Power By 专否社区

Checkbox Deleting - If statement inside For loop deletes wrong entries

Go To StackoverFlow.com

1

I have a page which displays my database information. Through each loop, there is a checkbox printed that is to delete the associated entry if checked and submitted. The checkbox names are 'delete[]' and there is the hidden value which contains the row id is named 'id[]'.

This is the relevant part of my form:

<tr><td valign='top'>
<label class='amarillo med' style='color:#C00;'>Delete Section </label>
<input type='checkbox' name='delete[]' />
<input type='hidden' name='id[]' value='" . $row['about_id'] . "' />
</td></tr>

This is my php and query

$deleteCount = count($_POST['delete']);
for ($x = 0; $x < $deleteCount; $x++) {
if(isset($_POST['delete'][$x])) {
   $sql = 'DELETE FROM about WHERE about_id = \''.$_POST['id'][$x].'\'';
 $result = mysql_query($sql);
}
}

This is what happens.

If three rows are returned and I want to delete only the third, I check the third box and click submit. This deletes the first row that was returned. Again, if three rows are returned and I want to delete the first and third, I submit and the first two rows are deleted.

What it looks like is happening is for every checkbox that is checked, that many rows are deleted starting with the first. Any advice would be greatly appreciated.

2012-04-05 21:27
by Yuschick
Include your form, too. Everything that is applicable - Blake 2012-04-05 21:28
the problem is from what id[] is returning .. include how you are generating value for idBaba 2012-04-05 21:31
I have updated to include the relevant parts of my form - Yuschick 2012-04-05 21:33

1

The best and much easier way is to use 

<input type="checkbox" name="delete[]" value="<?=$row['about_id']?>"/>

and then 

foreach($_REQUEST['delete'] as $delID)
{
   ...
}
2012-04-05 21:44
by Alexander Palamarchuk
As a basic security measure, use $POST not $GET or $REQUEST when modifying data; it makes CSRF attacks harder. See http://en.wikipedia.org/wiki/Cross-siterequest_forgery - El Yobo 2012-04-05 21:47
I don't recomend to interpret any advices so literally. Using $GET or $POST or even $_REQUEST must be based on application's requirments. One ought to solve CSRF problem in other way. And that was just an example - Alexander Palamarchuk 2012-04-05 21:57
The HTTP specification recommends that GET not be used to modify data (http://en.wikipedia.org/wiki/HypertextTransferProtocol#Request_methods), so it's good practice in addition to making any CSRF vulnerabilities harder to exploit. You're right that it isn't sufficient, but it dramatically increases the difficulty of exploitation - El Yobo 2012-04-05 22:09
I was able to use this with $POST versus the $REQUEST and it seems to work like a charm. Thank you very much! I appreciate the help - Yuschick 2012-04-05 23:18

1

Use the following code

<tr><td valign='top'>
<label class='amarillo med' style='color:#C00;'>Delete Section </label>
<input type='checkbox' name='delete[$row['id']]' />
<input type='hidden' name='id[$row['id']]' value='" . $row['about_id'] . "' />
</td></tr>

where $row['id'] is the id of the row

2012-04-05 21:44
by Krishna Deepak
If I did this, how would I then structure my loop - Yuschick 2012-04-05 23:13
Ads