SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    Non-Member
    Join Date
    Feb 2008
    Location
    Idaho Falls, Idaho
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    if($GET suddenly not working

    For some reason my if($_get isnt working. I dont know why. Can you take a look and see if my code is correct?

    if($_GET["cmd"]=="delete")
    {
    $sql = "DELETE FROM `blah` WHERE `id`='$id'";
    $result = mysql_query($sql) or die(mysql_error());
    $location = "Location:http://www.domain.com";

    header($location);
    }

    Anyone know any good tuts on this kinda stuff also? I cant find any... thanks

  2. #2
    SitePoint Member gout's Avatar
    Join Date
    Mar 2007
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this

    if($_GET['cmd']=='delete') {...}

    Note the use of single quotes.

    </dan>

  3. #3
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,290
    Mentioned
    198 Post(s)
    Tagged
    3 Thread(s)
    Are you sure that the link to the file is
    ...../file.php?cmd=delete

    PHP Code:
    .....
    header($location);
    }
    else
    {
    var_dump($_GET['cmd']);


  4. #4
    Non-Member
    Join Date
    Feb 2008
    Location
    Idaho Falls, Idaho
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is what that is:

    <a href='done.php?cmd=delete&id=$id'>Delete</a><br />

    Do I have to define anything else?

  5. #5
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,290
    Mentioned
    198 Post(s)
    Tagged
    3 Thread(s)
    It may be that the $_GET is OK, but that $id stopped working. The script as shown depends on global variables being on. If your server changed that to off (off is more secure), you need to set
    $id = $_GET['id'];

  6. #6
    Non-Member
    Join Date
    Feb 2008
    Location
    Idaho Falls, Idaho
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ahh ok. My host did change some stuff in the php.ini file. That must have been it. adding "$id = $_GET['id'];" made it work. Thanks for your help

    Is it alright if you link me to a tut or some code that I will be able to have those brower windows open asking if you want to delete or not. Just to confirm wheather the user really wants to delete or not. Im not sure what those pop-up windows thingys are called.

  7. #7
    SitePoint Guru
    Join Date
    Jul 2005
    Location
    Orlando
    Posts
    634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    They are created using the confirm JS function.

    http://www.tizag.com/javascriptT/javascriptconfirm.php

    There is also alert and prompt.

  8. #8
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're willing to embed JS directly into the tag, you can do this:

    onclick="return confirm('Are you sure [...]?')"

  9. #9
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I hope you are doing at least some input validation, or someone could "open" URL like this:
    done.php?cmd=delete&id=1'&#37;20OR%20'1'='1

  10. #10
    Non-Member
    Join Date
    Feb 2008
    Location
    Idaho Falls, Idaho
    Posts
    40
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Aleksejs View Post
    I hope you are doing at least some input validation, or someone could "open" URL like this:
    done.php?cmd=delete&id=1'%20OR%20'1'='1
    im a newb. what does that do exactly? and how can i avoid it?

  11. #11
    SitePoint Addict silentcollision's Avatar
    Join Date
    Jun 2006
    Location
    New Zealand
    Posts
    388
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by buyblogcomments View Post
    im a newb. what does that do exactly?
    http://en.wikipedia.org/wiki/SQL_injection

    and how can i avoid it?
    mysql_real_escape_string()

    PHP Code:
    $id mysql_real_escape_string($_GET['id']); 


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •