|
PHP - Making A Secure Delete Button (best Way?)
Hi,
So I have a private page where I have a delete button.
The delete button just links to a page something like this: mysite.com/?postid=123&confirm=1 When confirm is set, the page is deleted.
The problem is, a malicious person could reverse engineer the URL and trick (logged in) users of the site into clicking the link.
How can I verify that the last page visited was from my site, in the private section?
Possible solutions:
I was thinking HTTP_REFERER (mispelled due to html standard stupidity), but heard it's not robust.
Right now I'm just setting a cookie for 1 minute, to limit the likelihood of hacking, but wonder if there is a better way.
Similar TutorialsWhat kinds of things can I do to make Logging-In and being Logged-In *secure*?? I get the whole form validation thingy, but what about from the standpoint of how/where I store data in my database and how I keep track of who is logged in and where they can go, and so on? Thanks, Debbie Can anyone help me make this more secure? I want to link the info to .inc instead of pulling this info straite from the page // cPanel info $cpuser = 'userhere'; // cPanel username $cppass = 'passwordhere'; // cPanel password $cpdomain = 'mysite.com'; // cPanel domain or IP $cpskin = 'x'; // cPanel skin. Mostly x or x2. // See following URL to know how to determine your cPanel skin // http://www.zubrag.com/articles/determine-cpanel-skin.php // Default email info for new email accounts // These will only be used if not passed via URL $epass = 'hispassword'; // email password $edomain = 'mysite.com'; // email domain (usually same as cPanel domain above) $equota = 20; // amount of space in megabytes The only time it pulls the info is in this line // Create email account $f = fopen ("http://$cpuser:$cppass@$cpdomain:2082/frontend/$cpskin/mail/doaddpop.html?email=$euser&domain=$edomain&password=$epass"a=$equota", "r"); if (!$f) { $msg = 'Cannot create email account. Possible reasons: "fopen" function allowed on your server, PHP is running in SAFE mode'; break; } $msg = "<h2>Email account {$euser}@{$edomain} created.</h2>"; Thank you for the h elp once again Hi all. Here is my scripts which allow user to check multiple rows of data and delete it , but it require select data and click for twice to delete the rows , what should be the error? Code: [Select] <form name="frmSearch" method="post" action="insert-add.php"> <table width="600" border="1"> <tr> <th width="50"> <div align="center">#</div></th> <th width="91"> <div align="center">ID </div></th> <th width="198"> <div align="center">First Name </div></th> <th width="198"> <div align="center">Last Name </div></th> <th width="250"> <div align="center">Mobile Company </div></th> <th width="100"> <div align="center">Cell </div></th> <th width="100"> <div align="center">Workphone </div></th> <th width="100"> <div align="center">Group </div></th> </tr> </form> <? echo "<form name='form1' method='post' action=''>"; while($objResult = mysql_fetch_array($objQuery)) { echo "<tr>"; echo "<td align='center'><input name=\"checkbox[]\" type=\"checkbox\" id=\"checkbox[]\" value=\"$objResult[addedrec_ID]\"></td>"; echo "<td>$objResult[addedrec_ID] </td>"; echo "<td>$objResult[FirstName]</td>"; echo "<td>$objResult[LastName] </td>"; echo "<td>$objResult[MobileCompany] </td>"; echo "<td>$objResult[Cell] </td>"; echo "<td>$objResult[WorkPhone] </td>"; echo "<td>$objResult[Custgroup] </td>"; echo "</tr>"; } echo "<td colspan='7' align='center'><input name=\"delete\" type=\"submit\" id=\"delete\" value=\"Delete\">"; if (isset($_POST['delete']) && isset($_POST['checkbox'])) // from button name="delete" { $checkbox = ($_POST['checkbox']); //from name="checkbox[]" $countCheck = count($_POST['checkbox']); for($d=0;$d<$countCheck;$d++) { $del_id = $checkbox[$d]; $sql = "DELETE from UserAddedRecord where addedrec_ID = $del_id"; $result2=mysql_query($sql) or trigger_error(mysql_error());;; } if($result2) { $fgmembersite->GetSelfScript(); } else { echo "Error: ".mysql_error(); } } echo "</form>"; Thanks for every reply. Hello. I am trying to make a very simple shopping cart. The add to cart button on a product simply just insert a record to my shopping cart table in MySQL. and then my shopping cart just reads from that table, and displays in a table. What i want now is a "remove from shopping cart" button, a button that removes the product on the same line as the button. How do i do that? Thanks Hey guys just wandered if you can help me on my website in the mailbox section next to the message there is a delete button to obviously delete that current message.
