Jump to content

Recommended Posts

I have a server script with which i have allowed the user to mark any item as favorite, but i also want another script through which the user can unfavorite the same item if they want and that item should be deleted from their favorite list. I have kept the same table for both favorite and unfavorite code, therefore i have used update query to update the details. For this purpose i have a code, but its not working, as i am new in the programming field would appreciate if someone could provide the correct codes

 
<?php
require_once('config.php');

$favorite = $_REQUEST['favorite'];

    $unfavorite = $_REQUEST['unfavorite'];

    $id=$_REQUEST['id'];

    

$unfavoritedeal=mysql_query("SELECT * FROM favoritedeals where id='".$id."'"); //favoritedeals is the name of the table



if($row=mysql_fetch_array($unfavoritedeal))

     {

     $favorite=$row['favorite'];

     $unfavorite=$row['unfavorite'];

}



$myfavorite=(isset($_REQUEST['favorite'])?$_REQUEST['favorite']:$favorite);

         $myunfavorite=(isset($_REQUEST['unfavorite'])?$_REQUEST['unfavorite']:$unfavorite);

        

$update = mysql_query("update favoritedeals set favorite = '".$myfavorite."', unfavorite = 1 where id = '".$id."'");    



if(unfavorite="1" where id='".$id."')

{

"delete from favoritedeals WHERE id= '".$id."'";

}    





$posts[0]['message'] = 'favorite list updated';

    $selectt = mysql_query("select * from favoritedeals where id = '".$id."'");

    $results = mysql_fetch_assoc($selectt);

    $posts[0]['detail'] = $results;

    header('Content-type: application/json');

    echo json_encode($posts);

?>

I think you misunderstand the purpose of this forum. This is no “code repair service” where you leave your broken application and come back later to pick up the fixed version.

 

You fix the code. We might be able to help you with that, but only if you actually tell us what's wrong. No, “doesn't work” is not a sufficient problem description. Since we're not sitting in front of your PC, you need to actually describe what happens when you execute the script and why you think that's wrong.

 

In any case, that part of the code doesn't look good:

if(unfavorite="1" where id='".$id."')

{

"delete from favoritedeals WHERE id= '".$id."'";

}    

What is that weird SQL fragment in the condition? And the DELETE query below never gets executed.

 

Besides that, your code is wide open to SQL injection attacks. Since you happily drop the raw user input into your query strings, you allow anybody to manipulate the queries and access arbitrary data.

 

The mysql_* functions you're using are also obsolete since more than 10 years and will be removed in one of the next PHP releases. Nowadays, we use PDO. The great thing about PDO is that it supports prepared statements to securely pass values to queries. So this can fix your injection problem as well.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.