Jump to content
Invidia

Delete not working

Recommended Posts

I'm working on an existing project, it's a mess but for the moment I just have to get the delete function working, but keep getting an error and I'm not sure what I'm missing.

The query string is a mess, but that's a headache for another day. The target shouldn't ge part of the query string, but that's how someone else had set it up so for now I'm stuck trying to work with it as it is currently and just have to get some basic CRUD functionality going. The other minor snag is inconsistencies with the name of the primary key between tables. It's not consistently called 'ID" so I need to get both the key and value for the where part of the DELETE statement. The query that I currently have is not working. Error 500, can't even get a simple var_dump to work.

 

Query string as it is in its present state:

Quote

somewbsite.com/endpoints/delete.php?target=TABLENAME&primaryKey=7

<?php

include('includes/config.php');
$table = $_GET['target'];

    parse_str($_SERVER['QUERY_STRING'], $data);
    array_shift($data);

    $cols = array_keys($data);
    $vals =  array_values($data);
    $idType = $cols[0];
    $id = $vals[0];

    $stmt = $pdo->prepare("DELETE FROM SOME_DATABASE.$table WHERE $idType = '$id';");
    $status = $stmt->execute();
    if($status)
    {
		echo "Success";
    }
    else
    {
        echo "Fail";
    }
?>

 

Share this post


Link to post
Share on other sites

Seriously!? You let anyone delete any record from any table just by putting values in a query string?

http://.../delete.php?target=user&username=admin

Brownie points for trying to use "prepare()" but your usage is wrong. The $id variable should not be in the query (that's the whole point of prepared statements). Use a placeholder instead and pass the id as a parameter

$stmt = $pdo->prepare("DELETE FROM SOME_DATABASE.$table WHERE $idType = ?");
$status = $stmt->execute( [$id] );

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.