|
-
Dec 21st, 2004, 04:39 AM
#1
Thread Starter
Addicted Member
 Call Function -[Resolved]-
Hi ya guys, recenly finished college course on PHP and cant remeber a thing!!
So I need your help, This is what I have.
PHP Code:
function del_entrie($text){
$link = "DELETE " . $text . " FROM Brochures";
$result = mysql_query($link);
echo mysql_error();
}
Now I want $text to inclue something when someone clicks on a link
kind of like this
HTML Code:
<a href="thisfile.php?text=this">Delete</a>
I hope you understand what I mean and if so please help...
Thankyou 
Last edited by DanDanDan1; Dec 21st, 2004 at 09:06 AM.
-
Dec 21st, 2004, 06:20 AM
#2
Junior Member
Re: Call Function
First of all, this is extremely unsafe, you should not use this code without further safety measures!
PHP Code:
// thisfile.php
function del_entrie($entrie)
{
$query = "DELETE FROM Brochures WHERE column = '" . $entrie ."'";
$result = mysql_query($query);
if (!$result)
{
echo mysql_error();
}
}
if (isset($_GET["text"]))
{
del_entrie($_GET["text"]);
}
Now you will delete one row from the table Brochures where column has the value of $entrie.
For example:
HTML Code:
<a href="thisfile.php?text=foo">Delete me!</a>
If the user clicks that link, he will delete the entire row where ever the column "column" includes the text "foo".
If you want to do something like this, you should search this forum for "SQL injection", since that will become a big problem for you if you use code like this.
If there is a way to solve your problems, there is no need to worry; if there is no way to solve your problems, there is no point to worry.
-
Dec 21st, 2004, 07:30 AM
#3
Thread Starter
Addicted Member
Re: Call Function
Yea I understand how this is unsafe, It didn't occur to me before. Thanks alot for your help though. How would people normally do something like this without usin this method. or cant I just use post? instead of get?
-
Dec 21st, 2004, 07:55 AM
#4
Junior Member
Re: Call Function
Well, I'd probably pass around an unique ID as the identifier for which row I wanted to delete, but this only applies if you only have unique rows in your table, of course.
The basics of it I would do the same, except I would extend it to be more safe. The $_GET variable would be SQL "safed" of course, to make sure it's a value that we expect. I would also only allow this operation to be carried out by someone with higher authorization in the system (assuming some sort of user management system is in place), since once DELETE'd the data is gone.
It doesn't matter if you use POST or GET, once you extract the value of the variable it's all the same to the rest of the script.
If there is a way to solve your problems, there is no need to worry; if there is no way to solve your problems, there is no point to worry.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote