dunklesToast
Reputation: 382
HTML - MySQL Table delete entry
I have a problem. I want a Table on my page, which shows things from a MySQL DB. This works just fine:
<?php
$pdo = new PDO('mysql:host=localhost;dbname=********', '********', '********');
$sql = "SELECT subject, givenOn, toDate, teacher, what FROM homework";
echo "<table>";
foreach ($pdo->query($sql) as $row){
// echo "Fach:" . $row['subject'] . " - Lehrer:" . $row['teacher'] . " - Was: " . $row['what'] . $
echo "<tr>";
echo "<td>", $row['subject'], "</td>";
echo "<td>", $row['teacher'], "</td>";
echo "<td>", $row['what'], "</td>";
echo "</tr>";
}
echo "</table>";
?>
But I want another column behind the "what" - one which contains a Link to remove the Line. I dont know how its possible to say the Links what he has to delete. My idea was a PhP Page which has arguments like:
delete.php?subject=math&teacher=smith&what=p13
But this is very unsecure, isnt it?
Have u any Ideas how I can solve this problem?
dunklesToast
Upvotes: 1
Views: 68
Answers (1)
gouchaoer
Reputation: 645
yes, it is.
1, you need to control who can delete an item, which is a rbac system.
2, delete should use POST rather than GET.
3,use PDOStatement::bindParam to prevent sql injection.
Upvotes: 1
Related Questions
- Change an HTML input's placeholder color with CSS
- How to reset AUTO_INCREMENT in MySQL
- How to add a column with a default value to an existing table in SQL Server?
- How to import an SQL file using the command line in MySQL?
- How do you parse and process HTML/XML in PHP?
- Finding duplicate values in a SQL table
- PostgreSQL "DESCRIBE TABLE"
- Why does HTML think “chucknorris” is a color?
- Should I use the datetime or timestamp data type in MySQL?
- HTML: Valid id attribute values?