homepage Welcome to WebmasterWorld Guest from 54.196.69.189
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP/Javascript form submit confimation
using js alert to submit/not submit form
Robert Poole




msg:3738153
 11:17 am on Sep 4, 2008 (gmt 0)

Hey all, I have a form which is basically a list of checkboxes, one for each item. The user basically selects which one(s) they want to delete then submits the form.

What I also need is a javascript pop-up alert that asks them if they're sure... if they click yes then do it, if not then don't.

Here's the start and end of my form:

<form action="" method="post" name="deleter" id="deleter" onSubmit="confirm_entry()">
...
<input type="submit" name="Delete" value="Delete" />

And here's the javascript in my header:

<script type="text/javascript">
<!--
function confirm_entry()
{
input_box=confirm("Are you sure you want to delete these quotes?");
if (input_box==true)

{
// Output when OK is clicked
// alert ("You clicked OK");
<?php $var = 'good'; ?>
}

else
{
// Output when Cancel is clicked
// alert ("You clicked cancel");
<?php $var = 'bad'; ?>
}

}
</script>

Then to do the submit action I'm trying PHP like this:

if ($_POST['Delete'] == "Delete")
{
if ($var == "good")
{
$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());
}
}
}

But obviously this idea is dud.

How do I get the javascript to produce a yes/no variable and then how do I check against it with PHP?

 

wheelie34




msg:3738164
 11:31 am on Sep 4, 2008 (gmt 0)

Hi Robert

I am no javascript guru but heres a bit of code I use which adds the 'ok' or 'cancel' to the alert, if they hit ok they proceed, if they hit cancel they stay on the page.

<script language='JavaScript'>
function confirm_entry()
{
var yes=confirm('Place your text here');
if (yes)
return true ;
else
return false ;
}
</script>

HTH

Robert Poole




msg:3738169
 11:36 am on Sep 4, 2008 (gmt 0)

But how do I use this in my PHP submission if statement?

Like

if (confirm_entry == true)
{
run submit script
}

wheelie34




msg:3738207
 12:39 pm on Sep 4, 2008 (gmt 0)

Can't see why you would need to? if they fill in everything and hit submit then either click OK or cancel it should work without the confirm_entry statement.

If they click ok, your form would send the details to the processing script OR your sql query, if they hit cancel your script wouldn't go any further.

Maybe a good idea would be, have the form fields for them to select, process and display all the entries they want to delete then have a delete button to confirm incase javascript is turned off, just a thought

[edited by: wheelie34 at 12:47 pm (utc) on Sep. 4, 2008]

Robert Poole




msg:3738213
 12:47 pm on Sep 4, 2008 (gmt 0)

Well at the moment the form action is on the same page, it's not going anywhere, so when I check if the form has been submitted, regardless of if I click okay or cancel it submits the form which is bad.

eg it's doing this bit irrespective of what is clicked:

if ($_POST['Delete'] == "Delete")
{
if ($var == "good")
{
$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());
}
}
}

penders




msg:3738238
 1:35 pm on Sep 4, 2008 (gmt 0)

From your original post...

<form action="" method="post" name="deleter" id="deleter" onSubmit="return confirm_entry()">

You are missing the return from your onsubmit event. Then use a confirm_entry() function like the one wheelie34 has posted - this function needs to return either TRUE (go ahead and submit the form) or FALSE (do not submit the form back to the server).

But how do I use this in my PHP submission if statement?

You don't. It's a JavaScript form submission confirmation and consequently runs entirely client-side. If the form is submitted at all (ie. the user has had to click 'ok' in the JavaScript confirm() dialog) then they have already confirmed their action.

Bear in mind also, that because it is JavaScript, your user can disable JavaScript in their browser and bypass your confirmation. But if they do that then you assume they know what they are doing (or they are using a minor browser that does not support JS)?!

If you wanted it to work without JS and pass something back so you can check it with PHP, then you would have to supply another form field. A checkbox perhaps, "tick this box to confirm", that they obviously have to tick first, and check this in your PHP script before doing anything.

Robert Poole




msg:3738249
 1:45 pm on Sep 4, 2008 (gmt 0)

Thanks penders, that seems to have done the trick.

I moved the following to a separate page:

$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());

and then just put the previous page as a header.

Thanks for your help, another headache dealt with!

penders




msg:3738308
 2:51 pm on Sep 4, 2008 (gmt 0)

$id_req = $_REQUEST['id'];

Just to add... this is a bit of a security risk, particularly since you are deleting records based on what has been submitted! You are posting values via $_POST[] (method="post") but the $_REQUEST[] array contains $_POST[], $_GET[] and $_COOKIE[] arrays! So, if a hacker was able to inject parameters into your URL (and hence the $_GET[] array) that resulted in actual id's from your quotes table then you'd find that a lot more records could be deleted!

Use:
$id_req = $_POST['id'];

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved