0

There are may button son php page. I want to submit value of button and the delete record from table using that value. Ajaxz code is

$('#product-table td #delete').live("click", function () {
                var doDelete = confirm('Are you sure you want to delete this record?');
                deleteLinkObj = $(this);

                if (doDelete) {


                    var id = $(this).attr('accesskey');
        $("#deleteid").val(id); 
        $.ajax({
                    url: "purchase.php",
                    data: {deleteid:id},
                    dataType: 'html',
                    success: function() {

                    }
                });


                }
                else { return false; }
                });

On PHP I am trying to use value of deleteid but its not coming PHP code is 

if(@$_POST['deleteid']!="")
                    {
                    $sql="delete from purchasedetails where purchaseid='".$_POST['deleteid']."'";
                    if(!mysql_query($sql))
                            {
                            die('Error: ' . mysql_error());
                            }
                            else
                            {
                            $msg="Data is deleted";
                            }
                    }

I have tried usinng isset($_POST['deleteid']) then also its showing error

Dharmender
  • 126
  • 1
  • 7
  • 3
    **WARNING!** Your code contains an [SQL injection vulnerability](http://en.wikipedia.org/wiki/SQL_injection) -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is [very easy to fix](http://stackoverflow.com/q/60174/168868). Consider [switching to PDO](http://php.net/book.pdo) or [mysqli](http://php.net/book.mysqli) so you can use [prepared statements with parameterized queries](http://en.wikipedia.org/wiki/Prepared_statement). Also, dude, stop using the `@` operator. Don't hide errors, *fix* errors. – Charles Jan 03 '13 at 08:58
  • ...also, post the error you received.... –  Jan 03 '13 at 08:59
  • There is No error shown by it. It deosn't delete the record after confirming it is to be deleted.'@' is used to hide the warning Message ' variable not initialized'. – Dharmender Jan 03 '13 at 09:17

2 Answers2

1

By default $.ajax take type as GET, hence you need to define the type in you code

You can try like this $.ajax syntax-

    $.ajax({
                url: "purchase.php",
                data: $("#deleteid").val(id),
                type: POST
                dataType: 'html',
                success: function() {
Suresh Kamrushi
  • 15,627
  • 13
  • 75
  • 90
1

In your ajax call you aren't setting the request method to POST, therefore it will default to GET, that is why your post var is never present:

    $.ajax({
                type: 'POST',
                url: "purchase.php",
                data: {deleteid:id},
                dataType: 'html',
                success: function() {

                }
            });

As a quick fix for your SQL Injection vulnerability you can cast the id as int, but you should consider upgrading to PDO or MySQLi because the library you're using is deprecated.

$sql="delete from purchasedetails where purchaseid='".(int)$_POST['deleteid']."'";

Storing your purchaseid as the elements accesskey is not the best place, it would be better as a data-myid attribute, so you can access it with $(this).data('myid').

MrCode
  • 63,975
  • 10
  • 90
  • 112
  • I have tried it using POST but still the problem is same.The value is not getting submitted – Dharmender Jan 03 '13 at 09:15
  • Move the id from the accesskey and verify it's present in the HTML (view->source). Then watch the request in Firebug or Chrome dev tools to see what is sent. – MrCode Jan 03 '13 at 09:19
  • used data-myid and then done casting of id in delete command it has worked.Thanks. – Dharmender Jan 03 '13 at 09:28