However as I am sure you can appreciate it get tedious when you have 20 messages to do them all at once.
So I am after putting a button at the top of this column in the table that will delete all the messages in there with one click.
Below is the coding of where all this takes place:
function mailbox($mes,$page)
{
global $config;
if(!$page)
{
$page="1";
}
$page=($page - 1);
$totalmes=mysql_query("SELECT COUNT(*) FROM messages WHERE toid='".$_SESSION['tid']."' AND rcvddel=0");
$totalmes=mysql_result($totalmes,0);
$out[body].="
<div style='float:left;width:69%;margin:5px;'>
<table cellspacing='1' cellpadding='1' border='0' width='100%'>
<tr>
<td width='100%' class='blk_tcon' colspan='5'><b>" . LANG_MAI_MAILBOX . "</b></td>
</tr>
<tr>
<td width='50%' colspan='2' class='blk_tcon_top'>" . LANG_MAI_SUBJECT . "</td>
<td width='20%' class='blk_tcon_top'>" . LANG_MAI_FROM . "</td>
<td width='25%' class='blk_tcon_top'>" . LANG_MAI_DATE . "</td>
<td width='5%' class='blk_tcon_top'></td>
</tr>";
$fmail=mysql_query("SELECT id,fromid,subject,active,sent FROM messages WHERE toid='".$_SESSION['tid']."' AND grid='1' AND rcvddel=0 ORDER BY sent DESC LIMIT $page, 15");
while(list($id,$fromid,$subject,$active,$sent)=mysql_fetch_row($fmail))
{
$from=mysql_query("SELECT name FROM members WHERE id='$fromid'");
$from=mysql_fetch_array($from);
if($fromid == '01')
{
$froma="Site Challenge";
}else{
$froma="<a href='./profile.php?account=$fromid'>$from[name]</a>";
}
if($active == 1)
{
$icon="<img src='./images/unread.gif' border='0' alt='' />";
$title="<a href='./mailbox.php?action=readmail&mailtype=received&mid=$id'><b>$subject</b></a>";
}else if($active == 2){
$icon="<img src='./images/read.gif' border='0' alt='' />";
$title="<a href='./mailbox.php?action=readmail&mailtype=received&mid=$id'>$subject</a>";
}else{
$icon="<img src='./images/replied.gif' border='0' alt='' />";
$title="<a href='./mailbox.php?action=readmail&mailtype=received&mid=$id'>$subject</a>";
}
$out[body].="
<tr>
<td width='5%' align='center' class='blk_tcon'>$icon</td>
<td width='45%' align='left' class='blk_tcon'>$title</td>
<td width='20%' align='center' class='blk_tcon'>$froma</td>
<td width='25%' align='center' class='blk_tcon'>$sent</td>
<td width='5%' align='center' class='blk_tcon'>
<form method='post'>
<input type='hidden' name='mail[id]' value='$id' />
<input type='hidden' name='mail[mailtype]' value='received' />
<input type='hidden' name='action' value='delete' />
<input type='submit' class='button' name='submit' value='X' style='color:red; font-weight:bold;' title='" . LANG_MAI_DELETE . "' />
</form>
</td>
</tr>";
}
if($totalmes == 0)
{
$out[body].="
<tr>
<td width='100%' align='center' colspan='5' class='blk_tcon'>" . LANG_MAI_MAILBOX_EMPTY . "</td>
</tr>";
}
$pagenow=($page + 1);
$pages=1;
if($pagenow==1)
{
$skipranks.="[$pages] ";
}else{
$skipranks.="<a href='./mailbox.php?page=1'>$pages</a> ";
}
$arank=1;
$brank=15;
while($brank < $totalmes)
{
$arank=($arank + 15);
$brank=($brank + 15);
$pages++;
if($pagenow==$arank)
{
$skipranks.="[$pages] ";
}else{
$skipranks.="<a href='./mailbox.php?page=$arank'>$pages</a> ";
}
}
$out[body].="
<tr>
<td width='100%' align='center' class='blk_tcon' colspan='5'>$skipranks</td>
</tr>
</table>
</div>
".TOP_MENU."";
include("$config[html]");
}
</tr>";
Im displaying the results of a database by using a while loop... so Im trying to figure out how to delete some entries from the datbase. What I wanted to do is add a button in each result that will have the value "delete"... but I cant figure out how to do this. Im kinda new to mysql. I just want it so when I click the button the result will get deleted from the database. I did some research on this but I cant really grasp the examples. Can anybody help me out with this one? Thanks! Hi I have made this simple login page by setcookies function and I want now to make a logout button. Here the codeĀ
<?php
/*
PHP Form Login Remember Functionality with Cookies
*/
if(!empty($_POST["remember"])) {
setcookie ("username",$_POST["username"],time()+ 3600);
setcookie ("password",$_POST["password"],time()+ 3600);
setcookie ("color",$_POST["color"],time()+ 3600);
//3600 = 1 hour
//86400 = 1 day
//(8640*30) = 1 month
echo "Cookies Set Successfuly";
} else {
setcookie("username","");
setcookie("password","");
setcookie("color","");
echo "Cookies Not Set";
}
?>
<form action="Cookies.php" method="post"
style="border: 2px dotted blue;
text-align:center; width: 400px;">
<p>Welcome <?php echo ( !empty($_POST ['username']) ) ?
