Jump to content

Delete issue


SkyRanger

Recommended Posts

Unsure why this is not working  debug is showing no issues

if (isset($_GET['kudoemaildelete'])) {
    //data removal code  will be going here
        $kuemid = $_GET['kuemid'];

        for($i=0;$i<count($kuemid);$i++){
        $del_id = $kuemid[$i];

    $wpdb->query(
              'DELETE  FROM '.$wpdb->prefix.'kudos_email
               WHERE kuemid  IN($del_id)'
);



    $adminurl = get_admin_url();
    $redirurl = $adminurl."admin.php?page=kudos";



echo "Removing emails if not returned in 5 seconds <a href=" .$redirurl . ">click here</a>";

# echo("<script>location.href = '".$redirurl."';</script>");
 }
} else {
?>

    <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
    <script src="https://code.jquery.com/jquery-1.12.4.js"></script>
    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
    <script>
    $( function() {
        $( "#accordion" ).accordion({
            collapsible: true
        });
    } );
    </script>

 <table><tr><td width=300px>
 <?php
    global $wpdb;

    $tableemname= $wpdb->prefix.'kudos_email';
    $kudoemlist = $wpdb->get_results( "SELECT * from $tableemname group by kuemqueue" );
        echo " <div id='accordion'> ";
        foreach ($kudoemlist as $kemail) {

         echo  "<h3>" .$kemail->kuemqueue. "</h3>
    <div>
        <p>";

        echo "<table>";
                ?>
                <form name="FormData" method="post" action="">
                <?php
                echo "<thead><th>Name</th><th>Email</th><th>
                <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button>
                </th></thead>";
            $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" );
            foreach ($kudolistem as $kudosndem) {
                $kuemid = $kudosndem->kuemid;
                echo "<tr>";
                echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>";
                echo "</tr>";

            }
            echo "</form>";
            echo "</table>";

        echo "</p>
    </div>";

    }
 ?>



</div>
</td></tr></table>

 <?php }

 

Link to comment
Share on other sites

Since you are not doing any error checking after the query, I guess there is no point in asking for the error message you are getting. You need to learn how to do error checking when dealing with database actions. Also did you echo the query string to make sure the syntax is correct?

Link to comment
Share on other sites

        echo "<table>";

                echo "<form name='FormData' method='post' action=''>";

                echo "<thead><th>Name</th><th>Email</th><th>
                <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button>
                </th></thead>";
            $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" );
            foreach ($kudolistem as $kudosndem) {
                $kuemid = $kudosndem->kuemid;
                echo "<tr>";
                echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>";
                echo "</tr>";

            }
            echo "</form>";
            echo "</table>";

It is probably something so stupid I am missing.  I have tried both _POST and  _GET

Link to comment
Share on other sites

How about this query?

$wpdb->query(
	'DELETE  FROM '.$wpdb->prefix.'kudos_email
		WHERE kuemid  IN($del_id)'
			);

Your query statement has a Where clause that looks like this EXACT string:  'WHERE kuemid  IN($del_id)'.

That is not what you want.   Try using double quotes instead of single.

ALSO - my research does not show any valid use of the IN operator with an array of args.  You need to do an implode on your array to add the commas and use that resulting String value.

Edited by ginerjm
Link to comment
Share on other sites

Your form method is post, so the variables will be in $_POST array.

As stated, your query needs to be inside double quotes to interpolate the variables.

Don't run queries in loops, especially when one which correctly uses "IN()" will do the job.

Don't rely on button values being POSTed (browser dependent)

if ($_SERVER['REQUEST_METHOD']=='POST') {

    //data removal code  will be going here
    $kuemid = array_map('intval',$_POST['kuemid']);    // ensure all ids are integers
    $del_id = join(',', $kuemid);                      // put ids in a comma separated string

    $wpdb->query(
               "DELETE  FROM '.$wpdb->prefix.'kudos_email
               WHERE kuemid  IN($del_id)"
               );
               
    // etc
}

 

Edited by Barand
Link to comment
Share on other sites

All that having been said, if you're using $_POST input in a WordPress environment (which obviously I know you are), use some kind of safety features. I'd recommend at least using a WordPress nonce in the form output and data validation routines, and use the wpdb::prepare() method on the query. It's not a prepared statement exactly, but it is a little more responsible than just blindly trusting user-submitted data, especially if you're expanding your user base as you said you were in one of the other threads.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.