[wp-hackers] Delete Row - Refreshes Page but not DB

Gregory Lancaster greglancaster71 at gmail.com
Sat Oct 19 18:43:52 UTC 2013


Yea I just realized that :-/  Sorry I posted to quickly with the question.
 Works great. :)


On Sat, Oct 19, 2013 at 11:35 AM, Nikola Nikolov <nikolov.tmw at gmail.com>wrote:

> Move your
>
> $id = $_POST['id'];
> $file = $_POST['file'];
>
> right after
>
> global $wpdb;
>
> They are just not defined when you try to use them in wp_verify_nonce()
>
>
> On Sat, Oct 19, 2013 at 9:32 PM, Gregory Lancaster <
> greglancaster71 at gmail.com> wrote:
>
> > like this?
> >
> > *jQuery( document ).ready( function( $ ) { *
> > *        *
> > *        // When a button is clicked within the table with id="mytable" *
> > *        $( '#mytable button' ).click( function( event ) { *
> > * *
> > *                event.preventDefault(); *
> > *
> > *
> > *                if ( ! confirm( 'Are you sure you want to continue' ) )
> *
> > *                        return; *
> > *
> > *
> > * var $button = $(this);*
> > * var nonce = $( this ).attr('data-nonce');*
> > *                **                **var rowID = $( this
> ).attr('value'); *
> > * var file = $( this ).attr('file'); *
> > * *
> > * $button.closest("tr").css('background-color', '#C60').fadeIn();*
> > * *
> > *
> > *
> > *                var data = { *
> > *                        'action': 'my_delete_row_action', *
> > *                        'id': rowID,*
> > * 'file': file*
> > *                } *
> > *
> > *
> > *                $.post( *
> > *                        ajaxurl, *
> > *                        data,*
> > *                        function ( response ) { *
> > *                                if ( ! response.success ) { *
> > *
> > *
> > *                                        alert( 'Failure!' ); *
> > *                                } *
> > *                                        *
> > * $button.closest("tr").hide();*
> > *                                *
> > *                        } *
> > *                ); *
> > *        }); *
> > *}); *
> > *
> > *
> > *
> > *
> > *
> > *
> > and my remove_row function would function like this?
> >
> > *function my_delete_row_action() {*
> > * global $wpdb;*
> > *
> > *
> > * if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file
> )
> > ) {*
> > *    exit( 'Cheatin, huh?' );*
> > *}*
> > *
> > *
> > * $id = $_POST['id'];*
> > * $file = $_POST['file'];*
> >
> > seems to fail regardless if I change an item or not.
> >
> >
> > On Sat, Oct 19, 2013 at 11:16 AM, Nikola Nikolov <nikolov.tmw at gmail.com
> > >wrote:
> >
> > > So something like this is what you should use instead:
> > >
> > > <button type="submit" name="deleteItem" value="<?php echo $row['id'];
> ?>"
> > > file="<?php echo $row['file']; ?>" data-nonce="<?php echo
> > wp_create_nonce(
> > > 'delete_' . $row['id'] . '_' . $row['file'] ); ?>"
> > class="delete-box"><span
> > > class="glyphicon glyphicon-remove"></span></button>
> > >
> > > You would have to add the value of the data-nonce attribute to your
> AJAX
> > > request(in the below example it's value is set to the 'nonce'
> parameter)
> > > and then on the PHP side of the request, you should do this:
> > >
> > > if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file
> )
> > )
> > > {
> > >     exit( 'Cheatin, huh?' );
> > > }
> > >
> > > This way if someone changes the value of the file OR "value"
> attributes,
> > > they won't be able to delete the item they were trying to delete.
> > >
> > >
> > > On Sat, Oct 19, 2013 at 8:56 PM, J.D. Grimes <jdg at codesymphony.co>
> > wrote:
> > >
> > > > Yes, you should be using nonces -
> > > > http://codex.wordpress.org/WordPress_Nonces
> > > >
> > > > On Oct 19, 2013, at 1:53 PM, Gregory Lancaster <
> > > greglancaster71 at gmail.com>
> > > > wrote:
> > > >
> > > > > Yep, I had to add true.  So all this is executing based on the
> values
> > > of
> > > > > this button:
> > > > > <button type="submit" name="deleteItem" value="<?php echo
> $row['id'];
> > > ?>"
> > > > > file="<?php echo $row['file']; ?>" class="delete-box"><span
> > > > > class="glyphicon glyphicon-remove"></span></button>
> > > > >
> > > > > But couldnt someone just change the values of the fileid or rowid
> and
> > > > > delete other peoples content?
> > > > >
> > > > >
> > > > > On Sat, Oct 19, 2013 at 10:40 AM, J.D. Grimes <jdg at codesymphony.co
> >
> > > > wrote:
> > > > >
> > > > >> Hey man, that's tough. I'm glad you've got the code working
> though.
> > > > >>
> > > > >>> I finally got JDs code working but I have to place this in my
> > > functions
> > > > >> for
> > > > >>> ajax to work:
> > > > >>>
> > > > >>> add_action('wp_head','custom_head');
> > > > >>>
> > > > >>> function custom_head()
> > > > >>> {
> > > > >>>      echo '';
> > > > >>> }
> > > > >>>
> > > > >>>
> > > > >>> Is that alright?  Otherwise I get ajaxurl undefined error.
> > > > >>
> > > > >> I'm not sure why this would have an effect… If you are using the
> > code
> > > on
> > > > >> the front end of your site, ajaxurl won't be defined - it is only
> > > > defined
> > > > >> by default in the administration panels. You would need to use
> > > > >> wp_localize_script().
> > > > >>
> > > > >>> Additionally, the json response works too! However one query
> always
> > > > >> fails.
> > > > >>>
> > > > >>> $file = $_POST['file'];
> > > > >>> $del_image = wp_delete_attachment( $row['file'] ); - fail
> > > > >>>
> > > > >>> I also tried this as an sql query:
> > > > >>>
> > > > >>> $file = $_POST['file'];
> > > > >>> $fileQry = $wpdb->prepare("DELETE FROM wp_posts WHERE id = %s",
> > > $file);
> > > > >>> $go_fileQry = $wpdb->query($fileQry);
> > > > >>>
> > > > >>> It still fails.  It IS possible to run multiple queries this way
> > > right?
> > > > >>
> > > > >> Is it completely failing? The wp_delete_attachment() call will
> only
> > > move
> > > > >> the attachment to the trash by default -if you want to delete it
> > > > >> permanently you need to set the second parameter to true.
> > > > >>
> > > > >> -J.D.
> > > > >> _______________________________________________
> > > > >> wp-hackers mailing list
> > > > >> wp-hackers at lists.automattic.com
> > > > >> http://lists.automattic.com/mailman/listinfo/wp-hackers
> > > > >>
> > > > > _______________________________________________
> > > > > wp-hackers mailing list
> > > > > wp-hackers at lists.automattic.com
> > > > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > > >
> > > > _______________________________________________
> > > > wp-hackers mailing list
> > > > wp-hackers at lists.automattic.com
> > > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > > >
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> > >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list