$_POST ['username'] : 'USER'; ?>
</p>
<p>Username: <input name="username" type="text"
value="<?php if(isset($_COOKIE["username"]))
{ echo $_COOKIE["username"],( !empty($_POST ['username']) ) ?
$_POST ['username'] : '';} ?>" >
</p>
<p>Password: <input name="password" type="password" value="
<?php if(isset($_COOKIE["password"]))
{ echo $_COOKIE["password"]; } ?>" >
</p>
<p>Choose Your Favorite Color: <input name="color" type="color"
value="<?php if(isset($_COOKIE["color"]))
{ echo $_COOKIE["color"]; } ?>">
</p>
<p><input type="checkbox" name="remember" /> Remember me</p>
<p><input type="submit" value="Login"></p>
</form>
Any idea ?? I have a download-list, and want to have a delete-button/link at each file. I have tried different codes, but i'm new to php and need some help. if ($handle = opendir('files/engelsk/')) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { $en .= '» <a href="/files/engelsk/'.$file.'">'.$file.'</a> - <i><a href="#">Delete file</a></i><br />'; } } closedir($handle); } It's the "<a href="#">Delete file</a>" I want to be the delete-button. Please help! Hi I've been scouring the net and I cant find anything that works. Can someone tell me how to put a delete button next to each record? Any help is appreciated, thank you! Code: [Select] $term = strtolower ($_POST['term']); $sql = mysql_query("select * from $table where first like '%$term%' or last like '%$term%'"); while ($row = mysql_fetch_array($sql)){ echo 'ID: '.$row['id']; echo '<br/> first: '.$row['first']; echo '<br/> last: '.$row['last']; echo '<br/> phone: '.$row['phone']; echo '<br/> mobile: '.$row['mobile']; echo '<br/> fax: '.$row['fax']; echo '<br/> email: '.$row['email']; echo '<br/> web: '.$row['web']; echo '<br/><br/>'; } ?> </p> Hello, I am new to php, and what I need to know and learn is a part of an assignment I normally wouldn't ask for help on the net for an assignment but my teacher is not very helpful and other students are struggling too! I have searched the net inside and out and have tried many things. My problem is that I am trying to remove a line from an array by clicking a delete button. The outpur I need is: a line of text that comes from my text file after it is exploded into an array | With a delete button here next line of text that comes from my text file after it is exploded into an array | With a delete button here etc I have managed to write this much myself - Code: [Select] <?php $file = fopen('fav/fav.txt', 'r'); $file = file_get_contents('fav/fav.txt'); $file_array = explode("\n",$file); array_pop($file_array); foreach($file_array as $line) { echo "<form method='post' action=''>".$line. "<input type='submit' name='post' value='delete'><br>"; $fh = fopen("fav/fav.txt",'w'); foreach ($file_array as $line) { fwrite($fh,$line."\n"); } fclose($fh); } ?> The array_pop deletes from the bottom instead of the line the button is next too, I realise I will need to use and if statement but this is the closest I have gotten. Thanks in advance!!! I am new to php and I thought it best to start by using a CMS and creating small functions to extend it's functionality. I will start by explaining the situation around what I want to do. I am trying to create a module for the drupal CMS. The module I am trying to create I am creating for my girlfriends son (for when it is complete he will be the one maintaining it through the web interface). He wants a game server (WOW) and a web site that once they create an account on the web site it will create an account on the game server as well. If I understand the way this works correctly for this game server to work you need a logon database and then a character and world database for each realm you have. With that basically what happens is you go to the drupal web site and click create account, input a username, email address and password and agree to terms of service. Then drupal does some checks and writes the information to the drupal database and with the module I creating it will write to the logon database as well. I am working on the admin forms so you can edit how many realms the server has the sql statement to login to the game and add and delete realms. I have been looking at an example of a form for drupal here http://drupal.org/node/717746 but have converted it to my purpose and it brings up some questions here is what I have so far: function wowcp_gameserver_settings($form_state) { $form['server'] = array( '#type' => 'fieldset', '#title' => t('WOW Game Server Core'), ); $form['server']['decision'] = array( '#type' => 'select', '#title' => 'Select the Server Core that your WOW server runs on', '#options' => array('TrinityCore2', 'ArcEMU', 'Aspire', 