Jazzy 1012
asked on
Using javascript confirmation for a delete in mysql
I have this code:
<?php
$query2= "SELECT * from `rsvp` WHERE `Gathered By` = '$username'";
$result= mysqli_query($conn, $query2);
while($row = mysqli_fetch_assoc($result))
{
echo '<tr>';
foreach($row as $fieldname => $values)
{
if($fieldname == 'id')
{
continue;
}
if($fieldname == 'Gathered By')
{
echo '<td>';
echo $values;
echo '</td>';
}
else if($fieldname == 'Date')
{
echo '<td>';
echo date("m/d/Y");
echo '</td>';
}
else
{
echo '<td>';
echo '<input class = "change readonly-input" value= "' .$values . '" readonly name="data[' . $row['id'] . '][' . $fieldname . ']" />';
echo '</td>';
}
}
echo '<td><a href="delete.php?id='.$row['id'].'"><i class="fa fa-trash"></i></a>';
echo '</td>';
My delete works but how can I do it with javascript confirm when I need to pass the id?
ASKER
It's okay, I just need a conformation, okay so is there a way to do it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The problem with the accepted solution is that it does nothing to mitigate the danger described above. A JavaScript solution assumes that the only way anyone can get to the delete script is through a JavaScript enabled web browser. And that's just wrong. If it were true, Google could not exist.
Strongly urge you to reconsider this strategy! JavaScript is the wrong tool.
Strongly urge you to reconsider this strategy! JavaScript is the wrong tool.
ASKER
Okay, thanks Ill take it into consideration!
Let's say you can delete a record with this link:
Open in new window
That means you can also delete a record with this link:
Open in new window
That means a bad actor could put together a collection of links like this:
Open in new window
Now imagine what would happen if the bad actor fed that page to Google. Google would spider the page, following all of the links. And your database would be wiped out.
One correct way to make a delete request is shown in this article. Look for the part about The Delete Script
https://www.experts-exchange.com/articles/12335/PHP-and-MySQLi-Table-Maintenance.html
Executive summary: JavaScript is the wrong tool for delete confirmation. You should use an HTTP request instead.