Delete Record in Bd [closed]

1

I created a system for post creation. But I'm not able to delete it in the bank but the confirmation of Successfully Deleted appears!

<?php
       $db = mysqli_connect("127.0.0.1", "root", "", "photos");
       $sql = "SELECT * FROM images";
       $result = mysqli_query($db, $sql);
       while ($row = mysqli_fetch_array($result)) {
          echo "<div class='post-item'> <div class='inner'>";
          echo "  <div class='post-title'><h2><a href='#'> ".$row['titulo']."</a></h2></div>";
          echo "<div class='post-image'><div></div><img src='images/".$row['image']."'></div ";
          echo " <div class='post-meta-top'>Posted <span class='post-date'>2 days ago</span> </div>
                                <div class='clear'></div> ";
          echo "    <div class='post-desc'>
                                    <p>".$row['texto']."</p>
                                </div>";
           echo "                     <a href='?id=".$row['id']."&Acao=Deletar'><button>Deletar</button></a> 
                            </div>
                        </div>";                      
}


if (isset($_GET['Acao']) && $_GET['Acao'] == 'Deletar') {
   $id = $_GET['id'];
   $sql = mysqli_query("DELETE FROM images WHERE id='$id' ");

   if ($result) { 
   echo '<script type="text/javascript">alert("Comentario Excluido!"); </script>';
   } else { 
       echo '<script type="text/javascript">alert("Erro!"); </script>';
   }

}
?>
    
asked by anonymous 01.01.2017 / 15:31

1 answer

8
  • You are testing $result , and you saved the result object to query in variable $sql

    $sql = mysqli_query("DELETE FROM images WHERE id='$id' ");
    ^^^^
    if ($result) { 
        ^^^^^^^
    
  • The nomenclature is bad, because SQL is what is in quotation marks, not the return of mysqli_query , which as mentioned is an object.

  • You are doing queries without linking the link, you should always read the Manual, so you do not have to ask a question for each line of code.

    Note that this is a tip to make your life easier, because by reading the manual your work will yield much more. Nothing against you to ask, we are here to help, but everything that is simpler and able to solve on its own, will speed up your time.

  • To know how many records have been affected (be inserted, updated or removed) the most appropriate function is mysqli_affected_rows($link) .

    Many times the query might have been successful, but no record would be found that satisfies WHERE , then your test will fail.

  • Important, if you put this code in the air, your DB will be destroyed at all times, as you did not sanitize your data and anyone else does code injection.

There are other considerations, but resolving these items is a good start. The suggestion is to do small separate tests until you master the basics, and once working, put in the main code.

On the if stretch, an improvement would be this:

// forçando que $id seja um número:
// (o ideal seria fazer um teste mais complexo, já que esse cast não
// evita que quebrem o código mandando um array.
// De qq forma, isto já evita a injeção, que é o maior perigo)
$id = 0 + $id; 

// guardando o objeto de resultado em $result        
$result = mysqli_query($link, 'DELETE FROM images WHERE id='.$id);

// e testando  1) se a query foi executada  2) se deletou algo de fato
if(!$result) {
    ... houve um problema na query ...
} elseif( mysqli_affected_rows($link) > 0 ) {
    ... deletou um ou mais registros ...
} else {
    ... a query foi realizada, mas nao foi deletado nenhum registro ...
}

I would recommend a good read on the following links:

  

link

  

How to prevent SQL injection in my PHP code

    
01.01.2017 / 15:38