'Mangos'), '#default_value' => TrinityCore2, ); $form['server']['sql_command'] = array( '#type' => 'textfield', '#title' => 'Select the SQL command for your server core', '#size' => 150, ); $form['server']['max_realms'] = array( '#type' => 'textfield', '#title' => t('Select the maximum realms allowed'), '#size' => 2, ); $form['logon'] = array( '#type' => 'fieldset', '#title' => t('WOW Game Server LOGON database setup') ); $form['logon']['logon_db'] = array( '#type' => 'textfield', '#title' => t('Enter the name of the LOGON database'), '#size' => 25, ); $form['logon']['logon_username'] = array( '#type' => 'textfield', '#title' => t('Enter the username for the LOGON database'), '#size' => 25, ); $form['logon']['logon_password'] = array( '#type' => 'textfield', '#title' => t('Enter the password for the LOGON database'), '#size' => 25, ); $form['realm']['character'] = array( '#type' => 'fieldset', '#title' => t('WOW Game Server first realm'), ); $form['realm']['character']['character_db'] = array( '#type' => 'textfield', '#title' => t('Enter the name of the CHARACTER database'), '#default_value' => $form_state['values']['character_db'], '#size' => 25, ); $form['realm']['character']['character_username'] = array( '#type' => 'textfield', '#title' => t('Enter the username for the CHARACTER database'), '#default_value' => $form_state['values']['character_username'], '#size' => 25, ); $form['realm']['character']['character_password'] = array( '#type' => 'textfield', '#title' => t('Enter the password for the CHARACTER database'), '#default_value' => $form_state['values']['character_password'], '#size' => 25, ); $form['realm']['world']['world_db'] = array( '#type' => 'textfield', '#title' => t('Enter the name of the WORLD database'), '#defaule_value' => $form_state['values']['world_db'], '#size' => 25, ); $form['realm']['world']['world_username'] = array( '#type' => 'textfield', '#title' => t('Enter the username for the WORLD database'), '#defaule_value' => $form_state['values']['world_username'], '#size' => 25, ); $form['realm']['world']['world_password'] = array( '#type' => 'textfield', '#title' => t('Enter the password for the WORLD database'), '#defaule_value' => $form_state['values']['world_password'], '#size' => 25, ); if (isset($form_state['storage']['new_name'])) { $form['character2'] = array( '#type' => 'fieldset', '#title' => t('WOW Game Server CHARACTER database setup for realm2'), ); $form['character2']['character_db2'] = array( '#type' => 'textfield', '#title' => t('Enter the name of the CHARACTER database for relam2'), '#default_value' => $form_state['values']['character_db2'], '#size' => 25, ); $form['character2']['character_username2'] = array( '#type' => 'textfield', '#title' => t('Enter the username for the CHARACTER database for realm2'), '#default_value' => $form_state['values']['character_username2'], '#size' => 25, ); $form['character2']['character_password2'] = array( '#type' => 'textfield', '#title' => t('Enter the password for the CHARACTER database for realm2'), '#default_value' => $form_state['values']['character_password2'], '#size' => 25, ); $form['world2'] = array( '#type' => 'fieldset', '#title' => t('WOW ame Server WORLD database setup for realm2'), ); $form['world2']['world_db2'] = array( '#type' => 'textfield', '#title' => t('Enter the name of the WORLD database for realm2'), '#defaule_value' => $form_state['values']['world_db2'], '#size' => 25, ); $form['world2']['world_username2'] = array( '#type' => 'textfield', '#title' => t('Enter the username for the WORLD database for realm2'), '#defaule_value' => $form_state['values']['world_username2'], '#size' => 25, ); $form['world2']['world_password2'] = array( '#type' => 'textfield', '#title' => t('Enter the password for the WORLD database for realm2'), '#defaule_value' => $form_state['values']['world_password2'], '#size' => 25, ); } $form['submit'] = array( '#type' => 'submit', '#value' => 'Submit', ); $form['clear'] = array( '#type' => 'submit', '#value' => 'Reset', '#validate' => array('wowcp_form_clear'), ); if (empty($form_state['storage']['new_name'])) { $form['new_name'] = array( '#type' => 'submit', '#value' => 'Add Realm', '#validate' => array('wowcp_form_new_name'), ); $form['delete'] = array( '#type' => 'submit', '#value' => 'Delete Realm', '#validate' => array('wowcp_form_delete'), ); } return $form; } If max_realms is set to a large number the way I see it you would have to hard code everything into the php file. Instead of that could you not remove from the if(isset) and have it that when they click on the add realm button check to make sure the textfield contains a number if it doesn't return an error if it does contain a number make sure it is