0

I am trying delete data from table, the form method is post. The url http://localhost/RustoleumCustomCMS2/administrator/input_image.php?mode=delete&id=0 (passing mode = delete and id = 0). I wonder why nothing happen. It suppose to delete a row in the database.

    include('../includes/koneksi.php');

    $id = isset($_POST['id']) ? $_POST['id'] : '';  
    $judul = isset($_POST['judul']) ? $_POST['judul'] : ''; 
    $image = isset($_POST['image']) ? $_POST['image'] : '';
    $confirmation = isset($_POST['confirmation']) ? $_POST['confirmation'] : '';  

    //Hapus image


    if (!empty($_REQUEST['mode'])&& !empty($_REQUEST['id']) && $_REQUEST['mode'] == "delete"){
        $id = $_REQUEST['id'];
        $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());

        $confirmation = $result ? "Data successfully deleted." : "fail to delete data."; 
    }
3
Contributors
6
Replies
18
Views
4 Years
Discussion Span
Last Post by broj1
0

it doesn't return anything. I guess it doesn't bypass the condition.

0

Try this please

if(isset($_GET['mode']) && !empty($_GET['mode']) && $_GET['mode']) == "delete"){
    $id = $_REQUEST['id'];
    $result = mysql_query("DELETE FROM gallery WHERE id =".$id) or die(mysql_error());
    $confirmation = $result ? "Data successfully deleted." : "fail to delete data.";
}

Edited by Szabi Zsoldos

1

A few notes here:

  1. You mix GET and POST method. From URL it seems like your intention is to use GET, from the code it seems like you wanted to use POST; it is nothing wrong with mixing methods but do not do it if not realy needed since it is harder to control
  2. It is recommended to avoid $_REQUEST combined array. It is again not wrong if you use it but only if it is necessary and are careful. $_REQUEST contains data from $_GET, $_POST and $_COOKIE arrays and it might happen that you have same keys in them thus overwriting values.
  3. It is not recommended to use GET method for deleting. It is semantically wrong but more importantly the deleting URL gets cached and can do damage later on (intentionally or unintentionally).
  4. Escape values before using them in a query.

szabizs correctly spotted the error and suggested solution to existing code. I usually have to add my raving about security since this is my field of work :-) (and I had to learn it a hard way).

Edited by broj1

Votes + Comments
That is correct, I've wanted just to help out him :)
0

It works. Does id == 0 consider empty ? I am trying figure what i did wrong.

0

The manual for empty says:

Returns FALSE if var exists and has a non-empty, non-zero value. Otherwise returns TRUE.

The following things are considered to be empty:

"" (an empty string)
0 (0 as an integer)
0.0 (0 as a float)
"0" (0 as a string)
NULL
FALSE
array() (an empty array)
$var; (a variable declared, but without a value)

So 0 is empty (sounds a bit strange to me, we need to be careful with this function).

Edited by broj1

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.