This is my delete page :
<?php
require('includes/config.php');
$id = $_GET['ID'];
$pdoConnect = new PDO($db);
$query='DELETE * FROM studentraspored WHERE ID = "' . $id . '" ';
$pdoResult = $db->prepare($query);
$pdoExec = $pdoResult->execute($query);
header('location:index.php');
?>
This is generated table in my “memberpage.php”:
if (count($rows)){
foreach ($rows as $row) {
$_SESSION['row'] = $rows;
$id = floatval($row['ID']);
echo "<tr>" .
'<form action="delete_raspored.php" method="post">'.
"<td>" . $row["ID"] . "</td>" .
"<td>" . $row["den"] . "</td>" .
"<td>" . $row["chas"] . "</td>" .
"<td>" . $row["predmet"] . "</td>" .
"<td>" . $row["profesor"] . "</td>" .
"<td>" . $row["prostorija"] . "</td>" .
"<td>" . $row["tip"] . "</td>" .
'<td><input type="submit" id="' . $id . '" value="Delete" ></td>'.
"</form>".
"</tr>"
This not working properly. I don't understand why maybe something i missed with floatval
Start by trying this:
<?php
require('includes/config.php');
$id = $_GET['ID'];
$query='DELETE FROM studentraspored WHERE ID = ?';
$pdoResult = $db->prepare($query);
$pdoResult->execute(array($id));
header('location:index.php');
exit();
Note the placeholder in place of the actual value, this will prevent SQL injections. The value is passed in in the execute, or you could bind it (http://php.net/manual/en/pdostatement.bindparam.php). http://php.net/manual/en/pdo.prepared-statements.php
The delete syntax was also off, delete deletes a whole row not specific columns, http://dev.mysql.com/doc/refman/5.7/en/delete.html.
In your form I also don't see an element named ID so that could be another issue and your form is submitting via POST, not GET.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments