Hello I have this delete function and I don't have any function set on it yet because I want to delete the data and redirect in the same page but I don't know how I tried researching but it doesn't work. In this page all of the information shown was sent from a page to this page in order for the user to view the schedule then have the option of deleting it but I don't know how to delete data and redirect into the same page without messing up the other data being shown..I tried using the header(location:) function but the moment I redirect the data that is shown there is not being shown because I did not pass any value while redirecting need help here, this is my code
if ($teacher<>""){
$query1 = mysqli_query($conn," SELECT * from schedule natural join instructor where day ='t' and schedule.instructorID ='$teacher' and timeID ='$id' and grade = '$grade' and semester = '$semester'");
}
elseif ($room<>""){
$query1 = mysqli_query($conn,"SELECT * from schedule natural join instructor where day = 't' and schedule.room = '$room' and timeID ='$id' and grade = '$grade' and semester = '$semester'");
}
elseif ($strand<>""){
$query1 = mysqli_query($conn,"SELECT * from schedule natural join instructor where day = 't' and schedule.strand= '$strand' and timeID ='$id' and grade = '$grade' and semester = '$semester'");
}
$row1 = mysqli_fetch_array($query1);
$id1 = $row['scheduleID'];
$count=mysqli_num_rows($query1);
if ($count==0)//checking
{
//echo "<td></td>";
}
else
{
//print
echo "<li class='showme'>";
echo "<a href='#' id='$id1' class='delete' title='Delete'>Remove</a>";
echo $row1['subject'];
echo "</li>";
echo "<li class='$displayc'>$row1[strand]</li>";
echo "<li class='$displaym'>$row1[fname], $row1[lname]</li>";
echo "<li class='$displayr'>Room $row1[room]</li>";
echo "</ul>";
echo "</div>";
}
?>
</td>
then I have the delete.php but I don't have any set function in there yet since it I only know how to delete using the form but the redirecting is the problem when you delete because of the reason stated above
Big security flaw: SQL Injection Use prepared statements for your queries
In your header location, just append a query string .
The query string can be retrieved with :
$grade = int($_GET['grade']);
$semester = int($_GET['semester']);
Where grade
and semester
are the parameter name. Note that the $_GET[...]
thingy has been wrapped with int(...)
for sanitation purposes. This ensure that $grade
and semester
will be ´int` (numbers).
Your location header should look like: LOCATION: http://yoursite/diplay-page.php?grade=7&semester=8
Also, when displaying, escape your data! Right now, you are vulnerable to XSS injections .
If you do not know how, start with OWASP advices : https://www.owasp.org/index.php/PHP_Top_5
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.