0

I have defined Three php file where first as function.php , categories.php and view_all_categories.php

Function.php includes code to delete the row from variables value passed from categories.php. Category.php includes view_all_categories.php inside. When clicked on Delete Button, Modal Box appears and on Confirmation, it doesn't delete the corresponding row. Please Help

Here is the Code for Category.php

<?php include"includes/delete_modal.php"; ?>
    <div id="wrapper">

        <!-- Navigation -->
        <?php include"includes/admin_navigation.php"; ?>
         
  
       
        <div id="page-wrapper">

            <div class="container-fluid">

         
                <div class="row">

                        
                        <div class="col-xs-6">
                            <table class="table table-hover table-bordered">
                                <thead class="thead-dark">
                                    <tr>
                                        <th>Id</th>
                                        <th>Category Title</th>
                                        <th>Options</th>
                                    </tr>
                                </thead>
                                <tbody>
                                   <?php  //Displasy table from categories
                                    include "includes/view_all_categories.php";?>
                                    
                                    
                                <?php  //delete categories
                                 delete_categories();
                                ?>
                                 
                                </tbody>
                            </table>
                            
                        </div>
                    </div>
           
                    
                    
                </div>
                <!-- /.row -->

            </div>
            <!-- /.container-fluid -->

        </div>
        <!-- /#page-wrapper -->

    </div>
    <!-- /#wrapper -->
    
    <script>

  $('#myModal').on('show.bs.modal', function (e) {
 
     $(this).find('.modal_delete_link').attr('href', $(e.relatedTarget).data('href'));

 });

</script>

Similarly code inside function.php is

function delete_categories(){

    global $connection;
    if(isset($_GET['delete'])){
    $del_id = $_GET['delete'];
    $query = "DELETE FROM categories WHERE cat_id = $del_id";
    $del_cat = mysqli_query($connection,$query);

    $query = "DELETE FROM posts WHERE post_category_id=$del_id";
    $del_category_rel_post = mysqli_query($connection,$query);
    header("Location: categories.php");
    }

and view_all_categories.php file include

<?php

$query = "SELECT * FROM categories";
$get_categories = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($get_categories)){
$cat_id = $row['cat_id'];
$cat_title = $row['cat_title'];

echo "<tr><td>{$cat_id}</td><td>{$cat_title}</td>
<td><a class='btn btn-danger' data-toggle='modal' data-target='#myModal' data-href='categories.php?delete=$cat_id' href='javascript:void(0)'>Delete</a> <a class='btn btn-primary' href='categories.php?update={$cat_id}'>Update</a></td></tr>";
}

?>

and delete_modal.php has 

<div id="myModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal Content -->
   
   <div class="modal-content">
       
       <div class="modal-container">
          <div class="modal-header">
           <button type="button" class="close" data-dismiss="modal">&times;</button>
           <h4 class="modal-title">Delete Confirm Box</h4>
            </div>
       <div class="modal-body">
           <p> Are you sure you want to delete?</p>
       </div>
       <div class="modal-footer">
            <a class="btn btn-danger modal_delete_link" href="">Delete</a>
           <button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
       </div>
    </div>
   </div>
   </div>
</div>

Any help is very useful.

redface
  • 305
  • 1
  • 6
  • 18
  • hard delete with `$_GET` is not a good practice. – devpro Mar 07 '19 at 14:53
  • 1
    What have you tried to debug the problem? That's a lot of code.... – Nico Haase Mar 07 '19 at 14:54
  • I tried to echo value of id and it displays the value also..so i'm not sure if anything wrong with my code or not. – redface Mar 07 '19 at 14:55
  • 1
    are u getting correct category id in your URL? delete param? what is the result of `print_r($_GET)` before `$query = "DELETE FROM categories WHERE cat_id = $del_id";` – devpro Mar 07 '19 at 14:57
  • if you are getting correct category id in url, then it means, `SELECT * FROM categories` query is working fine. next step to check DELETE query – devpro Mar 07 '19 at 14:58
  • 2
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Mar 07 '19 at 15:03
  • If category is a foreign key for the posts, then you can't delete the category before the posts, try swapping the deletes around (AND use prepared statements). – Nigel Ren Mar 07 '19 at 15:12
  • If I had a dollar for everytime I saw a post on SO getting warned about vulnerable SQL code... – dmikester1 Mar 07 '19 at 15:20
  • @dmikester1 depressingly common isn't it. I do wonder where people learn this from...there must be some very poor quality and/or outdated tutorials knocking about. There's really no reason (and hasn't been for well over a decade) not to use parameterised queries from the start. – ADyson Mar 07 '19 at 15:44
  • Thanks Guys. I just avoided modal ..and repalced with below code echo "Delete"; in view_all_categories.php and it worked. – redface Mar 07 '19 at 17:08

0 Answers0