5 Replies - 246 Views - Last Post: 16 July 2013 - 10:38 AM Rate Topic: -----

#1 qtheninja  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 24
  • Joined: 24-May 13

Problem with translating a tutorial and altering it

Posted 16 July 2013 - 05:52 AM

As a newbie to programming I have been using some tutorials that I've really enjoyed. I've used codeoftheninja's tutorial to help do a lot of different things but I'm having problems translating this into a new area. I have a roleplaying site that the characters will have multiple advantages. I want the game masters to be able to delete, edit and add (crud).

The tables look something like this:

player_advantage
characterid | advantageid

advantages
aid (pk)| name | description | cost


I was working on delete first and was using the following code.


<?php


//check if an action was set, we use GET this time since we get the action data from the url
isset($_GET['action']) ? $action=$_GET['action'] : $action="";
    
if($action=='delete'){ //if the user clicked ok, run our delete query
    
    $sql = "DELETE FROM playeradvantage WHERE advantageid = {$_GET['advantageid']}";
    if(mysqli_query($sql)){
        //this will be displayed when the query was successful
        echo "<div>Record was deleted.</div>";
    }else{
        die("SQL: ".$sql." >> ".mysqli_error());
    }
}
      
//selecting records
$sql="SELECT advantages.name, advantages.description, advantages.cost, player_advantage.characterid, player_advantage.advantage.id from advantages,player_advantage WHERE
 advantages.aid = player_advantage.advantageid AND characterid = '".$mysqli->real_escape_string($_REQUEST['id'])."'";

//query the database
$rs=mysqli_query($mysqli,$sql) or die($sql.">>".mysqli_error());

//count how many records found
$num=mysqli_num_rows($rs);

if($num>0){ //check if more than 0 record found

    echo "<table border='1'>";//start table
  
        //creating our table heading
        echo "<tr>";
            echo "<th>Name</th>";
            echo "<th>Description</th>";
            echo "<th>Cost</th>";
            echo "<th>Action</th>"; //we're gonna add this column for delete action
        echo "</tr>";
      
        //retrieve our table contents
        while($row=mysqli_fetch_array($rs)){
            //extract row
            //this will make $row['firstname'] to
            //just $firstname only
            extract($row);
          
            //creating new table row per record
            echo "<tr>";
                echo "<td>{$name}</td>";
                echo "<td>{$description}</td>";
                echo "<td>{$cost}</td>";
				echo "<td><input type='hidden' name='{$advantageid}' /></td>";
				
                //we will have the delete link here, you can also put your edit link here, but for this tutorial we will just include the delete link
                echo "<td>";
                    echo "<a href='#' onclick='delete_user( {$advantageid} );'>Delete</a>";
                echo "</td>";
            echo "</tr>";
        }
    echo "</table>";//end table
  
}else{ //if no records found
    echo "No records found.";
}
?>

<script type='text/javascript'>
    
    function delete_user( advantageid ){
        //this script helps us to
        
        var answer = confirm('Are you sure?');
        if ( answer ){ //if user clicked ok
            //redirect to url with action as delete and id to the record to be deleted
            window.location = 'index.php?action=delete&id=' + advantageid;
        } 
    }




I do not fully understand exactly the error I am making but I'm guessing it has something to do with the url-- as you delete 'id' and id is in the url. I have gotten it to work but only by deleting the character (makes sense as it's deleting id on the main page.)

I am looking to have it so that a GM can delete something, it says are you sure and then it refreshes back onto the character sheet they were working on. The current code brings it back to the main index of all of the characters and does not delete.

Do I need to alter the url? (I've attempted and nothing good has come of it)
Or change how the code sees the id? The tutorial was originally designed for user id and so I attempted to modify it. I also have several more similar processes (skills, disadvantages so on)

Is This A Good Question/Topic? 0
  • +

Replies To: Problem with translating a tutorial and altering it

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2911
  • View blog
  • Posts: 10,083
  • Joined: 08-August 08

Re: Problem with translating a tutorial and altering it

Posted 16 July 2013 - 06:32 AM

What's a GM? If that is some one authorized to delete then you need to verify that they are a GM and that they have chosen to delete a record.

By the way, your query is open to SQL injection. See this topic.
Was This Post Helpful? 1
  • +
  • -

#3 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3515
  • View blog
  • Posts: 10,140
  • Joined: 08-June 10

Re: Problem with translating a tutorial and altering it

Posted 16 July 2013 - 07:15 AM

the code as posted shouldn’t work at all:
  • no MySQLi instantiation
  • line #9, typo in the table name (playeradvantage vs. player_advantage)
  • line #9, there is no advantageid in your GET
  • line #10, mysqli_query() requires (at least) 2 parameters
  • line #14 & #23, mysqli_error() requires 1 parameter
  • line #20, $_REQUEST['id'] is not necessarily the same as $_GET['id']
  • line #43ff, have you tested that assumption? the column names are usually as defined in the query, if using a join this usually includes the dot notation as well.
  • line #56, no need to mis-use a link for that, just use a <span>


minor point, the usage of the ternary operator is wrong.
variable = <condition> ? <true_value> : <false_value>;


View PostCTphpnwb, on 16 July 2013 - 03:32 PM, said:

What's a GM?

