SkyRanger Posted July 27, 2019 Share Posted July 27, 2019 Unsure why this is not working debug is showing no issues if (isset($_GET['kudoemaildelete'])) { //data removal code will be going here $kuemid = $_GET['kuemid']; for($i=0;$i<count($kuemid);$i++){ $del_id = $kuemid[$i]; $wpdb->query( 'DELETE FROM '.$wpdb->prefix.'kudos_email WHERE kuemid IN($del_id)' ); $adminurl = get_admin_url(); $redirurl = $adminurl."admin.php?page=kudos"; echo "Removing emails if not returned in 5 seconds <a href=" .$redirurl . ">click here</a>"; # echo("<script>location.href = '".$redirurl."';</script>"); } } else { ?> <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css"> <script src="https://code.jquery.com/jquery-1.12.4.js"></script> <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script> <script> $( function() { $( "#accordion" ).accordion({ collapsible: true }); } ); </script> <table><tr><td width=300px> <?php global $wpdb; $tableemname= $wpdb->prefix.'kudos_email'; $kudoemlist = $wpdb->get_results( "SELECT * from $tableemname group by kuemqueue" ); echo " <div id='accordion'> "; foreach ($kudoemlist as $kemail) { echo "<h3>" .$kemail->kuemqueue. "</h3> <div> <p>"; echo "<table>"; ?> <form name="FormData" method="post" action=""> <?php echo "<thead><th>Name</th><th>Email</th><th> <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button> </th></thead>"; $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" ); foreach ($kudolistem as $kudosndem) { $kuemid = $kudosndem->kuemid; echo "<tr>"; echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>"; echo "</tr>"; } echo "</form>"; echo "</table>"; echo "</p> </div>"; } ?> </div> </td></tr></table> <?php } Quote Link to comment Share on other sites More sharing options...
gw1500se Posted July 27, 2019 Share Posted July 27, 2019 Since you are not doing any error checking after the query, I guess there is no point in asking for the error message you are getting. You need to learn how to do error checking when dealing with database actions. Also did you echo the query string to make sure the syntax is correct? Quote Link to comment Share on other sites More sharing options...
SkyRanger Posted July 27, 2019 Author Share Posted July 27, 2019 The query is not running. For some reason the page just refreshes and reloads the list with checkboxes. The isset is not being called Quote Link to comment Share on other sites More sharing options...
gw1500se Posted July 27, 2019 Share Posted July 27, 2019 Then you need to post your HTML form. Are you sure you are using GET rather than POST and that that variable is correct in your form? Quote Link to comment Share on other sites More sharing options...
SkyRanger Posted July 27, 2019 Author Share Posted July 27, 2019 echo "<table>"; echo "<form name='FormData' method='post' action=''>"; echo "<thead><th>Name</th><th>Email</th><th> <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button> </th></thead>"; $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" ); foreach ($kudolistem as $kudosndem) { $kuemid = $kudosndem->kuemid; echo "<tr>"; echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>"; echo "</tr>"; } echo "</form>"; echo "</table>"; It is probably something so stupid I am missing. I have tried both _POST and _GET Quote Link to comment Share on other sites More sharing options...
ginerjm Posted July 27, 2019 Share Posted July 27, 2019 (edited) How about this query? $wpdb->query( 'DELETE FROM '.$wpdb->prefix.'kudos_email WHERE kuemid IN($del_id)' ); Your query statement has a Where clause that looks like this EXACT string: 'WHERE kuemid IN($del_id)'. That is not what you want. Try using double quotes instead of single. ALSO - my research does not show any valid use of the IN operator with an array of args. You need to do an implode on your array to add the commas and use that resulting String value. Edited July 27, 2019 by ginerjm Quote Link to comment Share on other sites More sharing options...
Barand Posted July 27, 2019 Share Posted July 27, 2019 (edited) Your form method is post, so the variables will be in $_POST array. As stated, your query needs to be inside double quotes to interpolate the variables. Don't run queries in loops, especially when one which correctly uses "IN()" will do the job. Don't rely on button values being POSTed (browser dependent) if ($_SERVER['REQUEST_METHOD']=='POST') { //data removal code will be going here $kuemid = array_map('intval',$_POST['kuemid']); // ensure all ids are integers $del_id = join(',', $kuemid); // put ids in a comma separated string $wpdb->query( "DELETE FROM '.$wpdb->prefix.'kudos_email WHERE kuemid IN($del_id)" ); // etc } Edited July 27, 2019 by Barand Quote Link to comment Share on other sites More sharing options...
SkyRanger Posted July 27, 2019 Author Share Posted July 27, 2019 Thank you guys. It was me who did a stupid and not watching what I was typing. Thanks for your help it is working perfectly now. Quote Link to comment Share on other sites More sharing options...
maxxd Posted July 27, 2019 Share Posted July 27, 2019 All that having been said, if you're using $_POST input in a WordPress environment (which obviously I know you are), use some kind of safety features. I'd recommend at least using a WordPress nonce in the form output and data validation routines, and use the wpdb::prepare() method on the query. It's not a prepared statement exactly, but it is a little more responsible than just blindly trusting user-submitted data, especially if you're expanding your user base as you said you were in one of the other threads. Quote Link to comment Share on other sites More sharing options...
SkyRanger Posted July 28, 2019 Author Share Posted July 28, 2019 Thanks maxxd. Yeah once I get the bugs all worked out and start putting everything together I am am going to be securing the crap out of this thing. That is all I need is to leave an open hole for somebody to access a businesses server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.