Data deleted using UPDATE??

[beyzad]

Hi there.

 

I ask it simply. Is there ANY condition that an UPDATE query results a row deletion?

 

Please notice that i only used UPDATE query in my codes, and i have 2 rows lost, that the linked page has no DELETE query at all!

 

Thanks.

[Jessica]

No.

[Pikachu2000]

Is the record is completely gone, including the primary key? Or is the primary key is still there, but the rest of the fields now empty?

[beyzad]

Is the record is completely gone, including the primary key? Or is the primary key is still there, but the rest of the fields now empty?

 

No, the row is completely gone. I also searched for any UPDATE or DELETE query that affects that table in all of my sources. Nothing found

[Pikachu2000]

Then post the code, I guess.

[beyzad]

Hi again.

 

I don't know which part of code you need, Here is the code of the page that reported by users that lost their data.

 

<?php
session_start();
if(!$_SESSION['vendor'])
{
	header('location: login.php');	
}

require_once('../inc/functions.php');

if($_POST['B1'])
{
	run_q("DELETE FROM `factor_products` WHERE `factor_key`='" . addslashes($_GET['id']) . "'");
	$sum_price = 0;
	$sum_weight = 0;
	for($i = 0 ; $i < 10 ; $i++)
	{
		if(!$_POST['id'][$i] || !$_POST['name'][$i] || !$_POST['price'][$i] || !$_POST['weight'][$i] || !$_POST['count'][$i]) continue;
		$id = addslashes($_POST['id'][$i]);
		$name = addslashes($_POST['name'][$i]);
		$price = intval($_POST['price'][$i]);
		$weight = intval($_POST['weight'][$i]);
		$count = intval($_POST['count'][$i]);
		run_q("INSERT INTO `factor_products` SET `factor_key`='" . addslashes($_GET['id']) . "' , `factor_product_id`='" . $id . "' , `factor_product_name`='" . $name . "' , `factor_product_weight`='" . $weight . "' , `factor_product_price`='" . $price . "' , `factor_product_count`='" . $count . "'");
		$sum_price += ($_POST['price'][$i] * $_POST['count'][$i]);
		$sum_weight += ($_POST['weight'][$i] * $_POST['count'][$i]);
	}

	$stat_city_r = single_row_q("SELECT `factor_source_state`,`factor_source_city`,`factor_dest_state`,`factor_dest_city`,`factor_send_type` FROM `factors` WHERE `factor_key`='" . addslashes($_GET['id']) . "' LIMIT 1");
	$send_price = send_price($stat_city_r['factor_source_state'] , $stat_city_r['factor_source_city'] , $stat_city_r['factor_dest_state'] , $stat_city_r['factor_dest_city'] , $sum_weight , $sum_price);

	if($stat_city_r['factor_send_type'] == 0)
		$send_price = $send_price['pishtaz'];
	if($stat_city_r['factor_send_type'] == 1)
		$send_price = $send_price['sefareshi'];
	run_q("UPDATE `factors` SET `factor_edited`='yes' , `factor_amount`='" . $sum_price . "' , `factor_weight`='" . $sum_weight . "' , `factor_send_price`='" . $send_price . "' , `factor_websky_amount`='" . ceil($sum_price * 4 / 100) . "' WHERE `factor_key`='" . addslashes($_GET['id']) . "' AND `factor_status`='0' AND `vendor_id`='" . $_SESSION['vendor'] . "' LIMIT 1");
	header('location: order_pending.php');
}
?>

 

Please notice that the lost row was in `factors` table. not the `factor_products` one.

 

Thanks

[PFMaBiSmAd]

I'm going to guess you have a trigger in your database that is deleting the data.

 

You also need an exit; statement after your login check header() redirect to prevent the remainder of the code on that page from running while the browser is preforming the redirect. Edit: The current code won't stop a hacker and since the code on that page runs any time it is requested by someone who is not logged in, you could be seeing unintended operation of your code. Also, if your login check code is the same on other pages, you could be seeing untended results due to other pages being requested.

[Christian F.]

You also really should be using transactions for this. What happens if one of those queries fail, what would happen with the subsequent queries, and how does that affect the operation of the site?