fife Posted December 29, 2010 Share Posted December 29, 2010 I have an issue with my delete feature on my site. A user selects a photo to delete. It then takes them to the are you sure you want to do this page with the id of the image under delete polaroid. This page has the following code on it.... <div id="editindexpage"> <?php $qGetId = "SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'"; $result = mysql_query($qGetId) or die (mysql_error()) ; $pola=mysql_fetch_array($result); $GetCat = "SELECT * FROM category WHERE cat_name='".$pola['catid']."'"; $Result = mysql_query($GetCat); $GotCat = mysql_fetch_assoc($Result); ?> <p class="bold">Are you sure you want to delete <?php echo $GotCat['cat_name'];?> and its image from the database?</p><br/> <a href="polaroids.php?delete_comp= <?php mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'"); mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'"); ?>">Yes</a> <a href="polaroids.php">No</a> </div> My issue is this. Even if you select no for some reason it deletes the selected file. I dont understand how this is possible can anybody please help? Thank you Quote Link to comment https://forums.phpfreaks.com/topic/222903-auto-delete/ Share on other sites More sharing options...
inversesoft123 Posted December 29, 2010 Share Posted December 29, 2010 <a href="polaroids.php?delete_comp= <?php mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'"); mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'"); ?>">Yes</a> checkout these lines... you are executing mysql on page load hence the image is getting deleted.. use php get method instead for confirmation. <a href="polaroids.php?delete_comp=1">Yes</a> <?php $action = $_GET['delete_comp']; if(isset($action)) { if($action == "1") { mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'"); mysql_query("DELETE FROM category WHERE cat_name='".$pola['catid']."'"); } } ?> <a href="polaroids.php">No</a> </div> Quote Link to comment https://forums.phpfreaks.com/topic/222903-auto-delete/#findComment-1152537 Share on other sites More sharing options...
fife Posted December 29, 2010 Author Share Posted December 29, 2010 Well I just ran the code from the changes above and simplified the query as I did not need all of that data but it still does not work. Here is the code as it stands at the minute <div id="editindexpage"> <?php $qGetId = "SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'"; $result = mysql_query($qGetId) or die (mysql_error()); $pola=mysql_fetch_array($result); ?> <p class="bold">Are you sure you want to delete this polaroid from the database?</p><br/> <a href="deleting_stuff_check.php?delete_comp=1">Yes</a> <?php $action = $_GET['delete_comp']; if(isset($action)) { if($action == "1") { mysql_query("DELETE FROM polaroids WHERE id='".$_GET['delete_polaroid']."'"); echo "Complete"; } } ?> <a href="polaroids.php">No</a> </div> Here is the funny thing. When I click the yes button to run the query the echo statement of Complete appears but the image reference is still in the database. Quote Link to comment https://forums.phpfreaks.com/topic/222903-auto-delete/#findComment-1152544 Share on other sites More sharing options...
inversesoft123 Posted December 29, 2010 Share Posted December 29, 2010 <div id="editindexpage"> <?php $qGetId = "SELECT * FROM `polaroids` WHERE id='".$_GET['delete_polaroid']."'"; $result = mysql_query($qGetId) or die (mysql_error()); $pola=mysql_fetch_array($result); ?> <p class="bold">Are you sure you want to delete this polaroid from the database?</p><br/> <?php $act = $_GET['delete_polaroid']; echo "<a href=\"deleting_stuff_check.php?delete_comp=$act\">Yes</a>"; $action = $_GET['delete_comp']; if(isset($action)) { $execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."'"); if($execute) { echo "Complete"; } else { echo "Unable to delete"; } } ?> <a href="polaroids.php">No</a> </div> Quote Link to comment https://forums.phpfreaks.com/topic/222903-auto-delete/#findComment-1152545 Share on other sites More sharing options...
inversesoft123 Posted December 30, 2010 Share Posted December 30, 2010 but before using this script on server you need to make it more secure. your query $execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."'"); will delete any image irrespective to the owner information. someone may delete all images from your database starting from id = 1 to end... so update your query such that only owned images of users should be deleted. ex. suppose ID is a primary and unique key to identify user from database the query would be.. $execute = mysql_query("DELETE FROM polaroids WHERE id='".$action."' AND userid='".$uid."'"); Quote Link to comment https://forums.phpfreaks.com/topic/222903-auto-delete/#findComment-1152851 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.