Jump to content

Recommended Posts

Unsure why this is not working  debug is showing no issues

if (isset($_GET['kudoemaildelete'])) {
    //data removal code  will be going here
        $kuemid = $_GET['kuemid'];

        for($i=0;$i<count($kuemid);$i++){
        $del_id = $kuemid[$i];

    $wpdb->query(
              'DELETE  FROM '.$wpdb->prefix.'kudos_email
               WHERE kuemid  IN($del_id)'
);



    $adminurl = get_admin_url();
    $redirurl = $adminurl."admin.php?page=kudos";



echo "Removing emails if not returned in 5 seconds <a href=" .$redirurl . ">click here</a>";

# echo("<script>location.href = '".$redirurl."';</script>");
 }
} else {
?>

    <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css">
    <script src="https://code.jquery.com/jquery-1.12.4.js"></script>
    <script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
    <script>
    $( function() {
        $( "#accordion" ).accordion({
            collapsible: true
        });
    } );
    </script>

 <table><tr><td width=300px>
 <?php
    global $wpdb;

    $tableemname= $wpdb->prefix.'kudos_email';
    $kudoemlist = $wpdb->get_results( "SELECT * from $tableemname group by kuemqueue" );
        echo " <div id='accordion'> ";
        foreach ($kudoemlist as $kemail) {

         echo  "<h3>" .$kemail->kuemqueue. "</h3>
    <div>
        <p>";

        echo "<table>";
                ?>
                <form name="FormData" method="post" action="">
                <?php
                echo "<thead><th>Name</th><th>Email</th><th>
                <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button>
                </th></thead>";
            $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" );
            foreach ($kudolistem as $kudosndem) {
                $kuemid = $kudosndem->kuemid;
                echo "<tr>";
                echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>";
                echo "</tr>";

            }
            echo "</form>";
            echo "</table>";

        echo "</p>
    </div>";

    }
 ?>



</div>
</td></tr></table>

 <?php }

 

Share this post


Link to post
Share on other sites

Since you are not doing any error checking after the query, I guess there is no point in asking for the error message you are getting. You need to learn how to do error checking when dealing with database actions. Also did you echo the query string to make sure the syntax is correct?

Share this post


Link to post
Share on other sites

The query is not running. For some reason the page just refreshes and reloads the list with checkboxes.  The isset is not being called

Share this post


Link to post
Share on other sites

Then you need to post your HTML form. Are you sure you are using GET rather than POST and that that variable is correct in your form?

Share this post


Link to post
Share on other sites
        echo "<table>";

                echo "<form name='FormData' method='post' action=''>";

                echo "<thead><th>Name</th><th>Email</th><th>
                <button type='submit' value='kudoemaildelete' class='formbutton' name='kudoemaildelete' />Delete</button>
                </th></thead>";
            $kudolistem = $wpdb->get_results( "SELECT * from $tableemname where kuemqueue = '$kemail->kuemqueue'" );
            foreach ($kudolistem as $kudosndem) {
                $kuemid = $kudosndem->kuemid;
                echo "<tr>";
                echo "<td>" .$kudosndem->kuemname. " </td><td>" .$kudosndem->kuemaddy. "</td><td><center><input name='kuemid[]' type='checkbox' id='checkbox[]' value=" .$kuemid. "></center></td>";
                echo "</tr>";

            }
            echo "</form>";
            echo "</table>";

It is probably something so stupid I am missing.  I have tried both _POST and  _GET

Share this post


Link to post
Share on other sites
Posted (edited)

How about this query?

$wpdb->query(
	'DELETE  FROM '.$wpdb->prefix.'kudos_email
		WHERE kuemid  IN($del_id)'
			);

Your query statement has a Where clause that looks like this EXACT string:  'WHERE kuemid  IN($del_id)'.

That is not what you want.   Try using double quotes instead of single.

ALSO - my research does not show any valid use of the IN operator with an array of args.  You need to do an implode on your array to add the commas and use that resulting String value.

Edited by ginerjm

Share this post


Link to post
Share on other sites
Posted (edited)

Your form method is post, so the variables will be in $_POST array.

As stated, your query needs to be inside double quotes to interpolate the variables.

Don't run queries in loops, especially when one which correctly uses "IN()" will do the job.

Don't rely on button values being POSTed (browser dependent)

if ($_SERVER['REQUEST_METHOD']=='POST') {

    //data removal code  will be going here
    $kuemid = array_map('intval',$_POST['kuemid']);    // ensure all ids are integers
    $del_id = join(',', $kuemid);                      // put ids in a comma separated string

    $wpdb->query(
               "DELETE  FROM '.$wpdb->prefix.'kudos_email
               WHERE kuemid  IN($del_id)"
               );
               
    // etc
}

 

Edited by Barand

Share this post


Link to post
Share on other sites

Thank you guys. It was me who did a stupid and not watching what I was typing. Thanks for your help it is working perfectly now.

Share this post


Link to post
Share on other sites

All that having been said, if you're using $_POST input in a WordPress environment (which obviously I know you are), use some kind of safety features. I'd recommend at least using a WordPress nonce in the form output and data validation routines, and use the wpdb::prepare() method on the query. It's not a prepared statement exactly, but it is a little more responsible than just blindly trusting user-submitted data, especially if you're expanding your user base as you said you were in one of the other threads.

Share this post


Link to post
Share on other sites

Thanks maxxd. Yeah once I get the bugs all worked out and start putting everything together I am am going to be securing the crap out of this thing.  That is all I need is to leave an open hole for somebody to access a businesses server.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.