PHP Issue: Delete Button to be echoed in Table rows GET/POST

Question

I have a table which selects the results from a database table, with each record there is a Button echoed (DeleteButton). I would like this delete button to delete THE SELECTED ROw (RECORD). My code is presented below, I have narrowed the issue down the 'id' not being POST/GET correctly. I think the form is not passing the id correctly. Can somebody help?

The Form In A Table Cell:

echo "<td>"
.'
<form id="DeleteUser" action="DeleteUser.php" method"post">
<input type"text" name="id" value=" '.$row['user_id'].' " hidden />
<input type="submit" value="Delete">
</form>
'.
"</td>";
echo '</td>';

The Delete Statement (DeleteUser) (DeleteUser.php) :

<?php


$stmt = $con->prepare("DELETE FROM users WHERE user_id = ?");
$stmt->bind_param('sissi',$_GET['id']);
$stmt->execute(); 
$stmt->close();


?>

Answer 1

Your first parameter on the $stmt->bind_param statement has 5 different parameters. You're only passing one. Change it to this:

$stmt = $con->prepare("DELETE FROM users WHERE user_id = ?");
$stmt->bind_param('i',$_GET['id']);
$stmt->execute(); 
$stmt->close();

You have to make sure $_GET['id'] is int value also.

On your <input type"text" name="id" value=" '.$row['user_id'].' " hidden /> <input type"text" name="id" value=" '.$row['user_id'].' " hidden /> line, remove the spaces around value= for the concatenation. So you have value="'.$row['user_id'].'" .

I would also suggest having some kind of check in place to make sure that I can't go in and delete a different user just by inputting a different number in there, random or otherwise.