Jump to content

Auto delete

fife

By fife
in PHP Coding Help

 Share

Recommended Posts

fife Advanced Member

fife

Posted
Posted

I have an issue with my delete feature on my site.  A user selects a photo to delete.  It then takes them to the are you sure you want to do this page with the id of the image under  delete polaroid.  This page has the following code on it....

 <div id="editindexpage">
           <?php
	    $qGetId 	= 	"SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'";
			  		$result =	mysql_query($qGetId) or die (mysql_error())	;
					$pola=mysql_fetch_array($result);

$GetCat		=	"SELECT * FROM category WHERE cat_name='".$pola['catid']."'";
$Result		=	mysql_query($GetCat);
$GotCat		=	mysql_fetch_assoc($Result);

?>         
        <p class="bold">Are you sure you want to delete <?php echo $GotCat['cat_name'];?> and its image from the database?</p><br/>


        <a href="polaroids.php?delete_comp=
<?php mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'");
	mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'");
	?>">Yes</a>

          

<a href="polaroids.php">No</a>
</div>

 

My issue is this.  Even if you select no for some reason it deletes the selected file.  I dont understand how this is possible can anybody please help?

 

Thank you

 

Link to comment
Share on other sites
inversesoft123 Member

inversesoft123

Posted
Posted
  <a href="polaroids.php?delete_comp=

<?php mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'");

mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'");

?>">Yes</a>

checkout these lines... you are executing mysql on page load hence the image is getting deleted.. use php get method instead for confirmation.

 



        <a href="polaroids.php?delete_comp=1">Yes</a>

<?php 
$action = $_GET['delete_comp'];
if(isset($action))
{
if($action == "1")
{
mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'");
mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'"); 
}
}
?>

          

<a href="polaroids.php">No</a>
</div>

 

Link to comment
Share on other sites
fife Advanced Member

fife

Posted
  • Author
Posted

Well I just ran the code from the changes above and simplified the query as I did not need all of that data but it still does not work.  Here is the code as it stands at the minute

<div id="editindexpage">
<?php
    $qGetId = "SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'";
$result = mysql_query($qGetId) or die (mysql_error());
$pola=mysql_fetch_array($result);


?>                 
        <p class="bold">Are you sure you want to delete this polaroid from the database?</p><br/>
        <a href="deleting_stuff_check.php?delete_comp=1">Yes</a>
<?php 
$action = $_GET['delete_comp'];
if(isset($action))
{
if($action == "1")
{
mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'");
echo "Complete";
}
}
?>
          
<a href="polaroids.php">No</a>
        	</div>

 

 

Here is the funny thing.  When I click the yes button to run the query the echo statement of Complete appears but the image reference is still in the database.

Link to comment
Share on other sites
inversesoft123 Member

inversesoft123

Posted
Posted 
<div id="editindexpage">
<?php
    $qGetId = "SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'";
    $result = mysql_query($qGetId) or die (mysql_error());
    $pola=mysql_fetch_array($result);
?>                 
        <p class="bold">Are you sure you want to delete this polaroid from the database?</p><br/>
<?php
$act = $_GET['delete_polaroid'];
        echo "<a href=\"deleting_stuff_check.php?delete_comp=$act\">Yes</a>";
$action = $_GET['delete_comp'];
if(isset($action))
{
$execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."'");
if($execute)
{
echo "Complete";
} else {
echo "Unable to delete";
} 
}
?>
          
<a href="polaroids.php">No</a>
        </div>

Link to comment
Share on other sites
inversesoft123 Member

inversesoft123

Posted
Posted

but before using this script on server you need to make it more secure. your query 

$execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."'");

 

will delete any image irrespective to the owner information. someone may delete all images from your database starting from id = 1 to end... so update your query such that only owned images of users should be deleted.

 

ex. suppose ID is a primary and unique key to identify user from database the query would be..

 

$execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."' AND userid='".$uid."'");

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.