[wp-hackers] Delete Row - Refreshes Page but not DB
Nikola Nikolov
nikolov.tmw at gmail.com
Sat Oct 19 18:35:46 UTC 2013
Move your
$id = $_POST['id'];
$file = $_POST['file'];
right after
global $wpdb;
They are just not defined when you try to use them in wp_verify_nonce()
On Sat, Oct 19, 2013 at 9:32 PM, Gregory Lancaster <
greglancaster71 at gmail.com> wrote:
> like this?
>
> *jQuery( document ).ready( function( $ ) { *
> * *
> * // When a button is clicked within the table with id="mytable" *
> * $( '#mytable button' ).click( function( event ) { *
> * *
> * event.preventDefault(); *
> *
> *
> * if ( ! confirm( 'Are you sure you want to continue' ) ) *
> * return; *
> *
> *
> * var $button = $(this);*
> * var nonce = $( this ).attr('data-nonce');*
> * ** **var rowID = $( this ).attr('value'); *
> * var file = $( this ).attr('file'); *
> * *
> * $button.closest("tr").css('background-color', '#C60').fadeIn();*
> * *
> *
> *
> * var data = { *
> * 'action': 'my_delete_row_action', *
> * 'id': rowID,*
> * 'file': file*
> * } *
> *
> *
> * $.post( *
> * ajaxurl, *
> * data,*
> * function ( response ) { *
> * if ( ! response.success ) { *
> *
> *
> * alert( 'Failure!' ); *
> * } *
> * *
> * $button.closest("tr").hide();*
> * *
> * } *
> * ); *
> * }); *
> *}); *
> *
> *
> *
> *
> *
> *
> and my remove_row function would function like this?
>
> *function my_delete_row_action() {*
> * global $wpdb;*
> *
> *
> * if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file )
> ) {*
> * exit( 'Cheatin, huh?' );*
> *}*
> *
> *
> * $id = $_POST['id'];*
> * $file = $_POST['file'];*
>
> seems to fail regardless if I change an item or not.
>
>
> On Sat, Oct 19, 2013 at 11:16 AM, Nikola Nikolov <nikolov.tmw at gmail.com
> >wrote:
>
> > So something like this is what you should use instead:
> >
> > <button type="submit" name="deleteItem" value="<?php echo $row['id']; ?>"
> > file="<?php echo $row['file']; ?>" data-nonce="<?php echo
> wp_create_nonce(
> > 'delete_' . $row['id'] . '_' . $row['file'] ); ?>"
> class="delete-box"><span
> > class="glyphicon glyphicon-remove"></span></button>
> >
> > You would have to add the value of the data-nonce attribute to your AJAX
> > request(in the below example it's value is set to the 'nonce' parameter)
> > and then on the PHP side of the request, you should do this:
> >
> > if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file )
> )
> > {
> > exit( 'Cheatin, huh?' );
> > }
> >
> > This way if someone changes the value of the file OR "value" attributes,
> > they won't be able to delete the item they were trying to delete.
> >
> >
> > On Sat, Oct 19, 2013 at 8:56 PM, J.D. Grimes <jdg at codesymphony.co>
> wrote:
> >
> > > Yes, you should be using nonces -
> > > http://codex.wordpress.org/WordPress_Nonces
> > >
> > > On Oct 19, 2013, at 1:53 PM, Gregory Lancaster <
> > greglancaster71 at gmail.com>
> > > wrote:
> > >
> > > > Yep, I had to add true. So all this is executing based on the values
> > of
> > > > this button:
> > > > <button type="submit" name="deleteItem" value="<?php echo $row['id'];
> > ?>"
> > > > file="<?php echo $row['file']; ?>" class="delete-box"><span
> > > > class="glyphicon glyphicon-remove"></span></button>
> > > >
> > > > But couldnt someone just change the values of the fileid or rowid and
> > > > delete other peoples content?
> > > >
> > > >
> > > > On Sat, Oct 19, 2013 at 10:40 AM, J.D. Grimes <jdg at codesymphony.co>
> > > wrote:
> > > >
> > > >> Hey man, that's tough. I'm glad you've got the code working though.
> > > >>
> > > >>> I finally got JDs code working but I have to place this in my
> > functions
> > > >> for
> > > >>> ajax to work:
> > > >>>
> > > >>> add_action('wp_head','custom_head');
> > > >>>
> > > >>> function custom_head()
> > > >>> {
> > > >>> echo '';
> > > >>> }
> > > >>>
> > > >>>
> > > >>> Is that alright? Otherwise I get ajaxurl undefined error.
> > > >>
> > > >> I'm not sure why this would have an effect… If you are using the
> code
> > on
> > > >> the front end of your site, ajaxurl won't be defined - it is only
> > > defined
> > > >> by default in the administration panels. You would need to use
> > > >> wp_localize_script().
> > > >>
> > > >>> Additionally, the json response works too! However one query always
> > > >> fails.
> > > >>>
> > > >>> $file = $_POST['file'];
> > > >>> $del_image = wp_delete_attachment( $row['file'] ); - fail
> > > >>>
> > > >>> I also tried this as an sql query:
> > > >>>
> > > >>> $file = $_POST['file'];
> > > >>> $fileQry = $wpdb->prepare("DELETE FROM wp_posts WHERE id = %s",
> > $file);
> > > >>> $go_fileQry = $wpdb->query($fileQry);
> > > >>>
> > > >>> It still fails. It IS possible to run multiple queries this way
> > right?
> > > >>
> > > >> Is it completely failing? The wp_delete_attachment() call will only
> > move
> > > >> the attachment to the trash by default -if you want to delete it
> > > >> permanently you need to set the second parameter to true.
> > > >>
> > > >> -J.D.
> > > >> _______________________________________________
> > > >> wp-hackers mailing list
> > > >> wp-hackers at lists.automattic.com
> > > >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > > >>
> > > > _______________________________________________
> > > > wp-hackers mailing list
> > > > wp-hackers at lists.automattic.com
> > > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list