?
Solved

Record Not Deleting

Posted on 2015-01-27
7
Medium Priority
?
31 Views
Last Modified: 2015-04-11
My PHP isn't deleting a record.

The link...
http://www.mediascrubber.com/records.php

The PHP
<?
include("7conn.php");
$recsno=$_GET["recsno"];
$data=trim($recsno);
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
	$id=trim($ex[$i]);
	$sql="delete from records where recordId='$id'";
	$result=mysql_query($sql,$connection) or die(mysql_error());
	
}
header("location: records.php");
?>

Open in new window


The HTML
<td align="center"><a href="<? echo "7delete.php?recordId=".$row['recordId']; ?>">Delete</a></td>

Open in new window

0
Comment
Question by:DS928
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 40574463
$id=trim($ex[$i]);   are  you sure you have id here? Just print & check it
0
 

Author Comment

by:DS928
ID: 40574468
I think the code is setup to loop through for a multiple delete.  I just need to delete a single record based on the recordId.

<?
include("7conn.php");
$recordId=recordId;
$recsno=$_GET["recsno"];
$data=trim($recsno);
$ex=explode(" ",$data);
$size=sizeof($ex);
for($i=0;$i<$size;$i++) {
	$id=trim($ex[$i]);
	$sql="delete from records where recordId='$id'";
	$result=mysql_query($sql,$connection) or die(mysql_error());
	
}
header("location: records.php");
?>

Open in new window

0
 

Author Comment

by:DS928
ID: 40574482
This worked.
<?php
$recordId =$_REQUEST['recordId'];

$con = mysql_connect("777","888","999");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("2222", $con);

// sending query
mysql_query("DELETE FROM records WHERE recordId = '$recordId'")
or die(mysql_error());      
header("location: records.php");
?>

Open in new window

0
WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 40574506
yes, you need to check why these codes are put here,

$recsno=$_GET["recsno"];
$data=trim($recsno);
$ex=explode(" ",$data);
$size=sizeof($ex);
0
 
LVL 7

Accepted Solution

by:
Vimal DM earned 2000 total points
ID: 40574929
Hi,
Points to be looked into,

1) Since your deleting record with reference to integer number, need not to be in single quote [recordId=$id]

2) Make sure your getting the connection string ($connection)

3) Apply if condition before executing the SQL Query (i.e to check "$id" value is available or not)
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 40575000
You have a security risk here.  Let me try to explain.

Before you go much further with this process, please take a step back to learn about the way HTTP requests work.  
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/A_11271-Understanding-Client-Server-Protocols-and-Web-Applications.html

In the world of PHP applications, we usually see two kinds of requests -- GET and POST.  GET requests use URL parameters to tell the server what to do, they can be bookmarked, etc.  A Google search is an example of a GET request.  GET requests must never modify the data on the server.  A GET request must always be considered idempotent.  If you want to modify the server data model (including delete a record) you do this via a POST request.

The PHP variable $_REQUEST is a dangerous thing.  The reason it's considered harmful is because it combines the request data from several sources.  As a result your script could find data that was expected for a POST request, but was actually presented via a GET request.  This is a giant security hole, and one that can be used to steal or destroy your data.

Consider this hypothetical web page that uses the script posted above..
<a href="http://path/to/badScript.php?recordId=1">1</a>
<a href="http://path/to/badScript.php?recordId=2">2</a>
<a href="http://path/to/badScript.php?recordId=3">3</a>
 ... etc ...
<a href="http://path/to/badScript.php?recordId=999">999</a>

Open in new window

Let's say I'm a "bad guy" and I put that script up on my server.  Then I feed that link to Google, Yahoo, or any other search engine.  The search engines will crawl that page, following every link, and each time they follow a link, your web site will delete one of the records from your database.

So, "safety first."  Please learn about PHP security before you expose your scripts on the internet!
0
 

Author Comment

by:DS928
ID: 40581651
Working on it.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question