Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

&action=delete 1

Status
Not open for further replies.

ttuser4

MIS
Jun 19, 2008
147
CA
hi,

i have trouble with this code, where everything works except the '&action=delete', i just cannot find out what is the cause:


</table>

<?php
include('../global/includes/_db_info.php');

if (isset($_GET['id_row']) && (isset($_GET['action']) && ($_GET['action']=='delete'))) {
mysql_query("UPDATE rrps SET Status='C' WHERE ID='$id_row';", $connection);
}

$userid=$_SESSION["uid"];

$result=mysql_query("SELECT id, project, system, units, span, width, timestmp, rate, cur, txservices, siteprep, sitedelivery, permits, supervis, install, other, gtotal FROM rrps WHERE USERID='$userid' AND STATUS='A' Order by ID Desc", $connection);

$num=mysql_numrows($result);

mysql_close();
?>
<table border="0" cellspacing="2" cellpadding="2" width="750" id="quotes">
<tr>
<th><font face="Arial, Helvetica, sans-serif">Project</font></th>
<th><font face="Arial, Helvetica, sans-serif">System</font></th>
<th><font face="Arial, Helvetica, sans-serif">Units</font></th>
<th><font face="Arial, Helvetica, sans-serif">Span</font></th>
<th><font face="Arial, Helvetica, sans-serif">Width</font></th>
<th><font face="Arial, Helvetica, sans-serif">Date, Time</font></th>
<th><font face="Arial, Helvetica, sans-serif">Total</font></th>
<th><font face="Arial, Helvetica, sans-serif">Currency</font></th>
<th><font face="Arial, Helvetica, sans-serif">Detail</font></th>
<th><font face="Arial, Helvetica, sans-serif">Delete</font></th>
</tr>

<?php
$i=0;
while ($i < $num) {

$txservice=mysql_result($result, $i, "txservices");
$siteprep=mysql_result($result,$i, "siteprep");
$sitedelivery=mysql_result($result, $i, "sitedelivery");
$permits=mysql_result($result, $i, "permits");
$supervis=mysql_result($result, $i, "supervis");
$install=mysql_result($result, $i, "install");
$other=mysql_result($result, $i, "other");
$gtotal=mysql_result($result,$i,"gtotal");
$rate=mysql_result($result,$i,"rate");

$serv=($siteprep+$sitedelivery+$permits+$supervis+$install+$other)*$rate*(1+$txservice/100);

$goods=$gtotal-$serv;

$f1=mysql_result($result,$i,"project");
$f2=mysql_result($result,$i,"system");
$f3=mysql_result($result,$i,"units");
$f4=round(mysql_result($result,$i,"span"));
$f5=round(mysql_result($result,$i,"width"));
$f6=mysql_result($result,$i,"timestmp");
$f7=number_format($goods*$rate+$serv,2);
$f8=mysql_result($result,$i,"cur");
$f9=mysql_result($result,$i,"id");
?>

<tr>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f1; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f2; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f3; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f4; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f5; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f6; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f7; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f8; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><a href="rrp_details.php?id_row=<?php echo $f9; ?>">Details</a></font></td>
<td><font face="Arial, Helvetica, sans-serif"><a href="rrp_myquotes.php?id_row=<?php echo $f9; ?>&action=delete" onclick="javascript:return confirm('Are you sure you want to delete this record ID=<?php echo $f9; ?>?')">Delete</a></font></td>
</tr>

<?php
$i++;
}
?>
</table>

thanks.
 
well i was able to pinpoint the problem, value of '$id_row' not passing into update query, but don't know how to fix it.
 
Well how about actually setting $id_row? Seems its not being set prior to being used. Or you expect it to exist because $_GET['id_row'] exists.

Code:
if (isset($_GET['id_row']) && (isset($_GET['action']) &&  ($_GET['action']=='delete'))) {
[red]$id_row=mysql_real_escape_string($_GET['id_row']);[/red]
mysql_query("UPDATE rrps SET Status='C' WHERE ID='$id_row';", $connection);
}



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.
 
thanks you.
funny thing is the original code works on some servers even without this line:
$id_row=mysql_real_escape_string($_GET['id_row']);
maybe different php version?

thanks again.
 
Its a PHP setting called register_globals. Its a security risk to have it turned on, but if it is, values from form elements are automatically cast as $variables.

This can potentially override existing values, and other security measures. So its always recommended to keep it off.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top