, you might want to check that other file to make sure that the variable is set and check what could make it null. – Dharman May 29 '22 at 18:27
  • Well i have school project due to tomorrow and MySQL is required so help me please :') – Danilo Vracar May 29 '22 at 18:27
  • Maybe you misunderstood me. I never said MySQL is a bad idea. I said that your PHP code has a lot of errors. Focus on a single problem and provide [mcve]. – Dharman May 29 '22 at 18:28

0 Answers0