Home/ Questions/Q 6109353
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T14:23:42+00:00

Im looking for the best, safest way to delete values from a table for

  • 0

Im looking for the best, safest way to delete values from a table for the current, logged in user.

I have a query on my page which grabs all interests for a user and display them as such

<?php 
print $interest1 . "<a href='del-interest.php'>Delete</a><br />";
print $interest2 . "<a href='del-interest.php'>Delete</a><br />";
print $interest3 . "<a href='del-interest.php'>Delete</a><br />";
?>

I want to add a delete function (Which I’ve never done before) so that when a user clicks delete the corresponding row is removed from the table, my only concern is, if i use POST/GET methods to pass the data some users may maliciously alter the data being posted and delete all kinds of stuff, Sorry if this isnt too clear, what im asking is whats the best, safest way to do this?

Sorry if this doesnt make sense im trying my best to learn PHP, but, Would the following work?

<?php 
print $interest1 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest1."' name='int1' id='int1'/></form><br />";
print $interest2 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest2."' name='int2' id='int2'/></form><br />";
print $interest3 . "<form method='post' action='delete-interest.php'><input type='hidden' value='".$interest3."' name='int3' id='int3'/></form><br />";
?>

and then on delete-interst.php I had…

if(isset($_POST['int1'])) { 
    $interest = $_POST['int1']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
}
elseif(isset($_POST['int2'])) {
    $interest = $_POST['int2']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
} 
elseif(isset($_POST['int3'])) {
    $interest = $_POST['int3']; 
    mysql_query = DELETE $interest FROM user_interests WHERE user_id = users sesson id;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    For a start do not use an <a> tag as this will send a GET request which is extremely bad form.

    Snippet from w3.org

    …the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval.

    Therefore you should be using a form normally using the POST method if you was following RESTful conventions you would use DELETE (but most browsers don’t support this, so you would have to simulate this).

    As @OMG ponies stated you will need to have the information of the unique identifier (primary key) available so you know which row to delete.

    As @henasraf stated you should validate that the user sending the request is in fact logged in and has permissions to delete his data. You mentioned the interests are linked to users therefore you just verify that the user is logged in and is only trying to delete there data.

    • 0