Verify Delete JS function

D

driveflexfuel

New Member
Messages
159
Reaction score
0
Points
0
I am using the following JS to verify whether they wish to delete or not. For some reason when i click the delete button and click ok it does not delete the entry, but if i click it a second time it does delete it. Anyone have any suggestions to how i can solve this issue?

Code: 
function delete_record (form)
{
 var coupon1 = form.coupon1.value;
 var where_to = confirm("Do you really want to delete " + coupon1 + "?");
 if (where_to == true)
 {
     var delete_var = form.delete_id.value;
    var delete_url = "delete.php?id=" + delete_var;
   window.location = delete_url;
 }
}

This is the form

Code: 
<form class='delete_buttons' method='POST'>
<input type='hidden' value='" . $recc['coupon'] . "' name='coupon1' />
<input type='hidden' value='" . $recc['id'] . "' name='delete_id' />
<input type='image' src='images/delete.gif' title='". $index_delete . $recc['coupon'] ."' onClick='delete_record(this.form)' />
</form>

This is the delete.php

Code: 
$delete_id = $_GET['id'];
$query = "DELETE FROM coupons where id=" . $delete_id . " LIMIT 1";
mysql_query($query);
echo '<meta http-equiv="refresh" content="0;url=index.php" />';
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
driveflexfuel said:
This is the form

Code: 
<form class='delete_buttons' method='POST'>
<input type='hidden' value='" . $recc['coupon'] . "' name='coupon1' />
<input type='hidden' value='" . $recc['id'] . "' name='delete_id' />
<input type='image' src='images/delete.gif' title='". $index_delete . $recc['coupon'] ."' onClick='delete_record(this.form)' />
</form>
Click to expand...
The image input type is a submit button. If you use it, you must prevent the default submit handler. The more semantically sound approach is to use a <button> element with a style reset.

driveflexfuel said:
Code: 
$delete_id = $_GET['id'];
$query = "DELETE FROM coupons where id=" . $delete_id . " LIMIT 1";
Click to expand...

NO! NO! NO! You've opened yourself to SQL injection. Don't trust user input. Filter it with a filter function or escape it with either mysql_real_escape_string or mysql_escape_string
 
lemon-tree

lemon-tree

x10 Minion
Community Support
Messages
1,420
Reaction score
46
Points
48
NO! NO! NO! You've opened yourself to SQL injection. Don't trust user input. Filter it with a filter function or escape it with either mysql_real_escape_string or mysql_escape_string
Click to expand...
Glad you showed me that. My site already has type error checking, length checking, format checking and so on. But the 'mysql_real_escape_string' function would add even more security.
Thanks
 
D

driveflexfuel

New Member
Messages
159
Reaction score
0
Points
0
Thanks for the info. I'm not worried about the security on this because it is under password protection and on an internal network server, but thanks for your concern.
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
You trust your users (and their computers) much more than I. Hopefully none of their computers will get infected by a worm that uses SQL injection. Remember Storm?
 
You must log in or register to reply here.
Top