Okay so I am working on a simple social network. I am building it with PHP and MySQL. Users can post status updates just like on Facebook. I know how to use the INSERT INTO and SELECT FROM statements to input/output user statuses, but how would I go about having a button (an X) that when clicked it calls a function that holds a MySQL query that DELETES the post? Or one that edits the post? Is the way to do it a call to a function()?
PHP runs on the server. The button exists on the client. So you can't call a function directly.
You need to have a script that accepts some input over HTTP (since you want to do something, this should be an HTTP POST request, in PHP you can read that data via $_POST[]). The script should sanity check the input, do any appropriate actions based on that input and make a response indicating success or failure.
The simplest way to have the browser make the request is to use a <form>. This also allows you to collect information you may need from the user.
To do it "just like on Facebook" (while following best practises) you should use JavaScript to bind a submit event listener to the form, then stop the default event and use XMLHttpRequest to make the HTTP POST request instead (this is Ajax). Then you use DOM manipulation to update the information displayed to the user.
You need to learn AJAX to do that. With an Ajax call, you would capture the click event with JavaScript, and will post an AJAX request to a PHP script that will issue the corresponding delete sql statement to drop the post.
Related
I'm using Laravel 5.3.
Essentially, when a user clicks a button on the screen, I need to get data from the database (using AJAX), and then display that data on the screen.
However, I'm not sure if I should be using a GET or POST request? I've only ever used GET requests for routing when the user wants to get to a specific page, like a GET request for /index or /profile.
Which should I use?
There is a difference between GET & POST method in Laravel
GET is used when we want to get some data from the server and we do not send any parameter in request. And the security threat is not a concern, like you are opening a page on browser
POST is used when we want to send some parameter to the server and based on that parameter some processing is done. In laravel it is mandatory to include CSRF token wit the request for security concern.
So choose as per your requirement.
easy! Use GET when you're to getting data, and POST when you're posting data.
There are even more of these request methods (or verbs, if you like). For example a PUT request to edit data, DELETE request to delete data etc. However, these aren't supported in most browsers yet, but i know laravel has a clever workaround so you can use them anyway. check this links:
https://laravel.com/docs/5.3/routing
This is actually something of your own choosing. If the operation is a sensitive one you might consider using POST so that you can have protection over CROSS-SITE REQUEST FORGERY from attackers but if not so you can simply use GET
If you only want save data in database(no return data) so you should use POST. And whenever you want to get data from database so you should use GET.
Ex - If you want to insert a new user information in database so here you use GET method and if you want to edit existing user information and return updated information so you will use GET method.
So the question is a little complicated, let me explain. My page code is running like this:
User enters query in the search field and clicks submit.
1.1 jQuery loads a new body to display progress data.
1.2 jQuery calls process.php via AJAX and supplies query as the argument.
1.3 jQuery starts setInterval periodic update to grab progress data, stored inside $_SESSION['prog'], and displays it.
When process.php finishes, jQuery stops periodic update, displays final information and calls AJAX to clear the $_SESSION['prog'] variable.
At the moment progress data is stored inside one variable, which is fine as far as different users are concerned (because of the different sessions), but if the same user were to make multiple requests at the same time, the $_SESSION['prog'] variable would be cross-overwritten.
So far I have thought of two possiblities to distinguish data for each request from the same user (same session)
Have jQuery generate some random string and send it together with query (and hope to avoid colission, although that would be unlikely)
Make 2 AJAX calls, first one requesting new_request_id, the second one sending query and new_request_id as parameters.
Have AJAX return something from PHP before is finishes(completes).
I need to connect each browser window (each request) with each running process, so I cannot send back new request ID after the request has been submitted, because I wont know which data to pick up with jQuery in the browser window. Btw, I will change $_SESSION['prog'] to $_SESSION[request_id] -> request_id is what I'm looking for.
