I have created a cart page from a table named booking .
The cart page has item name and asubmit button named "delete".
There has a lot of items in the cart sheet and every item has a "delete" submit type button.
The items are inside one form.
I need to delete one item from the table booking by clicking the "delete" button of the item.
How can I do it using PHP.
<form action="delete.php" method="POST">
<div>
<h2>Item1</h2>
<input type="submit" name="item1" value="delete">
</div>
<div>
<h2>Item2</h2>
<input type="submit" name="item2" value="delete">
</div>
<div>
<h2>Item3</h2>
<input type="submit" name="item3" value="delete">
</div>
...
<!--There has a lot of items like that-->
</form>
Now for example I need to delete item100. How can I do it?
Edit: Here is the delete.php code-
<?php
$query = mysql_query("delete from notification where item = 'item100'") or die(mysql_error());
?>
You do not need form and submit input. You could use links:
delete
This is a GET so you need to perform a redirect to your incoming page to avoid back button problems or use Ajax or both.
If you want to use your form and submit button you could add some Javascript to set an hidden input or use a <button />
Although there is sql injection risks you will need to deal with, this is how you would do it using your current method. Keep in mind you will still need to modify your code to prevent sql injections.
<?php $query = mysql_query("delete from notification where item = '".$_POST['name']."'") or die(mysql_error()); ?>
Related
I am pretty new in PHP and I have the following problem passing a data from a form to a .php file that have to handle it.
So this is the form into the rendered page:
<form method="post" action="common/remove-booking_pc.php" class="ajax-form">
<input id="id_booking" name="id_booking" value="5" type="hidden">
<a href="/PandaOk/templates/default/common/remove-booking_pc.php" type="submit">
<i class="fa fa-power-off"></i>
Conferma
</a>
</form>
It is what is shown looking into the browser code. As you can see it is passing a single data field, this:
<input id="id_booking" name="id_booking" value="5" type="hidden">
The passed value is 5.
So when I submit this form it is rendered by this file remove-booking_pc.php:
<?php
$id_booking = $_POST['id_booking'];
$result_remove_booking = $db->query("UPDATE pm_booking SET status= " . $id_booking);
?>
The problem is that the $id_booking is null and the $_POST is an empty array.
Why? What is wrong? What am I missing? How can I correctly pass this value?
Your submit is an anchor, not a form submission, so the receiving page will never receive any POST data.
Simply replace your anchor with a button [or input] of the type submit and the form will be submitted as expected.
<form method="post" action="common/remove-booking_pc.php" class="ajax-form">
<input id="id_booking" name="id_booking" value="5" type="hidden">
<button type="submit" class="fa fa-power-off" value="Submit">Conferma</button>
</form>
Other things you should be considering:
Your form is vulnerable to Cross Site Request Forgery [CSRF]
Your database is vulnerable to SQL injection. Use Prepared Statements.
As pointed out by Fred, your SQL (UPDATE pm_booking SET status=) currently will update every row in the table, without any qualification. Use WHERE in your SQL.
If dealing with file uploads, your HTML form should as best practise have an enctype value.
<form enctype='multipart/form-data' ... >
You need a Button to submit the form, in this case you are using a href hyper link. Example below:
<input type="Submit" name="Submit" value="Submit">
Here's what I'm looking to accomplish. When a user creates a profile they fill out some information with a form. After they submit the form the information is displayed on their profile. One of the form fields is going to be a button that other users can click to do an action. To display the button this is the PHP I currently have:
add_action('kleo_bp_after_profile_name', 'my_profile_button');
function my_profile_button()
{
echo 'Talk';
}
I need to input the form information into the href="#" spot. Does anyone know a way around this?
Thanks.
It sounds like you want to simply submit a form that a user fills out. If that is the case, you can't use a link, but you need to use a button:
<form action="submitpage.php" method="post">
Name: <input type="text" />
<input type="submit" value="Some Text" />
</form>
or
<form action="submitpage.php" method="post">
Name: <input type="text" />
<button type="submit" class="success button radius show-for-small">Some Text</button>
</form>
Sure, if you have captured that information with a POST variable, named 'redirect' for example, you could use it to generate a button. The problem is that I don't understand very well what you mean with be put into href="#" spot, because buttons don't have that property, so I write you the code to use it on a redirection which is done at clicking the button:
<input type="button" value="submit" onclick="location.href='<?php echo $_POST["redirect"];?>';">
If you want to use information in a link, which actually have href property use this:
<a id="link" href="<?php echo $_POST['redirect'];?>">Text of the link</a>
I have a form for editing and deleteing phone directory entries for our office. Each line shows the persons' name and phone number etc, and has a checkbox.
The form basically has two buttons, edit and delete. You go through and select all the rows that you either want edit or delete, and then the form is submitted.
What I want to do, is have an alert when the delete button is pressed, that asks for confirmation before deleting. What I would like to do, is to list out all the rows that were marked for deletion in this alert window.
I'm not sure if this is possible, as the POST data isnt available until the form is submitted, which in turn would be prevented by the alert window.
