Is this a good way, to delete all the selected rows from sql table?
The code works fine, but maybe there other or better ways to do this. The real_ escape_string function is in the good place, or i should put in in the foreach loop, before the sql query?
$('.deleteRows').click(function(e)
{
e.preventDefault();
var val = [];
if(confirm("Biztos, hogy törölni szeretné a kijelölt sorokat?"))
{
$(':checkbox:checked').each(function(i){
val[i] = $(this).val();
});
$.ajax({
data: { val:val },
type: 'POST',
url: 'files/delete_all_uzenet.php',
success: function(data)
{
var result = $.trim(data);
$('#newsletterResult').html(data);
$('#newsletterModal').modal('show');
},
complete: function()
{
setTimeout(function()
{
location.reload();
}, 4000 );
}
});
}
return false;
});
Php file:
<?php
include_once("../../files/connect.php");
if(isset($_POST['val']))
{
foreach($_POST['val'] as $v)
{
mysqli_query($kapcs, $sql = "DELETE FROM kapcsolatfelvetel WHERE kapcsolat_id = '".mysqli_real_escape_string($kapcs, $v)."'") or die(mysqli_error($kapcs));
}
echo 'Rows deleted';
}
else
{
exit("No rows selected.");
}
?>
Your code will execute a lot faster if you merge all operations in a single query. Once you've verified that you have values to delete, do something such as:
$p = &$_POST['val']; //$p refers to $_POST['val'];
//clean all inputs
foreach($p as &$v) $v = "'". mysqli_escape_string($kapcs,$v) ."'";
//transform to "('value1', 'value2'...)"
$values = '('.implode(',',$p).')';
//build one sql to delete all rows
$sql = "DELETE FROM kapcsolatfelvetel WHERE kapcsolat_id IN $values";
You can then run the query to delete all rows at once.
PS: You use string escaping to clean your strings; that's much better than nothing, but not as good as prepared statements and parameterized queries.
PPS: You should also check that your query executed successfully. It's a mistake to assume that just because you called mysqli_query
, the rows were deleted.
@BeetleJuice
So, this is the right way?
<?php
include_once("../../files/connect.php");
if(isset($_POST['val']))
{
$p = &$_POST['val'];
foreach($p as &$v)
{
$v = "'". mysqli_escape_string($kapcs, $v) ."'";
}
$values = '('.implode(',',$p).')';
mysqli_query($kapcs, $sql = "DELETE FROM kapcsolatfelvetel WHERE kapcsolat_id IN $values") or die(mysqli_error($kapcs));
echo 'Rows deleted ok.';
}
else
{
exit("No rows selected.");
}
?>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.