开发者

delete row from table php mysql

问答 作者:

Im looking for the best, safest way to delete values from a table for the current, logged in user.

I have a query on my page which grabs all interests for a user and display them as such

<?php 
print $interest1 . "<a href='del-interest.php'>Delete</a><br />";
print $interest2 . "<a href='del-interest.php'>Delete</a><br />";
print $interest3 . "<a href='del-interest.php'>Delete</a><br />";
?>

I want to add a delete function (Which I've never done before) so that when a user clicks delete the corresponding row is removed from the table, my only concern is, if i use POST/GET methods to pass the data some users may maliciously alter the data being posted and delete all kinds of stuff, Sorry if this isnt too clear, what im asking is whats the best, safest way to do this?

Sorry if this doesnt make sense im trying my best to learn PHP, but, Would the following work?

<?php 
print $interest1 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest1."' name='int1' id='int1'/></form><br />";
print $interest2 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest2."' name='int2' id='int2'/></form><br />";
print $interest3 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest3."' name='int3' id='int3'/></form><br />";
?>

and then on delete-interst.开发者_JAVA技巧php I had...

if(isset($_POST['int1'])) { 
    $interest = $_POST['int1']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
}
elseif(isset($_POST['int2'])) {
    $interest = $_POST['int2']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
} 
elseif(isset($_POST['int3'])) {
    $interest = $_POST['int3']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
}

For a start do not use an <a> tag as this will send a GET request which is extremely bad form.

Snippet from w3.org

...the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval.

Therefore you should be using a form normally using the POST method if you was following RESTful conventions you would use DELETE (but most browsers don't support this, so you would have to simulate this).

As @OMG ponies stated you will need to have the information of the unique identifier (primary key) available so you know which row to delete.

As @henasraf stated you should validate that the user sending the request is in fact logged in and has permissions to delete his data. You mentioned the interests are linked to users therefore you just verify that the user is logged in and is only trying to delete there data.

You need to use javascript and ajax to get that type of click and go functionality.

For example with jQuery:

$('.del-link').click(function(){
     var id = $(this).data('rowid');
     $.post('del-interest.php', {id: id}, function(data){
          //do something on return
     });
     return false;
});

And your html would need to look something like this:

interest1 <a class="del-link" href="#" data-rowid="interest1ID">DELETE</a>
interest2 <a class="del-link" href="#" data-rowid="interest2ID">DELETE</a>
...

Remember to have some sort of validation on the php side, and return some data so the javascript can output any errors to the user.

Your best go would be to validate the deletion before doing it. In the deletion itself, check if the user has permission to do what he's doing. When that's out of the way, use the DELETE FROM SQL query to do the job.

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9