Would this be possible using PHP and javascript? I have included some code examples below:
<form name="manage" method="post" action="edit.php">
<input type="submit" name="add" value="Add">
<input type="submit" name="edit" value="Edit">
<input type="submit" name="delete" value="Delete">
//For each row found
while($row = mysql_fetch_assoc($result)) {
//Echo out a row with details
echo "<tr>
<td><input type='checkbox' name='dirid[]' value='".$row['Dir ID']."' /></td>
<td>".$row['Floor']."</td>
<td>".$row['First Name']."</td>
<td>".$row['Last Name']."</td>
<td>".$row['Extension']."</td>
<td>".$row['Department']."</td>
</tr>";
}
</form>
At the moment, all that is posted, is the dirid, which is just a unique ID for each row in the table. The delete script then queries the database, and removes each row for each of those ID's
I suppose that if it is not possible in an alert window, I could also send the ID's to the delete script, show them on the page with a confirm button, and then put and alert on top of that as well, but seems a bit long winded.
Any suggestion greatly appreciated.
Eds
may be you can to that with jquery here you have something like that
http://jsfiddle.net/damian_silvera/Cxqp5/
I have a page that displays a photo the user has uploaded. I have two forms that provide two different actions. The first form, replace_photo_form, is simply a button that the user pushes to replace the photo. The second form, next_page_form, is a field to enter the caption for the photo as well as a button to proceed to the next page. When the user pushes the next_page button, it should save the caption to the DB and continue to the next page.
<body>
<form id="replace_photo_form">
<input type="text" name="caption" />
<input type="submit" name="replace_photo" value="Replace Photo" />
</form>
<div>
<p>This is where some other information is located</p>
</div>
<form id="next_page_form">
<input type="submit" name="next_page" value="Next Page" />
</form>
</body>
I want the caption field to appear directly next to the replace_photo button in the page structure so I included it in the replace_photo_form. The problem is that when I push the next_page button, it doesn't save the POST value for the caption input field as I would like. Ideally I would just include the caption field in the next_page_form so I saves the caption as a POST value, but I need it to appear next to the replace photo button.
How can I include a form field in my POST if it is not in the current form?
Merge the two forms into one that spans both submit buttons (it will still include the input of course).
Then, when the form is submitted, you can check which of the values (next_page or replace_photo) exists in $_POST, therefore discovering which button was pressed and what action you need to take.
This technique will work correctly even if Javascript is disabled. If you are willing to relax this restriction, there are dozens of other options (e.g. hooking the submit event of a form to copy the value of the text box from another form in a hidden field of the current form).
One possibility is to add a listener to the field that ties its value to a hidden field in the second form:
<form id="replace_photo_form">
<input type="text" name="caption"
onchange="document.getElementById('next_page_form_caption').value = this.value;"/>
..
</form
<form id="next_page_form">
<input type="hidden" id="next_page_form_caption" name="caption"/>
..
</form>
You mean replace_photo_form submit before next_page button clicked, you can simply add an onclick to next_page button, like this:
<input type="submit" name="next_page" value="Next Page" onclick="document.getElementById("replace_photo_form").submit();" />
Another lame question
So, I have a site that displays several students' requests to change advisors, with an Approve and Deny button for each student. Then I have a Javascript pop-up that confirms the decision when clicked on either button, and it will also e-mail the student about this decision. This should all be on one page as well.
How do I specify which student I will update and e-mail to? I know the query will be like $query = "UPDATE student set current_advisor = ".$requested_advisor." where SID = ".$sid, but how do I specify which student I'm doing this for?
I have only worked with php forms, where you have the user type in the information, but in this case, all the data is there already...
$sid is the id of the student you want to update... It depends how you're building the page. You can either insert a form for each student, as follows:
// for each student
<form method="post">
<input type="hidden" value="the-sid" name="SID"/>
<input type="submit" value="confirm" name="type" onclick="return confirm('Sure?');"/>
<input type="submit" value="deny" name="type" onclick="return confirm('Sure?');"/>
</form>
// end for each
Then when the user clicks either approve or deny, you're $_POST array in PHP will be filled with:
array("SID"=> $theSID, "type" => "confirm or deny");
You have a couple options for doing something like this.
If you want to do it with actual <form>s, then you'd do this by putting the information you need in "hidden" form fields. For example, you can have something like this in each form:
<input type="hidden" name="SID" value="4" />
And use PHP to fill in the value for each hidden field when you're generating the HTML.
Another option is to just have the buttons open a link, instead of submitting a form. In that case, you can pass the values you need as "GET" parameters on the URL, like this:
http://yoursite.com/change_advisor.php?SID=4&new_advisor=18
And then have the change_advisor.php file use the variables $_GET['SID'] and $_GET['new_advisor'] to do the query you need.
i'm not sure if this is what you want exactly, but if you wanted a list of advisors and the option to approve or deny each you could do for each advisor
<?php foreach($advisors as $advisor): ?>
<form method="post" action="somewhere">
<input type="hidden" name="id" value="<?php echo $advisor['id']; ?>" />
<input type="submit" name="result" value="Approve" onclick="return confirm('Are you sure you want to approve this advisor?')" />
<input type="submit" name="result" value="Deny" onclick="return confirm('Are you sure you wish to deny this advisor?')" />
</form>
<?php endforeach; ?>
Then that sends to your script a post array which should contain whether it was approved or denied, then you can handle it from there using the id variable to identify your record against your primary key.
Hope this helps :)