Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>There are several issues with your code...</p> <ul> <li><code>element.attr("id")</code> references undeclared <code>element</code> but this should probably be <code>$(this).attr("id")</code></li> <li>The <code>&lt;li&gt;</code> block has no class ".record" either</li> <li><strong>EDIT</strong>: You only fade your <code>&lt;li&gt;</code> but do not actually remove it from the DOM (don't know if this was deliberate though)</li> <li>The <code>&lt;a&gt;</code>'s ID is not quoted (and not escaped either... as are the other strings you insert in PHP <strong>(EDIT)</strong> and the ID you use in your delete script - this is very dangerous as it allows cross-site scripting / XSS and SQL injection as <a href="https://stackoverflow.com/users/242641/toxik">TokIk</a> already pointed out)</li> </ul> <p>PHP:</p> <pre><code>echo '&lt;li class="record"&gt; &lt;a href="nano.com/'.htmlentities($username).'"&gt;&lt;img class="avatar" src="images/'.htmlentities($picture).'" width="48" height="48" alt="avatar" /&gt;&lt;/a&gt; &lt;div class="tweetTxt"&gt; &lt;strong&gt;&lt;a href="nano.com/'.htmlentities($username).'"&gt;'.htmlentities($username).'&lt;/a&gt;&lt;/strong&gt; '.htmlentities($auto).' &lt;div class="date"&gt;'.htmlentities($rel).'&lt;/div&gt;'.htmlentities($reply_info).'&lt;div class="date"&gt;&lt;/div&gt; &lt;a class="delbutton" href="#" id="'.htmlentities($id).'"&gt; Delete &lt;/a&gt; &lt;/div&gt; &lt;div class="clear"&gt;&lt;/div&gt; &lt;/li&gt;'; </code></pre> <p>JavaScript:</p> <pre><code>$(document).ready(function() { $(".delbutton").click(function(){ var del_id = $(this).attr("id"); var info = 'id=' + del_id; if(confirm("Sure you want to delete this update? There is NO undo!")) { $.ajax({ type: "POST", url: "delete.php", data: info, success: function(){ alert('success'); }, error: function(){ alert('error'); } }); $(this).parents(".record").animate({ backgroundColor: "#fbc7c7" }, "fast") .animate({ opacity: "hide" }, "slow"); } return false; }); }); </code></pre> <p><strong>EDIT</strong>: Delete script (note the additional error check that <code>$_POST['id']</code> exists and the pseudo-function for quoting the ID):</p> <pre><code>&lt;?php include("includes/connect.php"); if( isset($_POST['id']) ) { $id = quote($_POST['id']); $sql = "delete from {$prefix}notes where id='$id'"; mysql_query( $sql); } ?&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload