Deleting Row from users table PHP MYSQL

Question

I would like to delete a row from my users table when the user clicks a button, the user needs to be logged in do delete their own account.

I have echo'd the $user_id which shows '4', which is the correct id for the logged in user, so user_id = $user_id

This is the page that I have which holds the button which I want to delete the users row in the database

<?php
include_once 'dbconfig.php';
if(!$user->is_loggedin())
{
 $user->redirect('index.php');
}
$user_id = $_SESSION['user_session'];

     if(isset($_POST['leave'])){
    $stmt = $DB_con->prepare("DELETE FROM users WHERE user_id = $user_id ");
         $stmt->execute();
    }
$stmt = $DB_con->prepare("SELECT * FROM users WHERE user_id=:user_id");
$stmt->execute(array(":user_id"=>$user_id));
$userRow=$stmt->fetch(PDO::FETCH_ASSOC);
?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css" type="text/css"  />
<link rel="stylesheet" href="style.css" type="text/css"  />
<title>Welcome - <?php print($userRow['user_email']); ?></title>
</head>

<body>

<div class="header">

    <div class="right">
     <label><a href="logout.php?logout=true"><i class="glyphicon glyphicon-log-out"></i> logout</a></label>
    </div>
</div>
<div class="content">

Welcome  <?php print($userRow['user_name']); ?> <br>
<?php print($userRow['team_name']);?><br>
Rank <?php print($userRow['user_rank']); ?> <br> 
<a href="players.php">Players</a>
<a href="teams.php">Teams</a>

<form action='teams.php' method='post'>
<input type='submit' name='leave' value='Delete Profile'/> </form>

<?php echo $user_id?>

</div>
</body>
</html>

Answer 1

I think your problem is your form action(teams.php) which will receive the post data.Your delete code is on the same file and logically $_POST['leave'] will never be set in this page.

Just try to remove your teams.php in your forms action attribute.

<form action='' method='post'>
<input type='submit' name='leave' value='Delete Profile'/> </form>

or in your teams.php file add your delete code

//Make sure you have started the session before using it
$user_id = $_SESSION['user_session'];

if(isset($_POST['leave'])){
    $stmt = $DB_con->prepare("DELETE FROM users WHERE user_id = $user_id ");
         $stmt->execute();
}

Another piece of advise is use parameterize query. Example:

if(isset($_POST['leave'])){
  $stmt = $DB_con->prepare("DELETE FROM users WHERE user_id = ? ");
         $stmt-> bindParam(1,$user_id);
         $stmt->execute();

}

Answer 2

<?php $servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} ?>    

<a href="?id=<?php echo $id;?>" onclick="return confirm('Are you sure?')">Delete</a>

    <?php if(isset($_GET['id'])){
        $user_id = $_SESSION['user_session'];
        $id=$_GET['id'];
        if($id==$user_id){
            $sql = "DELETE FROM Tablename WHERE id='$id'";
            if ($conn->query($sql) === TRUE) {
                echo "Record deleted successfully";
            } else {
                echo "Error deleting record: " . $conn->error;
            }

        }
    }?>