Grow your CSS skills. Land your dream job.

CMS problem

  • # February 16, 2013 at 2:45 pm

    I have this cms : http://css-tricks.com/php-for-beginners-building-your-first-simple-cms/

    And i want to create a delete function for the entrys can anyone help me?

    # February 17, 2013 at 9:29 am

    First of all, I would really strongly advise against using this CMS. I can almost guarantee that it doesn’t have the usage of something larger like [Drupal](http://www.drupal.org “Drupal”) or [WordPress](http://wordpress.org). This means you’re leaving your site far more open to security breaches than you would be with a more widely used system – I know that Drupal for instance has a large and very skilled community entirety focussed on finding vulnerabilities and fixing them. Quite apart from security, all these systems will have some “plug and play” architecture for adding functionality like this.

    Indeed the very author of that post provided the same causation:

    > This code is written for demonstration purposes only. Several security holes have been pointed out in the comments, which I have addressed in Part Two of this tutorial series Editor’s note: There is no part two of this series anymore. Jason recommends his book PHP for Absolute Beginners as a resource for best practices. Still, I would strongly advise not using it for production websites without further testing.

    To answer your original question, you are going to want to add a method to the class that takes a parameter of the post ID to be deleted and runs an SQL query to delete the row in the post table that has the same primary key as the one passed in when the method was called.

    public function remove_entry($p) {

    $query = “DELETE * FROM posts WHERE id=$p”;
    $result = mysql_query($query);

    if(!$result) {
    echo “You’re data wasn’t removed for some reason”;
    } else {
    echo “data was removed”;
    }
    }

    In order to make use of that, you would then have to call it somewhere where the class file is already included. You also need somehow to be able to get the ID of the post to be deleted into the function when you run it. One easy way to do that is to have an administration screen that pulls the post data and feeds it in to the query string of a “delete” link. So, when the user clicks the link beside any given post they are taken to the delete.php but with the information of the content to be deleted (based on the post’s ID in the database). This could result in a link like:

    Delete post 1

    The deletion script would than have to be ready to figure out the id of the post to be removed by looking at the URL and then give this to our previously written `remove_entry` method. As this is part of the main class, the class would need to be included at the top of the file. Then you could execute:

    $post_to_be_removed = $_GET; // retrieved the post id passed in the URL

    remove_entry($post_to_be_removed) // actually try to remove the data

    This would do the main task but doesn’t include any of the uber-critcal validation to make sure the value in the URL is indeed a correct post ID nor does it check that there is even a value there at all.

    On a side note, [the mysql_* functions used in that tutorial are outdated](http://www.php.net/manual/en/function.mysql-connect.php “”) and should be replaced by their faster more modern mysqli counterparts.

    As you can see, there would be **a lot** of work in using this and trying to maintain it yourself – I’ve barely even scratched the surface where security is concerned!

    # February 17, 2013 at 10:42 am

    I think you didn’t stress nearly enough how important it is that you validate any user input like $_GET, and that you make sure the delete function can only get called by a user with the right… rights.

    That said, if you’re interested in learning php you might wanna read up on something like [PHP Data Objects](http://php.net/manual/en/book.pdo.php). If you’re not, your better off using a different CMS.

    # February 17, 2013 at 12:41 pm

    @CrocoDillon Obviously, input validation is crucial for security and I did acknowledge that:

    > I’ve barely even scratched the surface where security is concerned!

    One of first things I said addressed your comment about being better off using a different CMS:

    > I would really strongly advise against using this CMS. I can almost guarantee that it doesn’t have the usage of something larger like Drupal or WordPress.

    I just figured that it was better to give some useful stuff as the post had no responses a while after being posted :). Nice catch about PHP data objects as well.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".