It (request_id) could be last_insert_id(), because im creating new DB entries for each valid query, but I don't know how to get it back to each different user window.
I need advice here. Only just begun to code in PHP, AJAX and jQuery, don't really know much about sessions. How should I solve this problem?
Sorry for the lack of code, I will paste is at request.
You could add a unique ID to each request in addition to the session ID. eg. uniqid() in javascript/jquery?
You need to differentiate them somehow. For example use a unique ID autonumber field. MySQL has last_insert_id() which is very useful and handles concurrent requests correctly.
Avoid using Session variables in Ajax requests. Send them with GET (or POST) instead. Even if calling Session_start(); in the Ajax request and getting $_SESSION['prog'] from there, results can be unexpected.
I am creating a system in php to get user's feedback on solutions. I am using MySQL to get the solution and store the feedback. The feedback are integers. There are two columns for feedback- Yes and No. I want to increase the value of them when a user clicks on a text link/radio button or checkbox.
Like-
.................Solution..............
Did this help you? Yes / No
When user clicks on Yes, it should increase value of yes column by one and if it clicks on No, it should increase value of no column by one.
The main difficulty is this that the page contains numbers of solution and feedback options..
Can you help me??
Clicking a form control on a page is a client-side action. Updating a variable in PHP is a server-side action. Luckily, AJAX gives us a way of accessing server resources from the client.
The following code performs an AJAX request using the jQuery JavaScript library. You do not need jQuery to perform AJAX requests, but then you must code your AJAX request natively. Doing that is not hard, but it's not exactly trivial, either.
JavaScript:
$.ajax({
url: '/path/to/file.php',
data: 'url=encoded&query=string', // Can also be an object
success: function( output ) {
// This function gets called once the AJAX Request returns. It is sent
// a string parameter containing all output of the Server-side script
}
});
In the file.php, you just perform whatever actions you want to. The AJAX request can be sent either via GET or POST, and any variables passed will be available in the $_GET and $_POST superglobals, respectively.
The output parameter is passed in is a string, and is all of the output (i.e. echo/print) that is generated from the server-side script. That string can be a JSON representation of an object as well, in which case you will have to parse the string to be able to use it as an object in JavaScript. This is beneficial if your server-side script returns large amounts of data instead of just plain HTML/XHTML.
For more information, look at jQuery's documentation for AJAX, or Google for native ajax requests
An alternative is just to have your controls as regular form elements which submit the form when they are pressed (e.g., each one of them is a named submit button / image input). Your form handler will determine which one is pressed depending on what value is present in the $_POST. This method will then send the user input to a form handler which gets executed on the server, which then redirects the user back to the page once it has finished processing.
PHP is server side only, so when the user clicks on Yes, it needs to send a request to load a new page, an Ajax request, etc. that will then update the server. Anything done on the page after page load can not be done with PHP.
I would attach $_POST/$_GET requests to each link/radio button that is then sent to MySQL on a page refresh or something to that effect in order to update your table.
i have create a form (so it's PHP and HTML hybrid-code). it has ability to send '$_POST'. And when i click it, it work perfectly on sending and displaying input.
But there's something happening when i click Ctrl+R in firefox for represhing the page. I got this confim dialog : "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier"
my question
what is it, (this confirm dialog ?)
what i have to do on my code so it able to suppress this dialog ?
You probably have created an HTML page that contains a <form>. The form is used to send data to the HTTP server (that is, the webserver that hosts your site).
The HTTP protocol defines different request types used to send data to the server and to retrieve data from the server. The most used are GET and POST. You must learn about all this if you want to be anything more than a very bad PHP programmer, which is unfortunately (or fortunately, if you are on the hacker side) very common.
Your problem is that Firefox has arrived on the page you are talking about after sending a POST request. If you reload the page, it has to send the same data again in the form of a POST. Due to the conventions on what a POST request should be used for (usually to modify data on a database), the browser asks the user if he is sure about what he wants to do.
