- Edited
While running this script in php 8.0 I receive no errors however in php 8.2 I receive a blank alert window after attempting to delete a record. and the delete query within the 'recordToDelete' elseif conditional below isn't removing the record. The issues appears to be somewhere within the second conditional where the post variable recordToDelete exists.
The other delete queries under the other conditional statements are working with their own respective post variables. I had checked the whole script for deprecated functions however I'm not seeing anything? Again it works in 8.0 but not above.
<?php session_start();
//db connect script
function getSlug($text)
{
$text = preg_replace('~[^\\pL\d]+~u', '-', $text);
$text = trim($text, '-');
$text = iconv('utf-8', 'us-ascii//TRANSLIT', $text);
$text = strtolower($text);
$text = preg_replace('~[^-\w]+~', '', $text);
if (empty($text)) {
return 'n-a';
}
return $text;
}
if (isset($_POST["content_txt"]) && strlen($_POST["content_txt"]) > 0) { //check $_POST["content_txt"] is not empty
//sanitize post value, PHP filter FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH Strip tags, encode special characters.
$contentToSave = filter_var($_POST["content_txt"], FILTER_SANITIZE_NUMBER_INT);
$slug = preg_replace('/[^A-Za-z0-9-]+/', '-', $contentToSave);
// Insert sanitize string in record
$insert_row = $mysqli ->query("INSERT INTO steam_lessons (idmember, title, slug, lessontype, cat, subject, visible, price) VALUES('" . $_SESSION["memberid"] . "','" . $contentToSave . "','" . getSlug($contentToSave) . "','" . $_POST["lessontype"] . "','" . $_POST["cat"] . "','" . $_POST["subject"] . "',1,'" . $_POST["pricequick1"] . "')");
if ($insert_row) {
//Record was successfully inserted, respond result back to index page
$my_id = $mysqli->insert_id; //Get ID of last inserted row from MySQL
$q3 = "select * from steam_lessons WHERE lessonid = " . $my_id . "";
$r3 = mysqli_query($con, $q3) or die(mysqli_error());
$a3 = mysqli_fetch_array($r3);
echo '<ul><li style="list-style-type: none;" id="item_' . $my_id . '">';
echo
'<div style="background-color: #DEE6DB; padding: 15px; border-top: 2px solid white; display: block; position: relative; height: auto;">';
echo
"<span style=\"margin-bottem: 10px; font-size:1.3em;\"><a href=\"lesson-plans.php?lessonplans=" . $a3['lessonid'] . "&slug=" . $a3['slug'] . "\"><b>" . $a3['title'] . "</b></a> | <a href=\"lesson-plans.php?lessonplans=" . $my_id . "&slug=" . $a3['slug'] . "&mode=edit\"><b>Edit</b></a> |<a href=\"#\" class=\"del_button\" id=\"del-" . $my_id . "\">Delete</a></span><br>";
echo '<div class="group">
<div class="left">';
if ($a3["imagelesson"] != "") {
echo '<img src="images/large/' . $a3["imagelesson"] . '">';
} else {
echo '<img src="images/lessonplans.jpg">';
}
echo '</div>';
echo '';
echo $contentToSave . '</li></ul>';
$mysqli->close(); //close db connection
} else {
//header('HTTP/1.1 500 '.mysqli_error()); //display sql errors.. must not output sql errors in live mode.
//header('HTTP/1.1 500 Looks like mysql error, could not insert record!');
exit();
}
} elseif (isset($_POST["recordToDelete"]) && strlen($_POST["recordToDelete"]) > 0
&& is_numeric($_POST["recordToDelete"])) {
//do we have a delete request? $_POST["recordToDelete"]
//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
$idToDelete = filter_var($_POST["recordToDelete"], FILTER_SANITIZE_NUMBER_INT);
//delete raw lesson image file
$sqlz =
"SELECT lessonid, imagelesson, video, zipfile FROM steam_lessons WHERE lessonid = " . $idToDelete . "";
$result = $mysqli->query($sqlz);
$root = str_replace('\\', '/', $_SERVER['DOCUMENT_ROOT']);
while ($rowx = $result->fetch_array(MYSQLI_ASSOC)) {
unlink('' . $root . '/images/thumbs/' . $rowx['imagelesson'] . '');
unlink('' . $root . '/images/large/' . $rowx['imagelesson'] . '');
unlink('' . $root . '/images/large/' . $rowx['video'] . '');
unlink('' . $root . '/zips/' . $rowx['zipfile'] . '');
}
//delete all raw upload files from directory
$sql = "SELECT idlesson, filename FROM steam_downloads WHERE idlesson = " . $idToDelete . "";
$resultx = $mysqli->query($sql);
while ($a1 = $resultx->fetch_array(MYSQLI_ASSOC)) {
unlink('' . $root . '/uploads/' . $a1['filename'] . '');
}
//delete all db entries of uploads
$result2 = mysqli_query($con, $sql);
$a2 = mysqli_fetch_assoc($result2);
$query = "DELETE FROM steam_downloads WHERE idlesson=" . $a2['idlesson'] . "";
mysqli_query($con, $query);
//try deleting record using the record ID we received from POST
$delete_row = $mysqli->query("DELETE FROM steam_lessons WHERE lessonid=" . $idToDelete);
$delete_row2 = $mysqli->query("DELETE FROM steam_lessons_shared WHERE idlesson=" . $idToDelete);
//$delete_row3 = $mysqli->query("DELETE FROM steam_lessons_saved WHERE idlesson=" . $idToDelete);
if (!$delete_row) {
//If mysql delete query was unsuccessful, output error
// header('HTTP/1.1 500 Could not delete record!');
exit();
}
$mysqli->close(); //close db connection
$con->close(); //close db connection
} elseif (isset($_POST["recordToDeletex"]) && strlen($_POST["recordToDeletex"]) > 0
&& is_numeric($_POST["recordToDeletex"])) {
//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
$idToDelete =
filter_var($_POST["recordToDeletex"], FILTER_SANITIZE_NUMBER_INT);
//try deleting record using the record ID we received from POST
$delete_row = $mysqli->query("DELETE FROM steam_lessons_shared WHERE idlesson=" . $idToDelete);
$mysqli->close(); //close db connection
} elseif (isset($_POST["recordToDeletey"]) && strlen($_POST["recordToDeletey"]) > 0
&& is_numeric($_POST["recordToDeletey"])) {
//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
$idToDelete =
filter_var($_POST["recordToDeletey"], FILTER_SANITIZE_NUMBER_INT);
//try deleting record using the record ID we received from POST
$delete_row = $mysqli->query("DELETE FROM order_item WHERE order_plan=" . $idToDelete);
$mysqli->close(); //close db connection
} elseif (isset($_GET["approve"]) && strlen($_POST["recordToDelete"]) > 0 &&
is_numeric($_POST["recordToDelete"])) {
//do we have a delete request? $_POST["recordToDelete"]
//sanitize post value, PHP filter FILTER_SANITIZE_NUMBER_INT removes all characters except digits, plus and minus sign.
$idToDelete = filter_var($_POST["recordToDelete"], FILTER_SANITIZE_NUMBER_INT);
//try deleting record using the record ID we received from POST
$delete_row = $mysqli->query("UPDATE steam_lessons SET visible = 1 WHERE lessonid=" . $idToDelete);
echo $delete_row;
//die();
if (!$delete_row) {
//If mysql delete query was unsuccessful, output error
//header('HTTP/1.1 500 Could not delete record!');
exit();
}
$mysqli->close(); //close db connection
} else {
//Output error
//header('HTTP/1.1 500 Error occurred, Could not process request!');
//exit();
}
?>
