[wp-hackers] Delete Row - Refreshes Page but not DB

Gregory Lancaster greglancaster71 at gmail.com
Sat Oct 19 18:32:23 UTC 2013


like this?

*jQuery( document ).ready( function( $ ) { *
*        *
*        // When a button is clicked within the table with id="mytable" *
*        $( '#mytable button' ).click( function( event ) { *
* *
*                event.preventDefault(); *
*
*
*                if ( ! confirm( 'Are you sure you want to continue' ) ) *
*                        return; *
*
*
* var $button = $(this);*
* var nonce = $( this ).attr('data-nonce');*
*                **                **var rowID = $( this ).attr('value'); *
* var file = $( this ).attr('file'); *
* *
* $button.closest("tr").css('background-color', '#C60').fadeIn();*
* *
*
*
*                var data = { *
*                        'action': 'my_delete_row_action', *
*                        'id': rowID,*
* 'file': file*
*                } *
*
*
*                $.post( *
*                        ajaxurl, *
*                        data,*
*                        function ( response ) { *
*                                if ( ! response.success ) { *
*
*
*                                        alert( 'Failure!' ); *
*                                } *
*                                        *
* $button.closest("tr").hide();*
*                                *
*                        } *
*                ); *
*        }); *
*}); *
*
*
*
*
*
*
and my remove_row function would function like this?

*function my_delete_row_action() {*
* global $wpdb;*
*
*
* if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file )
) {*
*    exit( 'Cheatin, huh?' );*
*}*
*
*
* $id = $_POST['id'];*
* $file = $_POST['file'];*

seems to fail regardless if I change an item or not.


On Sat, Oct 19, 2013 at 11:16 AM, Nikola Nikolov <nikolov.tmw at gmail.com>wrote:

> So something like this is what you should use instead:
>
> <button type="submit" name="deleteItem" value="<?php echo $row['id']; ?>"
> file="<?php echo $row['file']; ?>" data-nonce="<?php echo wp_create_nonce(
> 'delete_' . $row['id'] . '_' . $row['file'] ); ?>" class="delete-box"><span
> class="glyphicon glyphicon-remove"></span></button>
>
> You would have to add the value of the data-nonce attribute to your AJAX
> request(in the below example it's value is set to the 'nonce' parameter)
> and then on the PHP side of the request, you should do this:
>
> if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file ) )
> {
>     exit( 'Cheatin, huh?' );
> }
>
> This way if someone changes the value of the file OR "value" attributes,
> they won't be able to delete the item they were trying to delete.
>
>
> On Sat, Oct 19, 2013 at 8:56 PM, J.D. Grimes <jdg at codesymphony.co> wrote:
>
> > Yes, you should be using nonces -
> > http://codex.wordpress.org/WordPress_Nonces
> >
> > On Oct 19, 2013, at 1:53 PM, Gregory Lancaster <
> greglancaster71 at gmail.com>
> > wrote:
> >
> > > Yep, I had to add true.  So all this is executing based on the values
> of
> > > this button:
> > > <button type="submit" name="deleteItem" value="<?php echo $row['id'];
> ?>"
> > > file="<?php echo $row['file']; ?>" class="delete-box"><span
> > > class="glyphicon glyphicon-remove"></span></button>
> > >
> > > But couldnt someone just change the values of the fileid or rowid and
> > > delete other peoples content?
> > >
> > >
> > > On Sat, Oct 19, 2013 at 10:40 AM, J.D. Grimes <jdg at codesymphony.co>
> > wrote:
> > >
> > >> Hey man, that's tough. I'm glad you've got the code working though.
> > >>
> > >>> I finally got JDs code working but I have to place this in my
> functions
> > >> for
> > >>> ajax to work:
> > >>>
> > >>> add_action('wp_head','custom_head');
> > >>>
> > >>> function custom_head()
> > >>> {
> > >>>      echo '';
> > >>> }
> > >>>
> > >>>
> > >>> Is that alright?  Otherwise I get ajaxurl undefined error.
> > >>
> > >> I'm not sure why this would have an effect… If you are using the code
> on
> > >> the front end of your site, ajaxurl won't be defined - it is only
> > defined
> > >> by default in the administration panels. You would need to use
> > >> wp_localize_script().
> > >>
> > >>> Additionally, the json response works too! However one query always
> > >> fails.
> > >>>
> > >>> $file = $_POST['file'];
> > >>> $del_image = wp_delete_attachment( $row['file'] ); - fail
> > >>>
> > >>> I also tried this as an sql query:
> > >>>
> > >>> $file = $_POST['file'];
> > >>> $fileQry = $wpdb->prepare("DELETE FROM wp_posts WHERE id = %s",
> $file);
> > >>> $go_fileQry = $wpdb->query($fileQry);
> > >>>
> > >>> It still fails.  It IS possible to run multiple queries this way
> right?
> > >>
> > >> Is it completely failing? The wp_delete_attachment() call will only
> move
> > >> the attachment to the trash by default -if you want to delete it
> > >> permanently you need to set the second parameter to true.
> > >>
> > >> -J.D.
> > >> _______________________________________________
> > >> wp-hackers mailing list
> > >> wp-hackers at lists.automattic.com
> > >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >>
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list