How to delete records from DB using $_POST method

[eluser]sdotsen[/eluser]
I've been using $_GET and taking the URI segment to delete records from the DB. Yea, bad move so I'm in the process of rewriting my code. However, without using checkboxes and passing the values into an array, how would I go about clicking on a "Delete" link and passing the value to my controller so that the model deletes the correct record?

I found one method but I don't think it's ideal. It requires some JS and a loop with the display code within <form>...</form>. Is there a better way?

Code:

<?php foreach($records as $record): ?>
    <form method="POST" name="myform<?php echo $record->id;?>" action="/location/delete">
    <a >id;?&gt;">View</a> <a href="#">id;?&gt;.submit();">Delete</a>
    <br />
    &lt;input type="hidden" name="location_id" value="&lt;?php echo $record-&gt;id;?&gt;">
    &lt;/form&gt;
&lt;?php endforeach ?&gt;

[eluser]Flemming[/eluser]
it might help if we knew a bit of context here.

If you need to use $_POST then it's going to have to be with a form or with ajax/jQuery

[eluser]sdotsen[/eluser]
Sorry, well let's say someone disables JS entirely. My userbase probably wouldn't know how anyways but you never know, right? Basically I will have a table filled w/ rows of data pulled from the DB. Each row has a View and Delete link. If a user wants to delete a record, clicking the "Delete" link would trigger a deletion from the DB. I was able to get this working by fetching the location_id via $_GET w/ $this->uri->segment(3) but that's not ideal since a user can delete via a URL. I was able to get it working by defining <form> within the loop, it works but I'm sure there's a better way.

And yes, I plan on using Ajax or JS confirmation anyways.

[eluser]Flemming[/eluser]
thanks for the explanation!

hmmm... I presume then that your users are not having to log in, so you have no way of granting them access to specific records only?

[eluser]sdotsen[/eluser]
Of course they do, sorry let me back up a bit. This application has an authentication system and what not. I am checking to make sure the record is own by the user and they only see their record. I just want to avoid cross site attacks. Maybe I'm blowing things out of proportion but I can (and will) add a layer of JS to make them confirm the deletion.

Remember, if I hit http://domain.com/location/delete/100, I'll be able to delete the record IF I own the record.

[eluser]Boris Strahija[/eluser]
Maybe you should build a confirmation page at http://domain.com/location/delete/100
This page would then contain a form with a hidden field of the record ID, and the confirmation button would submit the form.
You can check if the request came via ajax, and if it's ajax just skip this confimation and do it all with JS.

[eluser]Flemming[/eluser]
ahh ok! so, perhaps you can store an array of IDs that the user is allowed to delete, into a session variable. When your delete method is called you can check that the ID being passed to it is in the array stored in session. If it's not, redirect to a 'you are being naughty!' page?

[eluser]Cristian Gilè[/eluser]
view:

Code:

<form method="POST" name="myform" action="/location/delete">

    <?php foreach($records as $record): ?>

       <input type="image" name="delete" value="<?=$record->id?>" src="path/to/your/delete_image" />  

    <?php endforeach; ?>

</form>

controller: (location/delete)

Code:

function delete()
{
     if(empty($_POST))
     {
        //redirect if no var was post
     }
    
     if($id = $this->input->post('delete'))
     {
         //delete entry in the database
     }

     ....
     ....
}

Cristian Gilè

[eluser]sdotsen[/eluser]
[quote author="Cristian Gilè" date="1296078707"]view:

Code:

<form method="POST" name="myform" action="/location/delete">

    <?php foreach($records as $record): ?>

       <input type="image" name="delete" value="<?=$record->id?>" src="path/to/your/delete_image" />  

    <?php endforeach; ?>

</form>

controller: (location/delete)

Code:

function delete()
{
     if(empty($_POST))
     {
        //redirect if no var was post
     }
    
     if($id = $this->input->post('delete'))
     {
         //delete entry in the database
     }

     ....
     ....
}

Cristian Gilè[/quote]

Is it possible to have text link rather than an image?

[eluser]Cristian Gilè[/eluser]
HTML does not directly support such a feature. You need javascript. Try something like this:

delete link in the view:

Code:

<a href="#" class="delete" value="&lt;?=$record-&gt;id?&gt;">delete</a>

javascript code:

Code:

$(document).ready(function()
{
      $(".delete").live('click', function(e)
      {
        e.preventDefault();

        var record_id = $(this).attr('value');

        $.ajax({  
             type: "POST",  
             url: "<?php echo site_url('location/delete');?>",  
             data: "delete="+ record_id,
             dataType: 'json',  
             success: function(res){  
                  var obj = eval(res);
                  alert(obj.message);
             }
         });  
      });    
});

In your controller, after a successful delete operation, return a json var like this:

in your controller: (location/delete)

Code:

function delete()
{
     if(empty($_POST))
     {
        //redirect if no var was post
     }
    
     if($id = $this->input->post('delete'))
     {
         //if delete was successful
         $data['message'] = 'Record '.$id.' was deleted successfully';
         //else
         $data['message'] = 'An error occurred during the delete operation';

         echo json_encode($data)
     }

     ....
     ....
}

Cristian Gilè