Posted by J.O. Aho on 03/13/06 23:49

UKuser wrote:

> 1) When I post data in a url (i.e. post.php?id=120) and I use this
> code: $var = secure_field($id); it will work (on the
> "recieve_page.php"). However if I use $secure_field($_POST['$id']) or
> any POST/GET/REQUEST type option, it won't work. Its fine, because
> secure_field does what I need, however I'm just not sure why its not
> picking it up. (If I probe $var - the result is blank)

Maybe you are using a quite old version of PHP which don't support
$_GET/$_POST/$_REQUEST but $HTTP_GET_VARS/$HTTP_POST_VARS

If this is the case, update to at least PHP4.1.0, but of security reasons you
should update to latest version.


> 2) I have a table, where I want a delete button at the end of each row
> (as opposed to when only one record is displayed on the screen). I also
> don't want to have to post to an external delete.php file. Is there a
> way to do this?
>
> For example:
> print "<tr>
> <TD>{$rs->fields[0]}</TD>
> <TD>{$rs->fields[1]}</TD>
> <TD>{$rs->fields[2]}</TD>
> <TD>{$rs->fields[3]}</TD>
> <TD><a href='another_page.php?id=$id'>Edit</a></TD>
> <TD><a href='this_page.php?id=$id2'>Delete</a></TD>
>
> Where $id = $rs->fields[0]

As I don't know how your page works, I would set yet another variable, that
checks if there is a deletion in question or not

<TD><a href='this_page.php?id=$id2&task=delete'>Delete</a></TD>

Somewhere in the top of the page (before you do the query for your list), you
need to check if the page has been called with the task=delete or not

/* We do some checks to see if we should try to delete or not */
if(isset($task) && $task="delete" && is_numeric($id)) {
$query="DELETE FROM mytable WHERE id='$id'";
mysql_query($query);
/* You could add some error checking here to see if
* it was a successful delete or not and tell the user
*/
}


//Aho

[Back to original message]