| SitePoint Sponsor |
For some reason my if($_get isnt working. I dont know why. Can you take a look and see if my code is correct?
if($_GET["cmd"]=="delete")
{
$sql = "DELETE FROM `blah` WHERE `id`='$id'";
$result = mysql_query($sql) or die(mysql_error());
$location = "Location:http://www.domain.com";
header($location);
}
Anyone know any good tuts on this kinda stuff also? I cant find any... thanks
Try this
if($_GET['cmd']=='delete') {...}
Note the use of single quotes.
</dan>
Are you sure that the link to the file is
...../file.php?cmd=delete
PHP Code:.....
header($location);
}
else
{
var_dump($_GET['cmd']);
}
This is what that is:
<a href='done.php?cmd=delete&id=$id'>Delete</a><br />
Do I have to define anything else?
It may be that the $_GET is OK, but that $id stopped working. The script as shown depends on global variables being on. If your server changed that to off (off is more secure), you need to set
$id = $_GET['id'];
Ahh ok. My host did change some stuff in the php.ini file. That must have been it. adding "$id = $_GET['id'];" made it work. Thanks for your help
Is it alright if you link me to a tut or some code that I will be able to have those brower windows open asking if you want to delete or not. Just to confirm wheather the user really wants to delete or not. Im not sure what those pop-up windows thingys are called.
They are created using the confirm JS function.
http://www.tizag.com/javascriptT/javascriptconfirm.php
There is also alert and prompt.
If you're willing to embed JS directly into the tag, you can do this:
onclick="return confirm('Are you sure [...]?')"
I hope you are doing at least some input validation, or someone could "open" URL like this:
done.php?cmd=delete&id=1'%20OR%20'1'='1
im a newb. what does that do exactly? and how can i avoid it?Originally Posted by Aleksejs
http://en.wikipedia.org/wiki/SQL_injection
mysql_real_escape_string()and how can i avoid it?
PHP Code:$id = mysql_real_escape_string($_GET['id']);
Posting Permissions
Bookmarks