Thread: OOP Delete?

    #1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    3

    OOP Delete?


    Hi.

    I'm trying my first site in OOP. The class is written.. But I don't know how to address the functions in the class.

    in my user.php I got the following code

    Code:
    	public function delete($id){
    		$delete = $this->db->prepare('DELETE FROM klanten WHERE id = :id');
    		$delete->execute(array(':id' => $id));
    	}
    But how do i access it from in my index.php file? Normally I would

    Code:
    <a href="delete.php?id=3">Delete</a>
    But how would I achieve this using my OOP class? Thanks
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    you cannot magically access a class from the URL. You need a controller script which instantiates the class and calls the right method depending on the URL.

    However, your layout with the delete.php is a bad idea, because the GET method must never have permanent effects. Imagine somebody accidentally visiting the "wrong" URL, and suddenly this klanten (whatever that is) is gone. Or maybe an evil person puts this URL into the src attribute of an image, and anybody who sees this image automatically tells your site to call the deletion script.

    The proper way of doing this would be to have a script for the underlying object, which can be controlled by sending a POST request with an action parameter.

    A naive implementation might look something like this:

    PHP Code:
    <?php

    $allowed_actions 
    = array(
        
    'delete' => array('id')
    );

    if (!empty(
    $_POST['action']) && !empty($_POST['csrf_token']) && !empty($_SESSION['csrf_token']) && $_POST['csrf_token'] == $_SESSION['csrf_token'])
    {
        
    $action $_POST['action'];
        if (
    in_array($action$allowed_actions))
        {
            
    $args = array();
            foreach (
    $allowed_actions[$action] as $param)
            {
                if (!isset(
    $_GET[$param]))
                    die( 
    htmlspecialchars('Missing argument for '.$paramENT_QUOTES ENT_XHTML'UTF-8') );
                
    $args[] = $_GET[$param];
            }

            
    $klanten = new Klanten();
            
    call_user_func_array(array($klanten$action), $args);
        }
        else
            die( 
    htmlspecialchars('No valid action: '.$actionENT_QUOTES ENT_XHTML'UTF-8') );
    }
    However, you should consider using a framework instead of doing it yourself. This is standard stuff, and many smart people have already found good solutions, so no need to reinvent the wheel.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    204
    Rep Power
    3
    Originally Posted by Jacques1
    Hi,

    you cannot magically access a class from the URL. You need a controller script which instantiates the class and calls the right method depending on the URL.

    However, your layout with the delete.php is a bad idea, because the GET method must never have permanent effects. Imagine somebody accidentally visiting the "wrong" URL, and suddenly this klanten (whatever that is) is gone. Or maybe an evil person puts this URL into the src attribute of an image, and anybody who sees this image automatically tells your site to call the deletion script.

    The proper way of doing this would be to have a script for the underlying object, which can be controlled by sending a POST request with an action parameter.

    A naive implementation might look something like this:

    PHP Code:
    <?php

    $allowed_actions 
    = array(
        
    'delete' => array('id')
    );

    if (!empty(
    $_POST['action']) && !empty($_POST['csrf_token']) && !empty($_SESSION['csrf_token']) && $_POST['csrf_token'] == $_SESSION['csrf_token'])
    {
        
    $action $_POST['action'];
        if (
    in_array($action$allowed_actions))
        {
            
    $args = array();
            foreach (
    $allowed_actions[$action] as $param)
            {
                if (!isset(
    $_GET[$param]))
                    die( 
    htmlspecialchars('Missing argument for '.$paramENT_QUOTES ENT_XHTML'UTF-8') );
                
    $args[] = $_GET[$param];
            }

            
    $klanten = new Klanten();
            
    call_user_func_array(array($klanten$action), $args);
        }
        else
            die( 
    htmlspecialchars('No valid action: '.$actionENT_QUOTES ENT_XHTML'UTF-8') );
    }
    However, you should consider using a framework instead of doing it yourself. This is standard stuff, and many smart people have already found good solutions, so no need to reinvent the wheel.
    Thank you for your reply! I think i'll give codeigniter a try.. Tried it before but they seem simple for small applications but when things get big I lose track.

    klanten means customers in dutch thanks for the reply!
  6. #4

  7. Join Date
    Jul 2013
    Location
    Melbourne
    Posts
    40
    Rep Power
    0
    Originally Posted by Jacques1
    Hi,

    you cannot magically access a class from the URL. You need a controller script which instantiates the class and calls the right method depending on the URL.

    However, your layout with the delete.php is a bad idea, because the GET method must never have permanent effects. Imagine somebody accidentally visiting the "wrong" URL, and suddenly this klanten (whatever that is) is gone. Or maybe an evil person puts this URL into the src attribute of an image, and anybody who sees this image automatically tells your site to call the deletion script.

    The proper way of doing this would be to have a script for the underlying object, which can be controlled by sending a POST request with an action parameter.

    A naive implementation might look something like this:

    PHP Code:
    <?php

    $allowed_actions 
    = array(
        
    'delete' => array('id')
    );

    if (!empty(
    $_POST['action']) && !empty($_POST['csrf_token']) && !empty($_SESSION['csrf_token']) && $_POST['csrf_token'] == $_SESSION['csrf_token'])
    {
        
    $action $_POST['action'];
        if (
    in_array($action$allowed_actions))
        {
            
    $args = array();
            foreach (
    $allowed_actions[$action] as $param)
            {
                if (!isset(
    $_GET[$param]))
                    die( 
    htmlspecialchars('Missing argument for '.$paramENT_QUOTES ENT_XHTML'UTF-8') );
                
    $args[] = $_GET[$param];
            }

            
    $klanten = new Klanten();
            
    call_user_func_array(array($klanten$action), $args);
        }
        else
            die( 
    htmlspecialchars('No valid action: '.$actionENT_QUOTES ENT_XHTML'UTF-8') );
    }
    However, you should consider using a framework instead of doing it yourself. This is standard stuff, and many smart people have already found good solutions, so no need to reinvent the wheel.


    That is really a cool concept to define the delete.php. I am also implicate the same things.

IMN logo majestic logo threadwatch logo seochat tools logo