-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathadmin_delbook.php
113 lines (80 loc) · 2.56 KB
/
admin_delbook.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
<?php
include_once './connection/config.php';
$target_dir = "bookspic/";
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['delete'])) {
// Use prepared statements to delete by title
$book_id= $_POST['book_id'];
$book_title = $_POST['book_title'];
if (isset($_POST['del_from_search']) == true) {
$del_from_search = $_POST['del_from_search'];
}
//reterive the img path from the database
$stmt = $mysqli->prepare("SELECT book_img FROM books WHERE id = ?");
$stmt->bind_param("i", $book_id);
$stmt->execute();
$stmt->bind_result($image_url);
$stmt->fetch();
$stmt->close();
if ($image_url) {
$img_path = $target_dir . $image_url;
// Delete the img from the folder
if (file_exists($img_path)) {
if (unlink($img_path)) {
header("Location: admin_booklist.php?bookimage=delted");
}
}
// Prepare and bind the statement
$stmt = $mysqli->prepare("DELETE FROM books WHERE id= ?");
$stmt->bind_param("s", $book_id);
// Execute the query
if ($stmt->execute()) {
if ($del_from_search) {
header("Location: admin_searchbooks.php?book_delete=success&book_name=$book_title");
$stmt->close();
exit();
} else {
header("Location: admin_dashboard.php?delete_book=success&book_name= $book_title");
$stmt->close();
}
} else {
if ($del_from_search) {
header("Location: admin_searchbooks.php?book_delete=unsuccess");
$stmt->close();
} else {
header("Location: admin_dashboard.php?delete_book=unsuccess");
$stmt->close();
}
}
}
}
?>
// if (isset($_POST['delbook'])) {
// $title = trim($_POST['title']);
// $sql = "SELECT title from book where title=?";
// if ($stmt = $mysqli->prepare($sql)) {
// $stmt->bind_param("s", $title);
// if ($stmt->execute()) {
// $stmt = $stmt->get_result();
// if ($stmt->num_rows == 1) {
// $rows = $stmt->fetch_assoc();
// if ($title == $rows['title']) {
// $sql = "DELETE FROM book where title=$title";
// $stmt = $mysqli->prepare($sql);
// if($stmt->execute()){
// header("Location: index.php?error = book_delete");
// $stmt->close();
// exit();
// }else{
// header("Location: index.php?error=failed_to_delete_book");
// exit();
// }
// }
// }
// } else {
// header("Location: index.php?error= book_is_not_in_database");
// $stmt->close();
// exit();
// }
// }
// }
?>