I have a basic backoffice setup with a few tables listing the database content with an option to delete the rows, based on the id. But for every product that I have, I need to have different PHP delete files, in this example, "product_01"
, "product_02"
, etc.
How can I pass a custom id in the query string ( href='delete_product_01.php?id=...
) so I can have a conditional statement in the delete php file, this way I would only need one delete.php file.
Thank you
back.php.php
echo "<td class='deleteMe'><a class='delete_back' href='delete_product_01.php?id=".$record['id']."'>x</a></td>";
delete_product_01.php
include('config_delete.php');
if (isset($_GET['id'])) {
$id = $_GET['id'];
$query = mysql_query("DELETE FROM product_01_table WHERE id='$id'");
if ($query) {
header('location:back.php');
}
}
You could pass the product id as second get parameter, like
delete_product.php?id=4&product_id=1
And in your delete.php you could manipulate your string in some way like
"delete from product_".$_GET["product_id"]."_table where id='$id'"
but you really should NOT do this!
Here are multiple reasons, why such code design is VERY dangerous and bad:
One could easily exploit your get parameter to get evil sql code executed. Imagine someone calling
delete_product.php?id=4';DROP database;
By doing that, he would not only delete one product, he would delete everything. Have a look here for more information about that.
mysql_*
functions are long deprecated and should not be used. There are many reasons for this, have a look at this SO-Post
Having a designated table for every single Product of yours is very bad database design. Imagine your company (or whatever instance is selling here) making a change in their product portfolio, removing or adding a product. You would need to make a huge amount of changes. If you consider revising your concept (You really should!) this post will provide you with a good starting point.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.