&action=delete 1

[ttuser4]

hi,

i have trouble with this code, where everything works except the '&action=delete', i just cannot find out what is the cause:


</table>

<?php
include('../global/includes/_db_info.php');

if (isset($_GET['id_row']) && (isset($_GET['action']) && ($_GET['action']=='delete'))) {
mysql_query("UPDATE rrps SET Status='C' WHERE ID='$id_row';", $connection);
}

$userid=$_SESSION["uid"];

$result=mysql_query("SELECT id, project, system, units, span, width, timestmp, rate, cur, txservices, siteprep, sitedelivery, permits, supervis, install, other, gtotal FROM rrps WHERE USERID='$userid' AND STATUS='A' Order by ID Desc", $connection);

$num=mysql_numrows($result);

mysql_close();
?>
<table border="0" cellspacing="2" cellpadding="2" width="750" id="quotes">
<tr>
<th><font face="Arial, Helvetica, sans-serif">Project</font></th>
<th><font face="Arial, Helvetica, sans-serif">System</font></th>
<th><font face="Arial, Helvetica, sans-serif">Units</font></th>
<th><font face="Arial, Helvetica, sans-serif">Span</font></th>
<th><font face="Arial, Helvetica, sans-serif">Width</font></th>
<th><font face="Arial, Helvetica, sans-serif">Date, Time</font></th>
<th><font face="Arial, Helvetica, sans-serif">Total</font></th>
<th><font face="Arial, Helvetica, sans-serif">Currency</font></th>
<th><font face="Arial, Helvetica, sans-serif">Detail</font></th>
<th><font face="Arial, Helvetica, sans-serif">Delete</font></th>
</tr>

<?php
$i=0;
while ($i < $num) {

$txservice=mysql_result($result, $i, "txservices");
$siteprep=mysql_result($result,$i, "siteprep");
$sitedelivery=mysql_result($result, $i, "sitedelivery");
$permits=mysql_result($result, $i, "permits");
$supervis=mysql_result($result, $i, "supervis");
$install=mysql_result($result, $i, "install");
$other=mysql_result($result, $i, "other");
$gtotal=mysql_result($result,$i,"gtotal");
$rate=mysql_result($result,$i,"rate");

$serv=($siteprep+$sitedelivery+$permits+$supervis+$install+$other)*$rate*(1+$txservice/100);

$goods=$gtotal-$serv;

$f1=mysql_result($result,$i,"project");
$f2=mysql_result($result,$i,"system");
$f3=mysql_result($result,$i,"units");
$f4=round(mysql_result($result,$i,"span"));
$f5=round(mysql_result($result,$i,"width"));
$f6=mysql_result($result,$i,"timestmp");
$f7=number_format($goods*$rate+$serv,2);
$f8=mysql_result($result,$i,"cur");
$f9=mysql_result($result,$i,"id");
?>

<tr>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f1; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f2; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f3; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f4; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f5; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f6; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f7; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><?php echo $f8; ?></font></td>
<td><font face="Arial, Helvetica, sans-serif"><a href="rrp_details.php?id_row=<?php echo $f9; ?>">Details</a></font></td>
<td><font face="Arial, Helvetica, sans-serif"><a href="rrp_myquotes.php?id_row=<?php echo $f9; ?>&action=delete" onclick="javascript:return confirm('Are you sure you want to delete this record ID=<?php echo $f9; ?>?')">Delete</a></font></td>
</tr>

<?php
$i++;
}
?>
</table>

thanks.

 

[ttuser4]

well i was able to pinpoint the problem, value of '$id_row' not passing into update query, but don't know how to fix it.

 

[vacunita]

Well how about actually setting $id_row? Seems its not being set prior to being used. Or you expect it to exist because $_GET['id_row'] exists.

if (isset($_GET['id_row']) && (isset($_GET['action']) &&  ($_GET['action']=='delete'))) {
[red]$id_row=mysql_real_escape_string($_GET['id_row']);[/red]
mysql_query("UPDATE rrps SET Status='C' WHERE ID='$id_row';", $connection);
}

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[ttuser4]

thanks you.
funny thing is the original code works on some servers even without this line:
$id_row=mysql_real_escape_string($_GET['id_row']);
maybe different php version?

thanks again.

 

[vacunita]

Its a PHP setting called register_globals. Its a security risk to have it turned on, but if it is, values from form elements are automatically cast as $variables.

This can potentially override existing values, and other security measures. So its always recommended to keep it off.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Behind the Web, Tips and Tricks for Web Development.

http://behindtheweb.blogspot.com/

 

[ttuser4]

thanks for the explanation.