AJAX request(delete a comment)

Question

I'm trying to delete a mysql record with javascript but I fail.

So this is my js function

function delpost(id){
    if(confirm('Are you sure?')){
        $('#comment_'+id).hide();
        http.open("get","/index.php?p=delcomment&id=" + id, true);
        http.send();
    }
}

And this is my delcomment.php(included through index.php)

$comment_id = $_GET['id'];

if(logged() && $status=="administrator"){
    $delquery = mysql_query("DELETE FROM comments WHERE id='$comment_id' LIMIT 1");
    die();
}else{
    die();
}

I hope you can help me with this :)

"I fail" is not enough to go on. What happens? Does the AJAX call get made? Is there an error shown anywhere? etc. — dkamins, May 20 '11 at 00:20
also, you should not be using the HTTP GET request to delete something. please refer to the following link for the reason: http://stackoverflow.com/questions/715335/get-vs-post-in-ajax — clyc, May 20 '11 at 00:22
Also, SQL injection - http://stackoverflow.com/questions/601300/what-is-sql-injection — El Yobo, May 20 '11 at 00:24
Are you sure you're logged in as administrator and that you have a mysql database connection? If you have firebug in your browser, it's very useful to select the Net tab & the XHR tab below it. Then, you can see what's happening when you click 'OK' — yitwail, May 20 '11 at 00:27
@Raynos I'm aware of that. But if you're already loading jQuery, IMO, it usually makes sense to make full of the library instead of working with 'raw' XHR. — no.good.at.coding, May 20 '11 at 00:28
@no.goog.at.coding I didnt actually realise that he was using jQuery. Yes he should be using $.ajax — Raynos, May 20 '11 at 00:29
And though I'm actually asking questions to help you narrow down the problem, I'm still very concerned about the things you're not asking about, like SQL injection and XSRF prevention. But we'll get to those later. — quasistoic, May 20 '11 at 00:35
might change die() to die(mysql_error()) so we find out what the problem is. echoing what quasistoic wrote, GET should be used to get data from server, POST should be used to send info to server. — yitwail, May 20 '11 at 00:35
it works when i go to: /index.php?p=delcomment&id=15 but when i click on the link it just hides the comment (DEL) — Dave, May 20 '11 at 00:38
then your http.send isn't working. better use jQuery ajax. like $.post('index.php', {'id':id}) — yitwail, May 20 '11 at 00:41
and in index.php, you'll change $_GET['id'] to $_POST['id'] :) — yitwail, May 20 '11 at 00:48
Try removing "if(logged() && $status=="administrator")" and check if it works. If yes than You have problem with SESSION (not working) , if not than You have problem sending GET request. Do you use firebug ? Any errors ?Can You trace if GET request is send ? — Alan Kuras, May 20 '11 at 05:32

clyc · Accepted Answer · 2011-05-20T05:19:38.353

update: try using

http.send(null)

instead of

http.send()

also, use firebug to see if your ajax request is actually being sent to the server

better solution: (php rusty!)

delcomment.php

$comment_id = $_POST['id'];
$comment_id = mysql_real_escape_string($comment_id);

if(logged() && $status=="administrator"){
    $query = "DELETE FROM comments WHERE id='{$comment_id}'";
    $result = mysql_query($query, $con);
     die();
}else{
    die();
}

using jquery to post (make sure to include the jquery.js), your javascript function should be like this:

function delpost(id){
    if(confirm('Are you sure?')){

        $.ajax({
            type: "POST",
            url: "/index.php",
            data: {p: "delcomment", id: id},
            success: function(){
                $('#comment_'+id).hide();
            },
            error: function(){
                alert('failure');
            }
        });     
    }
}

yeah,i have a db connection and there is no error and it works when i go to: /index.php?p=delcomment&id=15 but when i click on the link it just hides the comment (DEL) — Dave, May 20 '11 at 00:40

AJAX request(delete a comment)

1 Answers1

also, use firebug to see if your ajax request is actually being sent to the server