not greater then max_realms and then use a start count and adding that number to all the arrays for that realm and validate all the information is what you expect. I think this would work for adding realms, I think where the problem would come in is in deleting realms (or it could be me over thinking it). For example if you have max_realms set to 4 you could have 5 the one default one that can't be deleted plus 4 others and the ones that can be deleted would be called realm1 - realm4 if you delete the first 2 you would minus count by 2 so if you clicked add realm again it would try and create realm3 which already exists. Is there another way on doing this that you could create the realms and delete them and it not try to add realms with the same array name? Hi, I'm new to the forum so this could go in the MySQL section but I'm not sure. I am trying to make a page that will list all records from a column in HTML table and have a delete button to remove a specific record. I have got to the part where I have listed the records in a table. Note: Only records from a specific column ('links') are printed. Here is the code: Code: [Select] $con = mysql_connect("localhost","***","***"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("***", $con); $result = mysql_query("SELECT * FROM main"); echo "<table border='1'> <tr> <th>Current links</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['links'] . "</td>"; echo "</tr>"; } echo "</table>"; mysql_close($con); How would I go about adding a delete button next to each record to delete that specific record? Thanks for any help. Hi, I'm doing a simple e-mail using localhost, while doing the rest, I realized I need a delete button for it. Is there a simple way to delete the message when the user opens the mail content? This is the code I did for read_pm.php: Code: [Select] <?php include('config.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" /> <title>Read a PM</title> <script type="text/javascript"> <!-- function FP_swapImg() {//v1.0 var doc=document,args=arguments,elm,n; doc.$imgSwaps=new Array(); for(n=2; n<args.length; n+=2) { elm=FP_getObjectByID(args[n]); if(elm) { doc.$imgSwaps[doc.$imgSwaps.length]=elm; elm.$src=elm.src; elm.src=args[n+1]; } } } function FP_preloadImgs() {//v1.0 var d=document,a=arguments; if(!d.FP_imgs) d.FP_imgs=new Array(); for(var i=0; i<a.length; i++) { d.FP_imgs[i]=new Image; d.FP_imgs[i].src=a[i]; } } function FP_getObjectByID(id,o) {//v1.0 var c,el,els,f,m,n; if(!o)o=document; if(o.getElementById) el=o.getElementById(id); else if(o.layers) c=o.layers; else if(o.all) el=o.all[id]; if(el) return el; if(o.id==id || o.name==id) return o; if(o.childNodes) c=o.childNodes; if(c) for(n=0; n<c.length; n++) { el=FP_getObjectByID(id,c[n]); if(el) return el; } f=o.forms; if(f) for(n=0; n<f.length; n++) { els=f[n].elements; for(m=0; m<els.length; m++){ el=FP_getObjectByID(id,els[n]); if(el) return el; } } return null; } // --> </script> <style type="text/css"> .auto-style2 { font-family: "Gill Sans", "Gill Sans MT", Calibri, "Trebuchet MS", sans-serif; text-align: left; } .auto-style4 { color: #FFFFFF; } .auto-style1 { font-family: "Gill Sans", "Gill Sans MT", Calibri, "Trebuchet MS", sans-serif; } </style> </head> <body onload="FP_preloadImgs(/*url*/'default/images/buttonD5.jpg',/*url*/'default/images/buttonD6.jpg',/*url*/'default/images/button51.jpg',/*url*/'default/images/button52.jpg')"> <div class="header"> <a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a> </div> <?php //We check if the user is logged if(isset($_SESSION['email'])) { //We check if the ID of the discussion is defined if(isset($_GET['id'])) { $id = intval($_GET['id']); //We get the title and the narators of the discussion $req1 = mysql_query('select title, user1, user2 from pm where id="'.$id.'" and id2="1"'); $dn1 = mysql_fetch_array($req1); //We check if the discussion exists if(mysql_num_rows($req1)==1) { //We check if the user have the right to read this discussion if($dn1['user1']==$_SESSION['userid'] or $dn1['user2']==$_SESSION['userid']) { //The discussion will be placed in read messages if($dn1['user1']==$_SESSION['userid']) { mysql_query('update pm set user1read="yes" where id="'.$id.'" and id2="1"'); $user_partic = 2; } else { mysql_query('update pm set user2read="yes" where id="'.$id.'" and id2="1"'); $user_partic = 1; } //We get the list of the messages $req2 = mysql_query('select pm.timestamp, pm.message, users.id as userid, users.username from pm, users where pm.id="'.$id.'" and users.id=pm.user1 order by pm.id2'); //We check if the form has been sent if(isset($_POST['message']) and $_POST['message']!='') { $message = $_POST['message']; //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $message = stripslashes($message); } //We protect the variables $message = mysql_real_escape_string(nl2br(htmlentities($message, ENT_QUOTES, 'UTF-8'))); //We send the message and we change the status of the discussion to unread for the recipient if(mysql_query('insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "'.(intval(mysql_num_rows($req2))+1).'", "", "'.$_SESSION['userid'].'", "", "'.$message.'", "'.time().'", "", "")') and mysql_query('update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"')) { ?> <div class="message"><strong><span class="auto-style4">Your message has successfully been sent.</span></strong><br /> <a href="read_pm.php?id=<?php echo $id; ?>">Back to Message</a></div> <?php } else { ?> <div class="message"><strong><span class="auto-style4">An error occurred while sending the message.</span></strong><br /> <a href="read_pm.php?id=<?php echo $id; ?>">Back to Message</a></div> <?php } } else { //We display the messages ?> <div class="content"> <table class="messages_table"> <tr> <th class="auto-style2" style="height: 27px; width: 64px">Subject : <?php echo $dn1['title']; ?></th> </tr> <?php while($dn2 = mysql_fetch_array($req2)) { ?> <tr> <td class="auto-style2" style="height: 50px; width: 64px"> <div class="auto-style2">Sent by: <a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo $dn2['username']; ?> on <?php echo date('d/m/Y, g:i a' ,$dn2['timestamp']); ?></div> <br> <?php echo $dn2['message']; ?></a><br></td> </tr> <?php } //We display the reply form ?> </table> <br /> <div class="center"> <form action="read_pm.php?id=<?php echo $id; ?>" method="post"> <img id="img7" alt="Reply" fp-style="fp-btn: Braided Row 1; fp-font-style: Bold" fp-title="Reply" height="24" src="default/images/button53.jpg" style="border: 0" width="120" class="auto-style1" onmousedown="FP_swapImg(1,0,/*id*/'img7',/*url*/'default/images/button52.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img7',/*url*/'default/images/button53.jpg')" onmouseover="FP_swapImg(1,0,/*id*/'img7',/*url*/'default/images/button51.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img7',/*url*/'default/images/button51.jpg')"><br> <textarea rows="5" name="message" id="message" style="width: 311px"></textarea><br><br /> <input type="submit" value="Send" /> </form> </div> </div> <?php } } else { echo '<div class="message">You do not have the rights to access this page.</div>'; } } else { echo '<div class="message">This private message does not exists.</div>'; } } else { echo '<div class="message">The private message ID is not defined.</div>'; } } else { echo '<div class="message">You must be logged to access this page. Please register.</div>'; } ?> <div class="foot"><a href="list_pm.php"> <img id="img1" alt="Back to Inbox" fp-style="fp-btn: Braided Row 3; fp-font-style: Bold" fp-title="Back to Inbox" height="24" onmousedown="FP_swapImg(1,0,/*id*/'img1',/*url*/'default/images/buttonD6.jpg')" onmouseout="FP_swapImg(0,0,/*id*/'img1',/*url*/'default/images/buttonD4.jpg')" onmouseover="FP_swapImg(1,0,/*id*/'img1',/*url*/'default/images/buttonD5.jpg')" onmouseup="FP_swapImg(0,0,/*id*/'img1',/*url*/'default/images/buttonD5.jpg')" src="default/images/buttonD4.jpg" style="border: 0" width="120"></a></div> </body> </html> I have a dynamic script and need to create a click event function with JavaScript to delete the row which has a checkbox checked when the delete button is pressed. This is being implemented with PHP and as now serves as light code for this matter at hand. I was only able to delete all rows. I have my efforts with the js functions too. <script type="text/javascript"> var counter = 1; var limit = 6; function addTextArea() { if (counter == limit-1) { alert("Maximum limit " + counter + " sorry"); return false; } else { <!-- CAUTION THIS IS BACKWARDS. --> var newdiv = document.createElement('div'); newdiv.innerHTML = "" + (counter + 1) + " <br><textarea name='fav_det[]' id=counter rows='3' cols='20'>"; document.getElementById('div6').appendChild(newdiv); var newdiv = document.createElement('div'); newdiv.innerHTML = "" + (counter + 1) + " <br><textarea name='fav_col' id=counter rows='3' cols='20'>"; document.getElementById('div5').appendChild(newdiv); var newdiv = document.createElement('div'); newdiv.innerHTML = "" + (counter + 1) + " <br><textarea name='fav_mod[]' id=counter rows='3' cols='20'>"; document.getElementById('div4').appendChild(newdiv); var newdiv = document.createElement('div'); newdiv.innerHTML = " " + (counter + 1) + " <br><input type='text' name='truck[]' id=counter>"; document.getElementById('div3').appendChild(newdiv); var newdiv = document.createElement('div'); newdiv.innerHTML = " " + (counter + 1) + " <br><input type='text' name='car[]' id=counter>"; document.getElementById('div2').appendChild(newdiv); var newdiv = document.createElement('div'); newdiv.innerHTML = "" + (counter + 1) + " <br><input type='checkbox' name='chk[]' id=counter>"; document.getElementById('div1').appendChild(newdiv); counter++ return true; } } </script> <script type="text/javascript"> function deleteRowS(dataTable) { for (var rowi= table.rows.length; rowi-->0;) { var row= table.rows[rowi]; var inputs= row.getElementsByTagName('dataTable'); for (var inputi= inputs.length; inputi-->0;) { var input= inputs[inputi]; if (input.type==='checkbox' && input.checked) { row.parentNode.removeChild(row); break; } } } } </script> <script type="text/javascript"> function deleteRow() { var table = document.getElementById(tableID).tBodies[0]; var rowCount = table.rows.length; // var i=1 to start after header for(var i=1; i<rowCount; i++) { var row = table.rows[i]; // index of td contain checkbox is 8 var chkbox = row.cells[6].getElementsByTagName('input')[0]; if('checkbox' == chkbox.type && true == chkbox.checked) { table.deleteRow(i); } } }</script> </head> <table> <tr><td valign='top'><b>NEED DELETE ROW WITH CHECKBOX FUNCTION:</td></tr> </table> <table id="dataTable" width="auto" style="margin:-4px 0 0 0; padding:14px 0 0 0;" cellspacing="10px"><tbody id="dataTable"></tbody> <tr> <td valign='Top'> ✗ <div id="div1"> <input type="checkbox" name="chk[]" autocomplete="off" id="1" > </div> </td> <td valign='Top'> cars <div id="div2"> <input type="text" name="car[]" id="2" > </div> </td> <td valign='Top'> trucks <div id="div3"> <input type="text" name="truck[]" id="3" > </div> </td> <td valign='Top'> your favorite model <div id="div4"> <textarea name="mod[]" id="4" rows="3" cols="20"></textarea> </div> <br><br> </td> <td valign='Top'> your favorite add-ons <div id="div5"> <textarea name="fav_col" id="5" rows="3" cols="20"></textarea> </div> </td> <td valign='Top'> explain vehicle overall <div id="div6"> <textarea name="fav_det" id="6" rows="3" cols="20"></textarea> </div> </td> </tr> </table> <input type="button" value="Add another" onClick="addTextArea();" /> <input type="button" value="Delete row" onclick="deleteRow('dataTable');deleteRowS('dataTable')" /> Hello,
First of all I'd like to say thank you for all the great information on the forums, I've been reading a lot on here lately.
I've started to make a website where users can log in and submit items to a database, which is then displayed on another page.
If Tom and Bill both post 10 items, all 20 items will be displayed on the "listings" page, however on the main log in screen Tom will only see his own 10 items and Bill will see his own 10 items.
This is all working perfectly, however, I now need to add a delete button so that they can delete specific items.
I have loosely followed this tutorial here to get the table to display as I want it (amongst a few other things, such as the user logins) http://www.wickham43...mphptomysql.php
I've added the delete button in the PHP loop for each row, I just can't figure out how to delete the specific row when clicked.
Any help would be really appreciated
Edited by eklem, 22 October 2014 - 08:10 AM. <body> <?php
include 'sql.php';
$query = "SELECT * FROM validation";
$result = mysqli_query($con , $query);
$rows = mysqli_fetch_assoc($result) ;
$totals = mysqli_num_rows($result) ;
?>
<div id="css">
<form >
<table width="80%" border="0" cellpadding="2" cellspacing="2" >
<caption><h2>Personal Details of Customers</h2></caption>
<tr class="white">
<td bgcolor="#330033"> </td>
<td bgcolor="#330033"> Id Number </td>
<td bgcolor="#330033"> Full Name </td>
<td bgcolor="#330033"> Email Address </td>
<td bgcolor="#330033"> Website </td>
<td bgcolor="#330033"> Comment </td>
<td bgcolor="#330033"> Time </td>
</tr>
<?php while($rows=mysqli_fetch_assoc($result)
{
<tr>
<input type="raido" name="ID" value="<?php echo $rows['ID']; ?>" />
<td bgcolor="#FFFFCC"><?php echo $rows['ID'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Name'];?> </td>
<td bgcolor="#FFFFCC"><?php echo $rows['Email'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Website'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Comment'];?></td>
<td bgcolor="#FFFFCC"><?php echo $rows['Time'];?></td>
<td> </td>
<td> <a href="delete.php? ID= "$rows[ID]" /"> <input type="submit" name="del" value="Delete" /> </a> <input type="button" name= "edit" value="Edit" /> </td>
</tr>
}
?></table> </form> </div> </body> Hi,
I wish to find out is there any possible that I can delete some data inside my php website but inside my sql database, the record will still at there?
