AJAX request to delete row from MySQL DB using php script

[jdlev]

I'm not sure what is wrong with my code, but I basically have a dynamic table with a delete button at the end of each row. A person clicks the row, I'd like the table to update and drop the row. Should be easy enough, but I can't get it.

 

Here's where I'm at:

jQuery(document).ready(function($) {
  jQuery(document).on('click', "#delete", function() {
    var deleteID = $(this).val();
    alert("ID to Delete: " + deleteID); // script works fine to here an alerts me with the proper ID to delete.

    $.ajax({
                type: 'POST',
                url: '../admin/del.php',
                data: {"action": "del", "element_id": id},
            success: function(data) {
                alert("Question Deleted");
           }
     });
});

Something has to be wrong with the above script, because I can handle post requests and db manipulation from php scripts just fine. Any ideas where I went astray? TIA for your help

[requinix]

"Can't get" what? Does the AJAX not happen? Does it happen but the data doesn't get deleted in the database?

[jdlev]

I'm running it through wordpress's wpdb function, so basically, I click a button to delete the record and nothing happens beyond the alert. It's also not the variable 'id', as I just updated it to 'deleteID' and it had no effect

 

To be honest, I'm thinking about just ditching wordpress, but I'm hoping that once I get a handle on the numerous functions coupled with the various plugins it provides...it'll eventually make development easier. But so far, all it seems to do is slow me down lol.

 

I found this example and it's functionality is exactly what I'm looking for...I just need to do it using wordpress's protocols: 

http://phppot.com/demo/ajax-add-edit-delete-records-in-database-using-php-and-jquery/

Edited February 15, 2016 by jdlev

[requinix]

Well, I can't speak to WordPress stuff (I hate it) so...

 

Use your browser to find out what is happening when that AJAX request gets fired off. For example, Chrome has a Network tab in the inspector/console thing (hit F12) that can show you not just that the request was sent, but what data was sent and what the server returned.

Odds are you're getting a 403 Forbidden (may be a WP configuration issue) or a 404 Not Found (using the wrong URL) response from the server, and neither of those will trigger the success callback.

[jdlev]

Thanks for the tip requinix. I use the chrome tools all the time and didn't know you could see the request/response headers. Good idea, I'll give it a shot

[maxxd]

If you're using WordPress, your URL parameter is wrong. You should use wp_localize_script() to assign a JavaScript variable the value of admin_url('admin-ajax.php') in the body of your page. Use that value as the URL parameter in your ajax call, make sure you pass and validate a WP nonce in the form, and you'll be able to interact with the $wpdb object.

 

What does your PHP function (the one called on 'wp_ajax_del' and 'wp_ajax_nopriv_del' hooks) look like?

 

One more thing specifically about this code: your ajax call can return a success header, even if the database update fails miserably. All the ajax success() callback means is that the data was successfully received. You'll have to set a variable in the processing PHP script to let your JavaScript know if the database updated actually succeeded or not - check that value within the success() function of the ajax call.

 

WordPress takes a lot of getting used to, and even then it's not all that awesome. It does help speed up getting a site to the client by taking care of the admin basics from the get-go, but there are several to many hoops you have to jump through as a trade-off. If you're doing CRUD operations through ajax (or at all, really), make sure you validate and sanitize any user-submitted data - as far as I can tell, WordPress does not take care of this automatically, despite what some people seem to think.

 

Also, though WordPress doesn't actually support prepared statements (like I said, even when you get fairly proficient with it, it's not all that awesome), they do support a sprintf-like syntax kind-of prepared statement (not that awesome) that at least runs the submitted values through mysqli_real_escape_string(), so it's safer than just stuffing the value into a plain query.

Edited February 16, 2016 by maxxd

[jdlev]

The principles of santization are pretty straight forward, but I guess I was wrong about how much sanitizing wordpress does on your behalf. I though a lot of the wpdb functions actually took care of that for you?

 

I agree 100% with your opinion on wordpress. It's great out of the gate if you want to do some dynamic stuff like manage user profiles, build forms, etc...but all of these stupid caveats it has when you won't to build something or customize something are really starting to get on my nerves. 

 

Where you from in NC, I'm actually from Charlotte (small world!)

[maxxd]

As far as I've been able to tell, if you create a custom post type WP will sanitize the title and post content for you. If you create any additional custom fields on that cpt, you're on your own as far as validation and sanitizing. And given the fact that WP uses a consistent site address for all things ajax (both front- and back-end), making sure you set and validate a nonce in your cpt form is imperative.

 

I'm in Wilmington - from what I hear you've got a decent amount of snow right now, no?