CODEWITHSUNDEEP
phpjquerymysql
Jake Groves
Jake Groves

Reputation: 327

jQuery php to delete rows dynamically in table from mysql

I am have a page where i have the table row id defined by 'lesson_id' and i have a delete function for jquery that deletes that row without having to change page. It is almost all working but when it posts the information to delete_row.php it is not deleting the record. but delete_row.php is working because i've manually done delete_row.php?id=4 and it deleted that record succesfully. Any pointers and explanations would be great as i'm still learning.

lessons.php

<table id="lessons" class="table-hover">
    <thead>
        <tr>
            <th>Lesson ID</th>
            <th>Lesson Name</th>
            <th></th>
        </tr>
    </thead>
<tbody>
<?php 
while($row=mysqli_fetch_array($result)){
    echo '<tr id="'. $row['lesson_id'].'">';    
        echo '<td>'. $row['lesson_id'] .'</td>';
        echo '<td>'. $row['name'] .'</td>';
        echo '<td><a class="delete">Delete</a></td>';   
    echo '</tr>';
}
?>
</tbody>
<div id="error"></div>
<script>
$(document).ready(function()
{
    $('table#lessons td a.delete').click(function()
    {
        if (confirm("Are you sure you want to delete this row?"))
        {
            var id = $(this).parent().parent().attr('id');
            var data = 'id=' + id ;
            var parent = $(this).parent().parent();
            //$('#error').html(data);
            $.ajax(
            {
                   type: "POST",
                   url: "delete_row.php",
                   data: data,
                   cache: false,

                   success: function()
                   {
                    parent.fadeOut('slow', function() {$(this).remove();});
                   }
             });
        }
    });
});
</script>

delete_row.php

<?php
include ('../../../config.php');
$con = mysqli_connect ($dbhost,$dbuser,$dbpass,$dbname);
if (!$con){
    die('could not connect: '. mysqli_error($con));
}
$error = "";
$success = "";

if($_GET['id'])
{
$id = $_GET['id'];

mysqli_query($con,"DELETE FROM module_lessons WHERE lesson_id='$id'");
}
?>

as its obvious ... this has no sql injection protection on it.

Upvotes: 0

Views: 1766

Answers (1)

BugHunterUK
BugHunterUK

Reputation: 8938

Change $_GET['id']; to $_POST['id'];

Here, you're doing a POST request:

type: "POST",
url: "delete_row.php",

... but in your PHP script you're checking for GET.

Also, as marc b noted, you're currently vulnerable to SQL injection. Look into using mysqli_real_escape_string, or bind_param.

Upvotes: 2

Related Questions