Thank you.
I'm trying to set it so that it will delete an entire populated directory based upon a value in the database then after finishing that to go back and delete that row in the database. my current code is Code: [Select] <?php $page_title = "Central Valley LLC | Photo Addition" ?> <?php include("header.php"); ?> <?php include("nav.html"); ?> <div id="content"> <form action="delprod.php" method="post" enctype="multipart/form-data"> <label for="which">Choose A Product To Remove:</label> <?php $con = mysql_connect("localhost","phoenixi_cv","centraladmin"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("phoenixi_cvproducts", $con); $result = mysql_query("SELECT * FROM Products"); echo "<select name=\"which\">"; while($row = mysql_fetch_array($result)) { echo "<option "; echo "value=\"" . $row['id'] . "\">"; echo $row['Name'] . "</option>"; } echo "</select>"; mysql_close($con); ?> <br /> <input type="submit" name="submit" value="Submit" /> </form> </div><!--#content--> <?php include("footer.html") ?> and the delete script Code: [Select] <?php $con = mysql_connect("localhost","phoenixi_cv","centraladmin"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("phoenixi_cvproducts", $con); $result = mysql_query("SELECT id FROM Products WHERE id=$_POST['which']"); $row = mysql_fetch_array($result) chdir('assets'); chdir('images'); $mydir = $row . '/'; $d = dir($mydir); while($entry = $d->read()) { if($entry!="." && $entry!="..") { unlink($_POST['which'] . '/' . $entry); } } rmdir($mydir); $result = mysql_query("DELETE * FROM Producs WHERE id=$_POST['which']"); ?> Thank you in advance for all your help. any easier ways of approaching this will be welcome as well I'm not amazing with PhP, so excuse me if it looks terrible xD I've taken tutorials, edited them to fit my wanting and tried it out, it seems to deny anything other than an image type, but could it be abused?
<div id="image-upload">
<h2>Upload your image</h2>
<form action="upload.php" method="post" enctype="multipart/form-data">
Upload:<br><br>
<input type="file" name="image"><br><br>
Image Title:<br><br>
<input type="text" name="image_title"><br><br>
<input type="submit" name="submit" value="Upload">
</form>
<?php
include("upload_file.php");
function GetImageExtension($imagetype)
{
if(empty($imagetype)) return false;
switch($imagetype)
{
case 'image/bmp': return '.bmp';
case 'image/jpeg': return '.jpg';
case 'image/png': return '.png';
default: return false;
}
}
if ($_FILES['image']['error'] !== UPLOAD_ERR_OK) {
die();
}
$extension = getimagesize($_FILES['image']['tmp_name']);
if ($extension === FALSE) {
die("<br><font color='#8B0000'>Unable to determine image typeof uploaded file</font>");
}
if (($extension[2] !== IMAGETYPE_GIF) && ($extension[2] !== IMAGETYPE_JPEG) && ($extension[2] !== IMAGETYPE_PNG)) {
die("<br><font color='#8B0000'>Only images are allowed!</font>");
}
if (!empty($_FILES["image"]["name"])) {
$file_name=$_FILES["image"]["name"];
$temp_name=$_FILES["image"]["tmp_name"];
$imgtype=$_FILES["image"]["type"];
$ext= GetImageExtension($imgtype);
$imagename=$_FILES["image"]["name"];
$target_path = "../../images/upload/".$imagename;
$title = $_POST["image_title"];
if(move_uploaded_file($temp_name, $target_path)) {
$query_upload="INSERT into `images_tbl` (`images_path`,`submission_date`,`image_title`) VALUES
('".$target_path."','".date("Y-m-d")."','".$title."')";
mysql_query($query_upload) or die("error in $query_upload == ----> ".mysql_error());
echo '<br>Image uploaded!';
}else{
echo '<br><font color="#8B0000">Only images are allowed!</font>';
}
}
?>
|
|||||||