There are mainly two options to circumvent this:
Change the form method to GET; or
Use a redirection after the POST.
To use the first method, you could simply add a method="get" parameter to your form tag:
<form action="senddata.php" method="get"> ... </form>
To use the second method, you simply redirect the user after the POST request, using something like
header("Location: blahblahblah")
The most used pattern is the POST-Redirect, that is, the second method I told you about. There are many security implications on using GET to change data on a database (if you are interested on that, and you should be, as every PHP programmer should, read about XSRF).
Submitting a form (sending a POST request) is commonly used to confirm an order on eCommerce sites. Therefore, submitting it twice would submit the order, twice. Therefore browsers, tend to ask for confirmation that a user wants to send the POST request again.
In order to prevent this, you need to make the refresh do a GET request instead of a POST request. To do this, simply redirect to the same page after processing the form.
header("Location: /path/to/self");
This will make it so when the user hits refresh, it will be sending a GET request instead of a POST request, and it won't prompt for confirmation.
To clairify, it goes like this:
Form gets sent via POST (User clicks on form)
Form gets processed
User gets redirected to the same page (via GET)
User now will be refreshing a GET request instead of a POST request.
I guess whenever your form (php, asps, static html etc) contains post information that may either form field infor or other, is sent to the server via firefox, it displays such a message before sending the data again to server. it serves as a security protection from Mozilla developers. I guess it can be disabled via about:config but it is not recommended to so.
Also it is a normal behaviour. It should be like this and have been like this for a fairly long time in firefox.
You may like to have a look here:
http://forums.mozillazine.org/viewtopic.php?f=38&t=682835&st=0&sk=t&sd=a&hilit=Firefox+must+send
alternatively use GET instead of POST to send your data...
Regards
If the form was submitted successfully, answer with the status code 303:
header('Location: http://www.example.com/', TRUE, 303);
This forces the browser to use a GET request for the resulting page. A reload won’t send any POST data, and no pop up is shown.
I am using php to fill up a form. Now, it so happens that form is using ajax for many of its fields.
e.g.
select [country]
(ajax will show drop-down filled with states for that country)
select [states]
(ajax will show drop-down filled with cities)
select [city]
(ajax will enable a submit button)
If it is a simple html based form, it can be easily filled with cURL. But what if the form is using ajax to populate the drop-down fields.
Thanks
When you are "populating" the form with curl, you are actually POSTing the data that would have been typed/entered into the form.
There is no need for the Ajax requests to be made, as long as you know what data you have to use.
So, the solution would be to :
Begin by getting the lists of data (by using the form in a browser, for instance)
Know how those data have to be used (by observing the "normal" way the form works)
POSTing the correct values, with your curl request.
In the end, your curl request should be the same than the one made by the browser when the form is submitted -- independantly of the Ajax requests that are sent before (those are only useful for getting data)
Well, that is unless the Ajax requests are actually "writting" something on the server -- but that's pretty rare for this kind of situation.
If it is a simple html based form, it can be easily filled with cURL
I'm not clear what you mean here. As far as I know, cURL is a tool for making HTTP requests. It can't "fill forms" (unlike, for example, WWW::Mechanize). Am I wrong about this?
I think you mean: "If it is a simple HTML based form, I can easily construct an HTTP request using cURL that submits the same query string or POST data as using a browser would." I'm going to proceed on that assumption.
The use of Ajax (in of itself) doesn't stop you constructing a the form data manually and submitting it as normal. It just makes it a little more difficult to work out what data you need to submit.
The remote system might be implemented in such a way that it falls over if you don't request all the bits of data in the right sequence (e.g. it will barf if you submit the complete data at the end without requesting the list of cities for a country). Emphasis on 'might', this wouldn't be a sane way to implement the system.
You might also want to make multiple requests with cURL anyway so that you can fetch the list of cities (and any ids that might be associated with them) and access them programatically.