mysql - Trying to add a delete button to PHP website -


i'm new php , trying add delete button remove object (job) list, want delete button appear beside each of individual objects (jobs) , once clicked job gets deleted database table. below code both edit_jobs.php (displays jobs particular user) , delete_job.php (suppose remove particular job table) can please tell me i'm doing wrong,

my edit_jobs page displays jobs in table particular user has posted.

<?php         include_once "connect_to_mysql.php";         $id = $userid;         $username = $_get['username'];           $result = mysql_query("select * jobs user_id ='$id'")                 or die(mysql_error());          while ($row = mysql_fetch_array($result)) {             echo '<a href="job.php?id=' . $row['job_id'] . '"> ' . $row['job'] . '</a><br />';             echo 'category: ' . $row['category'] . '<br />';             echo 'description: ' . $row['description'] . '<br />';             echo '<a href="member.php?id=' . $row['userid'] . '">clients profile</a><br />';             echo '<br />';?>         <a href="delete_job.php?job_id=<?php echo $row['job']; ?>"                        onclick="return confirm('are sure want delete book?');">                        <img src="images/delete20.png" alt="delete book" />                     </a>         <?php } ?>

the delete_job page 

<?php if ($_server['request_method'] == 'get') { if (!empty($_get['job_id'])) {     $jobid = $_get['job_id'];      require_once 'connect_to_mysql.php';      $sql = "delete jobs job_id = ?";      $params = array($jobid);      $stmt = $link->prepare($sql);     $status = $stmt->execute($params);       if ($status == true) {         header("location: edit_jobs.php");     }     else {         $error_info = $stmt->errorinfo();         $error_message = "failed delete job: {$error_info[2]} - error code {$error_info[0]}";         require 'error.php';     } }  else {     $error_message = "book id not specified";     require 'edit_jobs.php'; } } else { } ?>

i see lot of problems code. number 1 - agree above vulnerabilities. easy fix; validate job id integer , don't execute sql code if fails validation.

number 2 - think $param = array($jobid) incorrect. you're not passing job variable sql code @ all... it's providing null value execution statement. cleaned code, can't guarantee work can't see sql statements, better approach , should work right...

# include before else...  require_once 'connect_to_mysql.php';    # ditch server validation check, waste of load time, store job id in variable off bat  $jobid = $_get['job_id'];    # validate if job is numeric , not empty  if ((!empty($jobid)) || (is_numeric($jobid))  {         # ditch $sql variable speed/memory, include in prepare statement      # note limit statement - it's practice limit deletion queries 1 row      # if deleting 1 row additional data doesn't accidentally deleted      $stmt = $link->prepare("delete jobs job_id = ? limit 1");            # code prepares job id parameterized query , tells database parse int      $stmt->bind_param('i', $jobid);            # execute , validate      $status = $stmt->execute($params);        if ($status == true)           header("location: edit_jobs.php");      else       {          $error_info = $stmt->errorinfo();          $error_message = "failed delete job: {$error_info[2]} - error code {$error_info[0]}";          require 'error.php';      }  }  else   {      $error_message = "booking id not valid";      require 'edit_jobs.php';  }    # make sure close database connection when finished...


Comments

Post a Comment

Popular posts from this blog

c# - DetailsView in ASP.Net - How to add another column on the side/add a control in each row? -

i have detailsview control on page used edit various fields of record, works in respect. i looking way add 1 column (and if works, why not more) right, absolutely read-only, show same fields of record comparison purposes. i aware there no obvious way such thing out of box detailsview . have looked other controls (transposed gridview , recommended formview , listview ), nothing satisfies. have special data binding setup using detailsview , can't out of without losing features. anyone on how "hack in" additional columns (for display only) on detailsview ? the solution have now, use second detailsview , visible set false in aspx. in code, make sure databind hidden detailsview hosts data third column first, initial detailsview named itemdetails . and in item created event, pass third column html rendering of hidden controls (in last code block) : protected void itemdetails_itemcreated(object sender, eventargs e) { if (dataite
Read more

javascript - firefox memory leak -

i have following script (i use raphaeljs also) draws circle, waits 1 second, draws circle again, etc (you can copy paste - functional, need include raphael raphaeljs.com): <div id="holder"> </div> <script src="raphael.js" type="text/javascript"></script> <script> var paper = raphael(10, 50, 320, 200); var rad = math.pi / 180; var finangle = 0; function sector(cx, cy, r, startangle, endangle, params) { var x1 = cx + r * math.cos(-startangle * rad), x2 = cx + r * math.cos(-endangle * rad), y1 = cy + r * math.sin(-startangle * rad), y2 = cy + r * math.sin(-endangle * rad); return ["m", cx, cy, "l", x1, y1, "a", r, r, 0, +(endangle - startangle > 180), 0, x2, y2]; } var path = sector(100,100,50,0,180); var arc = paper.path(path); function draw() { path = sector(100,100,50,0,finangle);
Read more

Trying to import CSV file to a SQL Server database using asp.net and c# - can't find what I'm missing -

i student , quite new programming, , given task using asp.net , c#, without being taught either. plan learn teach ourselves. the task stuck on making website import csv file sql server database of last year's room bookings around campus. the table has following columns: request_id; priority; module_id; day; start_time; length; park; students; room_code; status; semester_id; linked_request; week_1; week_2; week_3; week_4; week_5; week_6; week_7; week_8; week_9; week_10; week_11; week_12; week_13; week_14; week_15; ) in code, try make work 3 columns (request_id,priority,module) starters. when press import button, want read .csv file (with fixed name @ fixed directory) eg "1,2,3" - comma separating fields [delimiter] - , import sql server datab
Read more