Hi Robert

I am no javascript guru but heres a bit of code I use which adds the 'ok' or 'cancel' to the alert, if they hit ok they proceed, if they hit cancel they stay on the page.

<script language='JavaScript'>
function confirm_entry()
{
var yes=confirm('Place your text here');
if (yes)
return true ;
else
return false ;
}
</script>

HTH

But how do I use this in my PHP submission if statement?

Like

if (confirm_entry == true)
{
run submit script
}

Can't see why you would need to? if they fill in everything and hit submit then either click OK or cancel it should work without the confirm_entry statement.

If they click ok, your form would send the details to the processing script OR your sql query, if they hit cancel your script wouldn't go any further.

Maybe a good idea would be, have the form fields for them to select, process and display all the entries they want to delete then have a delete button to confirm incase javascript is turned off, just a thought

[edited by: wheelie34 at 12:47 pm (utc) on Sep. 4, 2008]

Well at the moment the form action is on the same page, it's not going anywhere, so when I check if the form has been submitted, regardless of if I click okay or cancel it submits the form which is bad.

eg it's doing this bit irrespective of what is clicked:

if ($_POST['Delete'] == "Delete")
{
if ($var == "good")
{
$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());
}
}
}

From your original post...

<form action="" method="post" name="deleter" id="deleter" onSubmit="return confirm_entry()">

You are missing the

return

from your onsubmit event. Then use a confirm_entry() function like the one wheelie34 has posted - this function needs to return either TRUE (go ahead and submit the form) or FALSE (do not submit the form back to the server).

But how do I use this in my PHP submission if statement?

You don't. It's a JavaScript form submission confirmation and consequently runs entirely client-side. If the form is submitted at all (ie. the user has had to click 'ok' in the JavaScript confirm() dialog) then they have already confirmed their action.

Bear in mind also, that because it is JavaScript, your user can disable JavaScript in their browser and bypass your confirmation. But if they do that then you assume they know what they are doing (or they are using a minor browser that does not support JS)?!

If you wanted it to work without JS and pass something back so you can check it with PHP, then you would have to supply another form field. A checkbox perhaps, "tick this box to confirm", that they obviously have to tick first, and check this in your PHP script before doing anything.

Thanks penders, that seems to have done the trick.

I moved the following to a separate page:

$id_req = $_REQUEST['id'];
foreach($id_req as $id_rows)
{
$query = ("DELETE FROM quotes WHERE id='".$id_rows."'");
echo $query;
//mysql_query($query) or die( "An error has occured: " .mysql_error (). ":" .mysql_errno ());

and then just put the previous page as a header.

Thanks for your help, another headache dealt with!

$id_req = $_REQUEST['id'];

Just to add... this is a bit of a security risk, particularly since you are deleting records based on what has been submitted! You are posting values via $_POST[] (method="post") but the $_REQUEST[] array contains $_POST[], $_GET[] and $_COOKIE[] arrays! So, if a hacker was able to inject parameters into your URL (and hence the $_GET[] array) that resulted in actual id's from your quotes table then you'd find that a lot more records could be deleted!

Use:

$id_req = $_POST['id'];