Game Master

This post has been edited by Dormilich: 16 July 2013 - 07:58 AM

Was This Post Helpful? 1
  • +
  • -

#4 qtheninja  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 24
  • Joined: 24-May 13

Re: Problem with translating a tutorial and altering it

Posted 16 July 2013 - 08:58 AM

Currently there are no limits on who can delete this yet as I wanted to make sure the initial code worked so that isn't a problem. i.e. anyone can delete an attribute in the testing phase.

Quote

no MySQLi instantiation

This is apart of a larger page that pulls other items and so the mysqli connection is not apart of this code. I added it just in case I closed the connection higher and it doesn't look like it.

Quote

line #9, typo in the table name (playeradvantage vs. player_advantage)


noted: Fixed it

Quote

line #9, there is no advantageid in your GET


Would it be easier to use a post and have a populating form instead? As I'm having trouble understanding how GET works then (at least with what I've experimented with)


Quote

line #10, mysqli_query() requires (at least) 2 parameters
line #14 & #23, mysqli_error() requires 1 parameter


I fixed both of those by putting them inside

Quote

line #43ff, have you tested that assumption? the column names are usually as defined in the query, if using a join this usually includes the dot notation as well.


If I'm understanding you right-- I am able to update rows/columns using this method with a join. Are you suggesting then that with a join it should be player_advantage.advantageid to get the column advantageid from table player_advantage?

line #56, no need to mis-use a link for that, just use a <span>


I was worried about this as I was a 100% sure what exactly I was doing when I put this into play but I've removed it and just using # as I want it to refresh the current page it is on.
Was This Post Helpful? 0
  • +
  • -

#5 qtheninja  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 24
  • Joined: 24-May 13

Re: Problem with translating a tutorial and altering it

Posted 16 July 2013 - 09:22 AM

My current code changes now "delete" everything and the query doesn't refresh with them but there are no changes in the db.

<?php

//include database connection
include '../../../includes/db_connect.php';
//check if an action was set, we use GET this time since we get the action data from the url
isset($_GET['action']) ? $action=$_GET['action'] : $action="";
    
if($action=='delete'){ //if the user clicked ok, run our delete query
    
    $sql = "DELETE FROM player_advantage WHERE advantageid = '".$mysqli->real_escape_string($_REQUEST['advantageid'])."' ";
    if($rs){
        //this will be displayed when the query was successful
        echo "<div>Record was deleted.</div>";
    }else{
        die("SQL: ".$sql." >> ".mysqli_error($mysqli));
    }
}
      
//selecting records
$sql="SELECT advantages.*, player_advantage.* from advantages,player_advantage WHERE
 advantages.aid = player_advantage.advantageid AND characterid = '".$mysqli->real_escape_string($_REQUEST['id'])."'";

//query the database
$rs=mysqli_query($mysqli,$sql) or die($sql.">>".mysqli_error($mysqli));

//count how many records found
$num=mysqli_num_rows($rs);

if($num>0){ //check if more than 0 record found

    echo "<table border='1'>";//start table
  
        //creating our table heading
        echo "<tr>";
            echo "<th>Name</th>";
            echo "<th>Description</th>";
            echo "<th>Cost</th>";
            echo "<th>Action</th>"; //we're gonna add this column for delete action
        echo "</tr>";
      
        //retrieve our table contents
        while($row=mysqli_fetch_array($rs)){
            //extract row
            //this will make $row['firstname'] to
            //just $firstname only
            extract($row);
          
            //creating new table row per record
			
            echo "<tr>";
                echo "<td>{$name}</td>";
                echo "<td>{$description}</td>";
                echo "<td>{$cost}</td>";
				echo "<td><input type='hidden' name='{$advantageid}' /></td>";
				
                //we will have the delete link here, you can also put your edit link here, but for this tutorial we will just include the delete link
                echo "<td>";
				
		echo "<td><a href='deleteadvantage.php?id={player_advantage.advantageid}'>Delete</a></td></tr>";
                echo "</td>";
            echo "</tr>";
        }
    echo "</table>";//end table
  
}else{ //if no records found
    echo "No records found.";
}
?>

Was This Post Helpful? 0
  • +
  • -

#6 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3515
  • View blog
  • Posts: 10,140
  • Joined: 08-June 10

Re: Problem with translating a tutorial and altering it

Posted 16 July 2013 - 10:38 AM

Quote

Would it be easier to use a post and have a populating form instead?

if you donít pass an advantageid parameter to your request, you canít fetch it in PHP (neither with $_POST nor $_GET). the only parameters you were passing were action and id.

Quote

If I'm understanding you right-- I am able to update rows/columns using this method with a join.

nope. never said anything like that.


Quote

Are you suggesting then that with a join it should be player_advantage.advantageid to get the column advantageid from table player_advantage?

yepp. to make sure just dump $row (var_dump($row)).
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1