-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdelete_Book.php
70 lines (57 loc) · 1.67 KB
/
delete_Book.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
<html>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "hmysqlg@m31";
$dbname = "mydb";
$db = new mysqli($servername, $username, $password, $dbname);
if($db->connect_errno > 0){
die('Unable to connect to database [' . $db->connect_error . ']');
}
//Choose how you will delete elements from the database (e.g. type = 'ISBN', so you delete based on ISBN)
$type = $_POST['type'];
//Input parameter we are looking to delete
$input = $_POST['input'];
$sql_delete = '';
$ISBN = $_POST['ISBN'];
// If instead of the empty string ('') I use NULL the comparison returns TRUE (damn php and your types)
if ($ISBN !== ''){
$sql_delete = $sql_delete . 'ISBN = ' . $ISBN . ' and ';
}
// Pay attention to the escaping quotes. That's because we want to turn the input into a string!
$title = $_POST['title'];
if ($title !== ''){
$sql_delete = $sql_delete . 'title = \'' . $title . '\' and ';
}
$pubYear = $_POST['pubYear'];
if ($pubYear !== ''){
$sql_delete = $sql_delete . 'pubYear = ' . $pubYear . ' and ';
}
$numpages = $_POST['numpages'];
if ($numpages !== ''){
$sql_delete = $sql_delete . 'numpages = ' . $numpages . ' and ';
}
$pubName = $_POST['pubName'];
if ($pubName !== ''){
$sql_delete = $sql_delete . 'pubName = \'' . $pubName . '\' and ';
}
if ($sql_delete == ''){
echo 'You have to fill at least one field to delete!';
die();
}
$sql_delete = substr($sql_delete, 0, -5);
$sql = '
DELETE FROM Book
WHERE ' . $sql_delete . ';
';
if(!$result = $db->query($sql)){
die('There was an error running the query [' . $db->error . ']');
}
?>
<script>
alert("Succesfull Delete");
window.location = 'delete_Book.html';
</script>
</body>
</html>