Welcome to WebmasterWorld Guest from 107.22.7.35

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

PHP/Javascript form submit confimation

using js alert to submit/not submit form

     
11:17 am on Sep 4, 2008 (gmt 0)

5+ Year Member



Hey all, I have a form which is basically a list of checkboxes, one for each item. The user basically selects which one(s) they want to delete then submits the form.

What I also need is a javascript pop-up alert that asks them if they're sure... if they click yes then do it, if not then don't.

Here's the start and end of my form:

<form action="" method="post" name="deleter" id="deleter" onSubmit="confirm_entry()">
...
<input type="submit" name="Delete" value="Delete" />

And here's the javascript in my header:

<script type="text/javascript">
<!--
function confirm_entry()
{
input_box=confirm("Are you sure you want to delete these quotes?");
if (input_box==true)

{
// Output when OK is clicked
// alert ("You clicked OK");
<?php $var = 'good'; ?>
}

else
{
// Output when Cancel is clicked
// alert ("You clicked cancel");
<?php $var = 'bad'; ?>
}

}
</script>

Then to do the submit action I'm trying PHP like this:

if ($_POST['Delete'] == "Delete")
{
if ($var == "good")
{
$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());
}
}
}

But obviously this idea is dud.

How do I get the javascript to produce a yes/no variable and then how do I check against it with PHP?

11:31 am on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi Robert

I am no javascript guru but heres a bit of code I use which adds the 'ok' or 'cancel' to the alert, if they hit ok they proceed, if they hit cancel they stay on the page.

<script language='JavaScript'>
function confirm_entry()
{
var yes=confirm('Place your text here');
if (yes)
return true ;
else
return false ;
}
</script>

HTH

11:36 am on Sep 4, 2008 (gmt 0)

5+ Year Member



But how do I use this in my PHP submission if statement?

Like

if (confirm_entry == true)
{
run submit script
}

12:39 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Can't see why you would need to? if they fill in everything and hit submit then either click OK or cancel it should work without the confirm_entry statement.

If they click ok, your form would send the details to the processing script OR your sql query, if they hit cancel your script wouldn't go any further.

Maybe a good idea would be, have the form fields for them to select, process and display all the entries they want to delete then have a delete button to confirm incase javascript is turned off, just a thought

[edited by: wheelie34 at 12:47 pm (utc) on Sep. 4, 2008]

12:47 pm on Sep 4, 2008 (gmt 0)

5+ Year Member



Well at the moment the form action is on the same page, it's not going anywhere, so when I check if the form has been submitted, regardless of if I click okay or cancel it submits the form which is bad.

eg it's doing this bit irrespective of what is clicked:

if ($_POST['Delete'] == "Delete")
{
if ($var == "good")
{
$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());
}
}
}

1:35 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



From your original post...

<form action="" method="post" name="deleter" id="deleter" onSubmit="return confirm_entry()">

You are missing the

return
from your onsubmit event. Then use a confirm_entry() function like the one wheelie34 has posted - this function needs to return either TRUE (go ahead and submit the form) or FALSE (do not submit the form back to the server).

But how do I use this in my PHP submission if statement?

You don't. It's a JavaScript form submission confirmation and consequently runs entirely client-side. If the form is submitted at all (ie. the user has had to click 'ok' in the JavaScript confirm() dialog) then they have already confirmed their action.

Bear in mind also, that because it is JavaScript, your user can disable JavaScript in their browser and bypass your confirmation. But if they do that then you assume they know what they are doing (or they are using a minor browser that does not support JS)?!

If you wanted it to work without JS and pass something back so you can check it with PHP, then you would have to supply another form field. A checkbox perhaps, "tick this box to confirm", that they obviously have to tick first, and check this in your PHP script before doing anything.

1:45 pm on Sep 4, 2008 (gmt 0)

5+ Year Member



Thanks penders, that seems to have done the trick.

I moved the following to a separate page:

$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());

and then just put the previous page as a header.

Thanks for your help, another headache dealt with!

2:51 pm on Sep 4, 2008 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



$id_req = $_REQUEST['id'];

Just to add... this is a bit of a security risk, particularly since you are deleting records based on what has been submitted! You are posting values via $_POST[] (method="post") but the $_REQUEST[] array contains $_POST[], $_GET[] and $_COOKIE[] arrays! So, if a hacker was able to inject parameters into your URL (and hence the $_GET[] array) that resulted in actual id's from your quotes table then you'd find that a lot more records could be deleted!

Use:

$id_req = $_POST['id'];
 

Featured Threads

Hot Threads This Week

Hot Threads This Month