Click here to Skip to main content
15,892,161 members
Search within:


Warning: attempt to read property "productid" on string
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
SQL
PHP
Hello,

I'm trying to remove a product from my "products->Produits" table. the product table is linked with "users->form1" table by a foreign key.

I want to show product list to remove (by user, ie only products insert by the user concerned should be shown), in the product removing page, by displaying the product ID, and the product picture, so when the user put the productID in the proper casebox (form), and clicks on remove product button, the product is removed from the product table.

For the the second part (form + remove product from product table), every thing works very well).

Just for the displaying of products that i got an issue; the message i got, is in the question casebox (see above).

Could you please help me?

Thank you in advance

What I have tried:

<?php 

try
    {
        $bdd = new PDO('mysql:host=localhost;bdname=shopping;charset=utf8','root','');
    }
    catch(Exception $e)
    {
        $e->getmessage();
    }

$req_products_to_remove = $bdd->prepare('SELECT * FROM produits INNER JOIN form1 WHERE produits.userID = form1.userID');
$req_products_to_remove->execute();

$products_to_remove = $req_products_to_remove->fetch();

if(isset($_POST['Delete']))
{   
    if(isset($_POST['idToRemove']))
    {
        if(!empty($_POST['idToRemove']))
        {
          require("bddconnect.php");  
          $idToRemove = htmlspecialchars($_POST['idToRemove']);
          $chooseProduct = $bdd->prepare("DELETE FROM shopping.produits WHERE productID = $idToRemove");
          $chooseProduct->execute();
          $chooseProduct->closeCursor();
        }
        else
        {
            echo "Please choose the productID, to remove it from the product table";
        }
    }
}

?>


<!doctype html>
<html lang="en">
<?php require 'headAll.php';?>
  <body>
    
    <?php require 'header_index.php';?>       

    <main class="col" style="margin-top: 5%;" align="center">
      <form action="" method="post">
        <label for="">Put a number :</label>
        <input type="number" style="border-radius: 15px;"  name="idToRemove"><br><br>

        <input type="submit" style="border-radius: 15px;"  name="Delete" value="Delete">
        <br><br>
      </form> 


        <center>
          <?php foreach($products_to_remove as $produit): ?>

          <div class="col-md-4" style="text-align: center">

                <div style="text-align: center">
                  <h6><?= $produit->productID ?></h6>
                  <img src="../image/image_produits/<?= $produit->product_picture;?>" width="200" height="200">
                </div>

            
          </div>

          <?php endforeach; ?>
        </center>


    </main>
Posted
Add a Solution
Comments
Richard Deeming 8-Apr-22 3:50am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]
richard kasongo 8-Apr-22 3:52am    
Thank you for your comment. i'm going to take notice of that.
richard kasongo 8-Apr-22 4:23am    
Richard,

Thank you so much, it's ok !

Have a good day.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Apr 2022
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900