We have an edit form:we populate it with a variable number of checkboxes (it all depends,let's say, on how many pictures we have on the article we're about to edit).
All the checkboxes are per default "checked" and if nothing happens the data associated(our pictures in this case) remains untouched.
Altough if we uncheck one we actually want to not keep the picture in our edited post and delete it from our database.
I know unchecked checkboxes dont get Posted,and that I have one work-around:
place right before the checkbox an hidden field with the same name..in this way with the checkbox unchecked can still post the hidden input.
but i have this situation:
/*i'm querying the database to load all the article's data and I check if */
/* there's any picture so I build, with a while loop, an associated checkbox*/
<input type="checkbox" name="picture[]" value="$row['pic_id]"/>$row['pic_name']
When I submit our edit form I check if there's any data inside our array picture and if positive i want to delete it from database.
Now if I simply add an hidden field at the top of each checkbox (so same name and same value..cause it's the value i need to use in the next query) I fall into the problem:
how to distinguish if the posted data comes from the actual checkbox (if eventually checked) or from the hidden input??
thanks again
Luca
Why don't you check it on the server side?
You know what was the original list, you have your new list. Those that are not in the new list, but were in the original list, should be deleted.
So you don't need to add any javascript hacks, or hidden inputs.
On the server side you can use the following approach:
$array_of_ids_to_delete=array_diff($array_with_all_ids, $posted_ids);
The $array_with_all_ids must be already available, because I guess you use it to output all the checkboxes. $posted_ids represents your picture[] array.
After that you only have to run a foreach on $array_of_ids_to_delete and get rid of those images.
Related
I don't need any code, I just need the right way to do it.
What I am doing?
Here is the thing. I am making a software for a pharmacy (Drug Store). I have created a tab for shortlist for the drug. See the picture.
enter image description here
What problem I am facing?
In the last column, I have a form field to input drug or add stock. But you can see there are many form fields for so many rows. When I click to "Confirm" button, it's not gonna work cause the table has been generated using loop. So, for all the fields there are same name.
How can I take the value of input field right above the submit button. I mean when I click confirm button it will take same row's input field not others.
How can I do it? No code needed. I am using php codeigniter framework.
Thanks
create one variable like '$i' and increase it and append it on last of input name.as well as give id to submit button and append id with $i.
for eg. name_1,name_2,submit_2,submit_2
when you submit just get the id of submit button. Then get the number from id eg.2,3.take input from the same input variable id. You can do it using ajax. So it will be done without refresh page.
Problem
I am developing an application (in PHP) in which, I will show the user a report of some derived values based on previous entries he had done and the user will check for correctness - if correct, then the user can press Save button to submit it to database. Otherwise, the user should be able to edit previous entries, but he should not be able to change derived values in that report.
For that purpose, I have enclosed these values in a hidden input field, so a normal user can not alter these values, but if web developers could inspect the element in their browser and change these values.
Can we prevent these type of attack? If so, how?
My thoughts
I can make a string of all hidden fields, encrypt it and save in another hidden field - after postback I can cross-verify actual value and encrypted value.
Is this the correct way to achieve this? and how to do this
What do you think?
It's very hard to get a good idea of what you are trying to do but perhaps a solution could be to display a form with input fields disabled (http://www.w3schools.com/tags/att_input_disabled.asp) then have at the bottom of your page e.g. Is this information correct? .. Then 1 option to Save, and one option for No/Edit. Then do an if(isset($_POST['edit'])) { .. run form again but with input fields not disabled }
Only have your SQL update code in the 'edit' section of the code, and have a seperate SQL update code for the save section which just moves the values from wherever you are grabbing them from, to wherever they need to be.
Hope that helps.
If there are derived values that you need to fill out your form, but don't want to use hidden fields - I suggest using session variables that would contain those derived values as needed. Depending on how many of these forms there are, and how many users will be using them - the overhead is usually negligible with this number of fields (in the 30s)... if you discard them when not needed of course.
I have a drop down list. And I want that the users cannot change the value of that drop down so for this I used the disabled="disabled" property but now I am unable to get the value from the drop down list.
So what should I do with my situation so that the users could not change the value of it and I can get the value of that drop down list also?
Sounds like a dropdown isn't what you should be using here.
I'd probably use a hidden input box (for the JS to populate) + just plain text to display to the user.
But I guess it depends on what you're trying to do, so more information would be good.
You can
store the dropdown value in the session
add the same value to which the dropdown is set to a hidden input
My solution has always been to render the dropdown as some other HTML element and have a hidden input for the actual value. This has the advantage that people know it's not changeable, whereas a disabled field could imply that it can be activated somehow. If you must have it as a dropdown, just change it's name and id so that it doesn't interfere with the hidden field.
Disabled elements are never passed back when the form is submitted so this is the only realistic option without using javascript and that leaves a problem if people have it disabled, so it's best avoided for this.
Browsers wont submit disabled fields, you would have to somehow parse them with javascript and submit them seperately
I am building a simple CMS for a client. They need the ability to manage employee profiles.
Each profile needs an image.
Currently I have a form for adding employees, and associating an uploaded image with a single record is easy.
Below the record add form, I have a list of existing records (and a thumbnail of the image). These records are printed between form tags, I've got a checkbox next to each record (marking it will delete it when the form submits).
I want to use this form to also UPDATE records; deletions occur first, then $_POST data is parsed and records updated.
When a record has no image associated with it, instead of a thumbnail, a file input tag is printed. Because there is a variable number of records, the file tags are all named image[] so I can easily loop through them.
Question: how do I correlate $_FILES data with $_POST data? Do I have to name each file input to image_<?=$record_id?> to determine which record the file belongs to?
Your solution looks good, i would add record id as index, for ex:
image[<?=$record_id?>];
You can then correlate by array index
instead of
<input name="image[]">
use assocative array, for ex.:
<input name="image[id_<?=$record_id?>]">
Using the default fieldname[] notation, you can't control what indexes PHP assigns to the server-side representations in POST/GET/REQUEST/FILES. PHP'll just add them sequentially and if there's a gap in your form, it'll be gone once the data hits the server.
You can, hoever, FORCE indexes, so that fieldname[7] and newimage[7] all relate to the same fieldset in your form.
You will need to name each file input, and access it via $FILES['unique_name'].
I've got a populated table which admins can edit and a submit button to apply all the changes made but I was wondering if I could narrow it down to only the ones they changed? I don't mind having an extra checkbox to specify whether it requires updating or not which the user can check but I don't know how to send ONLY those parts of the form to $_POST.
Thanks in advance.
The entire form will be posted by default.
To do what you want to do you can of course go the Javascript way.
Making users click on e.g. a checkbox for the records they have changed wouldn't be the preferred way IMO.
You could use JavaScript to note the changes, update a hidden field and post these instead.
You could also add the current values to the session and then check on submission which ones have changed by comparing the session values to the post values.