something frustrating and simple

Question

Why when I call this file with x.php?cmd=deleterec&pk=111 does the html header get output? This should only be output if the file is called with cmd=GetRecordSet or cmd=GetCategorieSet

<?php
if (isset($_GET["cmd"]))
$cmd = $_GET["cmd"];
else
die("Invalid URL");
 $pg = 1;
 if (isset($_GET["pk"]))
 { $pk = $_GET["pk"];}

$con = mysqli_connect("localhost","user","pass", "db");

if (!$con) {
   echo "Can't connect to MySQL Server. Errorcode: %s\n". mysqli_connect_error();
   exit;
}



$con->query("SET NAMES 'utf8'");
if($cmd=="deleterec"){
$deleteQuery = "DELETE FROM AUCTIONS WHERE ARTICLE_NO = ?";

if ($delRecord = $con->prepare($deleteQuery)) {
    $delRecord->bind_param("s", $pk);
    $delRecord->execute();
    $delRecord->close();
    echo "true";

} else {
echo "false";
}

}

if($cmd=="GetRecordSet" || "GetCategorySet"){

echo "<h1>{$title} Auctions</h1>"; 

}

Answer 1

if($cmd=="GetRecordSet" || "GetCategorySet"){

should be

if($cmd=="GetRecordSet" || $cmd == "GetCategorySet"){

Answer 2

if (isset($_GET["cmd"]))
$cmd = $_GET["cmd"];
else
die("Invalid URL");
 $pg = 1;
 if (isset($_GET["pk"]))
 { $pk = $_GET["pk"];}

You could clean this up too:

if (isset($_GET["cmd"]))
{
    $cmd = $_GET["cmd"];
}
else
{
    die("Invalid URL");
}

if (isset($_GET["pk"]))
{ 
    $pk = $_GET["pk"];
}
else
{
    $pk = 1; //$pg = 1; Is this wrong!? 
}

See Paul Tomblins post too.

You also seem to connect to mysqli procedural style, and then query using the OO style. You should stick to one!