Delete a record from the database

Question

I have a PHP page and when you try to delete a record it redirects to another page, but rather than delete the record it just refreshes.

I get the order_id from the previous PHP page...

<?php
session_start();
include("confing/db.php");
include("confing/funtion.php");
require_once('stas/config.php');
if(isset($_SESSION['idart23'])){
$idses = ($_SESSION['idart23']);
$uesrnameses = ($_SESSION['username']);
$passwordses = ($_SESSION['password']);
$query = mysql_query("SELECT * FROM `admins` WHERE username='".$uesrnameses."'  AND id='".$idses."'");  
if($rowadmin = mysql_fetch_array($query)) {

    }else{
        die(header("Location: login.php"));
    }
}else{
        die(header("Location: login.php"));
}
$order_id=$_GET['ID']; 
header("Location: orders.php");
if (isset($order_id)) { 
$query = mysql_query("DELETE FROM `orders` WHERE `ID`='$order_id'  ");  
$time = date("d/m/Y , h:i:s");
$act = "מחיקת עמוד";
$nameadmin = $rowadmin['firstname'];


mysql_query("INSERT INTO `logs` ( `time` , `act` , `admin`) VALUES ('$time' , '$act' , '$nameadmin') ;")  or die ("$error[errorcoontodb]");

}else{ exit('\$order_id isnt set!'); }

?> 

How can I fix this?

Answer 1

Notice the redirect on the second line here?

$order_id=$_GET['ID']; 
header("Location: orders.php");
if (isset($order_id)) { 
$query = mysql_query("DELETE FROM `orders` WHERE `ID`='$order_id'  ");  
$time = date("d/m/Y , h:i:s");
$act = "מחיקת עמוד";
$nameadmin = $rowadmin['firstname'];


mysql_query("INSERT INTO `logs` ( `time` , `act` , `admin`) VALUES ('$time' , '$act' , '$nameadmin') ;")  or die ("$error[errorcoontodb]");

}else{ exit('\$order_id isnt set!'); }

You're redirecting to orders.php rather than stay on the current page. However, as you don't exit the rest of the script still runs, so if $_GET['ID'] is set then the record should insert. However, if you say that the record isn't inserting then it seems likely that $_GET['ID'] isn't set, and so you would get the output $order_id isnt set! -- except as you're redirecting before this you never see it (and the same is true if the query is failing).

Remove that header and there should be an error message that explains the problem.

Answer 2

$order_id=$_GET['ID']; 
header("Location: orders.php");
if (isset($order_id)) { 
$query = mysql_query("DELETE FROM `orders` WHERE `ID`='$order_id'  ");  
$time = date("d/m/Y , h:i:s");
$act = "מחיקת עמוד";
$nameadmin = $rowadmin['firstname'];


mysql_query("INSERT INTO `logs` ( `time` , `act` , `admin`) VALUES ('$time' , '$act' , '$nameadmin') ;")  or die ("$error[errorcoontodb]");

}

Please comment the line header("Location: orders.php");

And debug the code for any errors messages. And please put the header("Location: orders.php"); after executing the queries, and recommendation practice would to exit the code after redirection. header("Location: orders.php"); exit;