[wp-hackers] Delete Row - Refreshes Page but not DB

Gregory Lancaster greglancaster71 at gmail.com
Sat Oct 19 20:37:38 UTC 2013


Well it finally all works... and then I tested the user accounts and ajax
is not supported unless I register people as admins.   I know I can add a
user role, but is it possible to give them the ability to use ajax?


On Sat, Oct 19, 2013 at 11:32 AM, Gregory Lancaster <
greglancaster71 at gmail.com> wrote:

> like this?
>
> *jQuery( document ).ready( function( $ ) { *
> *        *
> *        // When a button is clicked within the table with id="mytable" *
> *        $( '#mytable button' ).click( function( event ) { *
> * *
> *                event.preventDefault(); *
> *
> *
> *                if ( ! confirm( 'Are you sure you want to continue' ) ) *
> *                        return; *
> *
> *
> * var $button = $(this);*
> * var nonce = $( this ).attr('data-nonce');*
> *                **                **var rowID = $( this ).attr('value');
> *
> * var file = $( this ).attr('file'); *
> * *
> * $button.closest("tr").css('background-color', '#C60').fadeIn();*
> * *
> *
> *
> *                var data = { *
> *                        'action': 'my_delete_row_action', *
> *                        'id': rowID,*
> * 'file': file*
> *                } *
> *
> *
> *                $.post( *
> *                        ajaxurl, *
> *                        data,*
> *                        function ( response ) { *
> *                                if ( ! response.success ) { *
> *
> *
> *                                        alert( 'Failure!' ); *
> *                                } *
> *                                        *
> * $button.closest("tr").hide();*
> *                                *
> *                        } *
> *                ); *
> *        }); *
> *}); *
> *
> *
> *
> *
> *
> *
> and my remove_row function would function like this?
>
> *function my_delete_row_action() {*
> * global $wpdb;*
> *
> *
> * if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file
> ) ) {*
> *    exit( 'Cheatin, huh?' );*
> *}*
> *
> *
> * $id = $_POST['id'];*
> * $file = $_POST['file'];*
>
> seems to fail regardless if I change an item or not.
>
>
> On Sat, Oct 19, 2013 at 11:16 AM, Nikola Nikolov <nikolov.tmw at gmail.com>wrote:
>
>> So something like this is what you should use instead:
>>
>> <button type="submit" name="deleteItem" value="<?php echo $row['id']; ?>"
>> file="<?php echo $row['file']; ?>" data-nonce="<?php echo wp_create_nonce(
>> 'delete_' . $row['id'] . '_' . $row['file'] ); ?>"
>> class="delete-box"><span
>> class="glyphicon glyphicon-remove"></span></button>
>>
>> You would have to add the value of the data-nonce attribute to your AJAX
>> request(in the below example it's value is set to the 'nonce' parameter)
>> and then on the PHP side of the request, you should do this:
>>
>> if ( ! wp_verify_nonce( $_POST['nonce'], 'delete_' . $id . '_' . $file )
>> ) {
>>     exit( 'Cheatin, huh?' );
>> }
>>
>> This way if someone changes the value of the file OR "value" attributes,
>> they won't be able to delete the item they were trying to delete.
>>
>>
>> On Sat, Oct 19, 2013 at 8:56 PM, J.D. Grimes <jdg at codesymphony.co> wrote:
>>
>> > Yes, you should be using nonces -
>> > http://codex.wordpress.org/WordPress_Nonces
>> >
>> > On Oct 19, 2013, at 1:53 PM, Gregory Lancaster <
>> greglancaster71 at gmail.com>
>> > wrote:
>> >
>> > > Yep, I had to add true.  So all this is executing based on the values
>> of
>> > > this button:
>> > > <button type="submit" name="deleteItem" value="<?php echo $row['id'];
>> ?>"
>> > > file="<?php echo $row['file']; ?>" class="delete-box"><span
>> > > class="glyphicon glyphicon-remove"></span></button>
>> > >
>> > > But couldnt someone just change the values of the fileid or rowid and
>> > > delete other peoples content?
>> > >
>> > >
>> > > On Sat, Oct 19, 2013 at 10:40 AM, J.D. Grimes <jdg at codesymphony.co>
>> > wrote:
>> > >
>> > >> Hey man, that's tough. I'm glad you've got the code working though.
>> > >>
>> > >>> I finally got JDs code working but I have to place this in my
>> functions
>> > >> for
>> > >>> ajax to work:
>> > >>>
>> > >>> add_action('wp_head','custom_head');
>> > >>>
>> > >>> function custom_head()
>> > >>> {
>> > >>>      echo '';
>> > >>> }
>> > >>>
>> > >>>
>> > >>> Is that alright?  Otherwise I get ajaxurl undefined error.
>> > >>
>> > >> I'm not sure why this would have an effect… If you are using the
>> code on
>> > >> the front end of your site, ajaxurl won't be defined - it is only
>> > defined
>> > >> by default in the administration panels. You would need to use
>> > >> wp_localize_script().
>> > >>
>> > >>> Additionally, the json response works too! However one query always
>> > >> fails.
>> > >>>
>> > >>> $file = $_POST['file'];
>> > >>> $del_image = wp_delete_attachment( $row['file'] ); - fail
>> > >>>
>> > >>> I also tried this as an sql query:
>> > >>>
>> > >>> $file = $_POST['file'];
>> > >>> $fileQry = $wpdb->prepare("DELETE FROM wp_posts WHERE id = %s",
>> $file);
>> > >>> $go_fileQry = $wpdb->query($fileQry);
>> > >>>
>> > >>> It still fails.  It IS possible to run multiple queries this way
>> right?
>> > >>
>> > >> Is it completely failing? The wp_delete_attachment() call will only
>> move
>> > >> the attachment to the trash by default -if you want to delete it
>> > >> permanently you need to set the second parameter to true.
>> > >>
>> > >> -J.D.
>> > >> _______________________________________________
>> > >> wp-hackers mailing list
>> > >> wp-hackers at lists.automattic.com
>> > >> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> > >>
>> > > _______________________________________________
>> > > wp-hackers mailing list
>> > > wp-hackers at lists.automattic.com
>> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
>> >
>> > _______________________________________________
>> > wp-hackers mailing list
>> > wp-hackers at lists.automattic.com
>> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>> >
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>
>


More information about the wp-hackers mailing list