Delete

Question

davy_yg 2 Posting Whiz

11 Years Ago

I am trying delete data from table, the form method is post. The url http://localhost/RustoleumCustomCMS2/administrator/input_image.php?mode=delete&id=0 (passing mode = delete and id = 0). I wonder why nothing happen. It suppose to delete a row in the database.

    include('../includes/koneksi.php');

    $id = isset($_POST['id']) ? $_POST['id'] : '';  
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $image = isset($_POST['image']) ? $_POST['image'] : '';
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  

    //Hapus image


    if (!empty($_REQUEST['mode'])&& !empty($_REQUEST['id']) && $_REQUEST['mode'] == "delete"){
        $id = $_REQUEST['id'];
        $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());

        $confirmation = $result ? "Data successfully deleted." : "fail to delete data."; 
    }

php

3 Contributors
6 Replies
163 Views
1 Hour Discussion Span
Latest Post 11 Years Ago Latest Post by broj1

Szabi Zsoldos 26 Learner and helper guy

11 Years Ago

Davy,

What does the mysql_error() return at that point?

broj1 356 Humble servant

11 Years Ago

A few notes here:

You mix GET and POST method. From URL it seems like your intention is to use GET, from the code it seems like you wanted to use POST; it is nothing wrong with mixing methods but do not do it if not realy needed since it is harder to control
It is recommended to avoid $_REQUEST combined array. It is again not wrong if you use it but only if it is necessary and are careful. $_REQUEST contains data from $_GET, $_POST and $_COOKIE arrays and it might happen that you have same keys in them thus overwriting values.
It is not recommended to use GET method for deleting. It is semantically wrong but more importantly the deleting URL gets cached and can do damage later on (intentionally or unintentionally).
Escape values before using them in a query.

szabizs correctly spotted the error and suggested solution to existing code. I usually have to add my raving about security since this is my field of work :-) (and I had to learn it a hard way).

Edited 11 Years Ago by broj1

Szabi Zsoldos commented: That is correct, I've wanted just to help out him :) +3

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

davy_yg 2 Posting Whiz · Answer 1 · 2013-03-12T07:18:37+00:00

it doesn't return anything. I guess it doesn't bypass the condition.

Szabi Zsoldos 26 Learner and helper guy · Answer 2 · 2013-03-12T07:21:13+00:00

Try this please

if(isset($_GET['mode']) && !empty($_GET['mode']) && $_GET['mode']) == "delete"){
    $id = $_REQUEST['id'];
    $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());
    $confirmation = $result ? "Data successfully deleted." : "fail to delete data.";
}

davy_yg 2 Posting Whiz · Answer 3 · 2013-03-12T07:55:16+00:00

It works. Does id == 0 consider empty ? I am trying figure what i did wrong.

broj1 356 Humble servant Featured Poster · Answer 4 · 2013-03-12T08:00:49+00:00

The manual for empty says:

Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE.

The following things are considered to be empty:

"" (an empty string)
0 (0 as an integer)
0.0 (0 as a float)
"0" (0 as a string)
NULL
FALSE
array() (an empty array)
$var; (a variable declared, but without a value)

So 0 is empty (sounds a bit strange to me, we need to be careful with this function).