PHP MySQLi Deleting a row in a table not working


#1

Hello! I have done web development for about 5 years or so and recently picked up PHP about a week ago. I am trying to create a forum for a project and have encountered some errors when doing so. I am trying to create a moderator/admin delete button to remove a post. The basic premise is that if the user rank is 1, then echo a form. In the form is a box for the question ID and the answer ID. Once they submit both, then delete the answer in the table where the question ID is equal to $_POST[‘qid’] and the answer ID is equal to $_POST[‘arow’]. My code is below. I understand that my forum is open to SQL injection but I am not quite familiar with PDO. I also get no errors other than, "Error: ".

<?php
	session_start();
$servername = "localhost"; // Host name 
$user = "xxxx"; // Mysql username 
$pass = "xxxx"; // Mysql password 
$dbname = "xxxx"; // Database name 
$tbl_name = "forum_question"; // Table name 

// Connect to server and select databse.
$conn = new mysqli($servername, $user, $pass, $dbname);

// get value of id that sent from address bar 
$id=$_GET['id'];

$sql="SELECT * FROM $tbl_name WHERE id='".$id."'";
$result=$conn->query($sql);

$rows=$result->fetch_assoc();

$rank = "SELECT LEVEL FROM data WHERE USERNAME = '".$_SESSION['username']."'";
$rresult = $conn->query($rank);
$rrow = $rresult->fetch_assoc();
if (!isset($_SESSION['username']) && empty($_SESSION['username'])) {
	echo 'You are not logged in! Go <a href="main_forum.php">home</a> to login!';
} else {
?>

<div style="text-align:center;">
<p>Username: <?php echo $_SESSION['username'] ?>.</p>
<p>Rank: <?php echo $rrow['LEVEL'] ?>.</p>
<a href="main_forum.php">Home</a>
</div>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bordercolor="1" bgcolor="#FFFFFF">
<tr>
<td bgcolor="#F8F7F1"><strong><? echo $rows['topic']; ?></strong></td>
</tr>

<tr>
<td bgcolor="#F8F7F1"><? echo $rows['detail']; ?></td>
</tr>

<tr>
<td bgcolor="#F8F7F1"><strong>By:</strong> <? echo $rows['name']; ?> <strong>Email: </strong><? echo $rows['email'];?></td>
</tr>

<tr>
<td bgcolor="#F8F7F1"><strong>Date/time: </strong><? echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<BR>

<?php

$tbl_name2="forum_answer"; // Switch to table "forum_answer"

$sql2="SELECT * FROM $tbl_name2 WHERE question_id='".$id."'";
$result2=$conn->query($sql2);

while($rows=$result2->fetch_assoc()){
?>

<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td bgcolor="#F8F7F1"><strong>ID</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><? echo $rows['a_id']; ?></td>
</tr>
<tr>
<td width="18%" bgcolor="#F8F7F1"><strong>Name</strong></td>
<td width="5%" bgcolor="#F8F7F1">:</td>
<td width="77%" bgcolor="#F8F7F1"><? echo $rows['a_name']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Email</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><? echo $rows['a_email']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Answer</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><? echo $rows['a_answer']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Date/Time</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><? echo $rows['a_datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<br>

 

<?php
}

$sql3="SELECT view FROM $tbl_name WHERE id='$id'";
$result3=$conn->query($sql3);

$rows=$result3->fetch_assoc();
$view=$rows['view'];

 

// if have no counter value set counter = 1
if(empty($view)){
	$view=1;
	$sql4="INSERT INTO '".$tbl_name."'(view) VALUES('".$view."') WHERE id='".$id."'";
	$result4=$conn->query($sql4);
}

 

// count more value
$addview=$view+1;
$sql5="update '".$tbl_name."' set view='".$addview."' WHERE id='".$id."'";
$result5=$conn->query($sql5);

$conn=null;
?>


<BR>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="add_answer.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="18%"><strong>Name</strong></td>
<td width="3%">:</td>
<td width="79%"><input name="a_name" type="text" id="a_name" size="45" value="<?php echo $_SESSION['username'] ?>" disabled="readonly"></td>
</tr>
<tr>
<td><strong>Email</strong></td>
<td>:</td>
<td><input name="a_email" type="text" id="a_email" size="45" value="<?php echo $_SESSION['email']?>" disabled="readonly"></td>
</tr>
<tr>
<td valign="top"><strong>Answer</strong></td>
<td valign="top">:</td>
<td><textarea name="a_answer" cols="45" rows="3" id="a_answer"></textarea></td>
</tr>
<tr>
<td>&nbsp;</td>
<td><input name="id" type="hidden" value="<? echo $id; ?>"></td>
<td><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Submit2" value="Reset"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
}
if (isset($_POST['submit'])) {
   deletePost();
   $anRow = $_POST['arow'];
   $qId = $_POST['qid'];
}
if ($rrow['LEVEL'] == 1) {
	echo "<form action='view_topic.php' method='post'>
			<p>ID of Question</p><input type='text' name='qid' />
			<p>ID of Answer</p><input type='text' name='arow' />
	      	<input type='submit' name='submit' value='Delete' />
	      </form>";
}
function deletePost() {
	$del = "DELETE FROM `forum_answer` WHERE `a_id` = '".$anRow."' AND `question_id` = '".$qId."'";
	if (mysqli_query($conn, $del)) {
		echo 'Record deleted successfully. Refresh the page.';
	} else {
		echo 'Error deleting record: ' . mysqli_error($conn);
	}
}
exit();
?>

#3

Fixed.