Advanced Search

Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: deleting posts

  1. #1
    Join Date
    Mar 2008
    Posts
    122
    Thanks
    17
    Thanked 5 Times in 5 Posts

    Post deleting posts

    Hi, i have a guestbook, and i want to delete the posts if needed when logged in as an admin (already done the admin login part), and i want a little image of link that deletes the corrospondfing entry, and i want this to go autmaticcly on each post. thanks.

  2. #2
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    Code:
    DELETE FROM _msg_table_ WHERE _post_id_ = _number_
    you need to know the name of the table the messages are stored. you would also need to know the field that is unique to the message, and the unique value of the message.

    placing this "delete" button on each post can be parsed automatically when the page loads, provided that the developer (you) know the path to script that will run the delete command, and that you know the unique value of that specific post (which you should grab with each post)

  3. #3
    Join Date
    Mar 2008
    Posts
    122
    Thanks
    17
    Thanked 5 Times in 5 Posts

    Default

    hmm..
    Code:
    DELETE FROM _msg_table_ WHERE _post_id_ = _number_
    .. thanks for that.

    you need to know the name of the table the messages are stored. you would also need to know the field that is unique to the message, and the unique value of the message.
    i know my table name (guestbook), where do i put / get the unique value of the script?

    placing this "delete" button on each post can be parsed automatically when the page loads, provided that the developer (you) know the path to script that will run the delete command, and that you know the unique value of that specific post (which you should grab with each post)

    how would i grab it, also how would i write the script (im a newbie at php :s )

  4. #4
    Join Date
    Mar 2008
    Posts
    122
    Thanks
    17
    Thanked 5 Times in 5 Posts

    Default

    wait i have this:

    PHP Code:
    if($_REQUEST['action']=="del")
    {
    mysql_query("DELETE FROM guestbook WHERE id={$_REQUEST['id']};");

    do you think this'll work?

  5. #5
    Join Date
    Mar 2008
    Posts
    122
    Thanks
    17
    Thanked 5 Times in 5 Posts

    Default

    Wait never mind, i have done it.. thanks for the sql code (^^) though it helped !

  6. #6
    Join Date
    Jul 2008
    Posts
    199
    Thanks
    6
    Thanked 58 Times in 57 Posts

    Default

    Quote Originally Posted by hmsnacker123 View Post
    wait i have this:

    PHP Code:
    if($_REQUEST['action']=="del")
    {
    mysql_query("DELETE FROM guestbook WHERE id={$_REQUEST['id']};");

    do you think this'll work?
    This is very insecure. A rouge user could put nasty SQL into that query, and possibly delete your whole database. The following is more secure:

    PHP Code:
    if($_REQUEST['action']=="del")
    {
    $id mysql_real_escape_string($_REQUEST['id']);
    mysql_query("DELETE FROM guestbook WHERE id={$id};");


  7. #7
    Join Date
    Jan 2008
    Posts
    4,158
    Thanks
    28
    Thanked 623 Times in 619 Posts
    Blog Entries
    1

    Default

    Better to use get then request, for people who don't know why the above script doesn't work:
    PHP Code:
    if($_GET['action']=="del")
    {
    $query mysql_query("DELETE FROM `guestbook` WHERE `id`='{$_REQUEST['id']}'")or die(mysql_error());

    That should do it.
    Jeremy | jfein.net

  8. #8
    Join Date
    Jul 2006
    Location
    just north of Boston, MA
    Posts
    1,806
    Thanks
    13
    Thanked 72 Times in 72 Posts

    Default

    Quote Originally Posted by Nile View Post
    Better to use get then request, for people who don't know why the above script doesn't work:
    PHP Code:
    if($_GET['action']=="del")
    {
    $query mysql_query("DELETE FROM `guestbook` WHERE `id`='{$_REQUEST['id']}'")or die(mysql_error());

    That should do it.

    not that there aren't enough replies to this, but i thought i would explain what Nile meant by his reply

    $_REQUEST['id']
    $_REQUEST is a super global variable inherent to the PHP language, meaning that its always available. If you have done any work with PHP or virtually any web scripting language you probably have heard the term GET or POST method, well the REQUEST method is in the same categorization as those, except has a broader scope. Meaning that REQUEST will capture any data that is sent through both the GET or POST method, however it will also capture data from the COOKIE as well. Personally I never like to use REQUEST, because it is too vague and has the potential to catch a lot more "garbage" (malicious) code.

    I would suggest that instead you use either $_POST['id'] or $_GET['id'] because those are specific to the script and location of the variable you are trying to access. If you were doing this "delete" through a link on every post, it would probably be alot easier to use the GET method, because its embedded right into the url... eg

    Code:
    <a href="http://domain.com/delPost.php?id=34509834009128340">Delete Post</a>
    where as if you were to do it as a slightly more secure, but not really POST method, it would look something along the lines of

    Code:
    <form name="something" action="http://domain.com/delPost.php" method="POST">
    <fieldset>
    <input type="hidden" name="id" value="34509834009128340">
    <input type="submit" name="submit" value="Delete Post">
    </fieldset>
    </form>
    as you can see... just in sheer coding, its probably easier to do with the link (GET) method.

  9. #9
    Join Date
    Mar 2008
    Posts
    122
    Thanks
    17
    Thanked 5 Times in 5 Posts

    Default

    Thanks for all of the replies !, my final script is this.. is this the securest?

    if($_GET['action']=="del")
    {
    $id = mysql_real_escape_string($_GET['id']);
    mysql_query("DELETE FROM guestbook WHERE id={$id};");
    }

    ??

  10. #10
    Join Date
    Jul 2008
    Posts
    199
    Thanks
    6
    Thanked 58 Times in 57 Posts

    Default

    Quote Originally Posted by hmsnacker123 View Post
    Thanks for all of the replies !, my final script is this.. is this the securest?

    if($_GET['action']=="del")
    {
    $id = mysql_real_escape_string($_GET['id']);
    mysql_query("DELETE FROM guestbook WHERE id={$id};");
    }

    ??
    Using $_GET for something like this is insecure. Read about that here:
    http://en.wikipedia.org/wiki/Cross_Site_Request_Forgery

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •