Another lame question
So, I have a site that displays several students' requests to change advisors, with an Approve and Deny button for each student. Then I have a Javascript pop-up that confirms the decision when clicked on either button, and it will also e-mail the student about this decision. This should all be on one page as well.
How do I specify which student I will update and e-mail to? I know the query will be like $query = "UPDATE student set current_advisor = ".$requested_advisor." where SID = ".$sid, but how do I specify which student I'm doing this for?
I have only worked with php forms, where you have the user type in the information, but in this case, all the data is there already...
$sid is the id of the student you want to update... It depends how you're building the page. You can either insert a form for each student, as follows:
// for each student
<form method="post">
<input type="hidden" value="the-sid" name="SID"/>
<input type="submit" value="confirm" name="type" onclick="return confirm('Sure?');"/>
<input type="submit" value="deny" name="type" onclick="return confirm('Sure?');"/>
</form>
// end for each
Then when the user clicks either approve or deny, you're $_POST array in PHP will be filled with:
array("SID"=> $theSID, "type" => "confirm or deny");
You have a couple options for doing something like this.
If you want to do it with actual <form>s, then you'd do this by putting the information you need in "hidden" form fields. For example, you can have something like this in each form:
<input type="hidden" name="SID" value="4" />
And use PHP to fill in the value for each hidden field when you're generating the HTML.
Another option is to just have the buttons open a link, instead of submitting a form. In that case, you can pass the values you need as "GET" parameters on the URL, like this:
http://yoursite.com/change_advisor.php?SID=4&new_advisor=18
And then have the change_advisor.php file use the variables $_GET['SID'] and $_GET['new_advisor'] to do the query you need.
i'm not sure if this is what you want exactly, but if you wanted a list of advisors and the option to approve or deny each you could do for each advisor
<?php foreach($advisors as $advisor): ?>
<form method="post" action="somewhere">
<input type="hidden" name="id" value="<?php echo $advisor['id']; ?>" />
<input type="submit" name="result" value="Approve" onclick="return confirm('Are you sure you want to approve this advisor?')" />
<input type="submit" name="result" value="Deny" onclick="return confirm('Are you sure you wish to deny this advisor?')" />
</form>
<?php endforeach; ?>
Then that sends to your script a post array which should contain whether it was approved or denied, then you can handle it from there using the id variable to identify your record against your primary key.
Hope this helps :)
Related
Kinda strange...
I'm building a shopping cart. When the user types the quantity he wants and hits "add to cart", the <form> action should redirect them with a PHP $_SERVER['QUERY_STRING'] AND some other information (i.e. the product id, fetched in MySQL).
Here's my form, all in a PHP echo...
<?php
echo '<form method="GET" action="cart.php?'.$_SERVER['QUERY_STRING'].'&action=add&item_id='.$data->item_id.'">
<small>Quantity </small><input type="text" size="2" placeholder="1" name="add_quantity">
<input type="submit" name="add_clicked" class="button" value="Add to Cart">
</form>';
?>
Upon submission, the URL redirects to cart.php but only includes the query string, but leaves out the item id and the action=add.
Supposing I typed '2' in the quantity box, the URL looks like this cart.php?add_quantity=2 and nothing after that.
Would appreciate help!
Thanks!
When you submit a form via GET, the form data submission process will overwrite any existing query string that might be set in the address you put into the action attribute.
Use hidden form fields instead to transport your additional values.
(And as #Simon already said in his comment, go read up on what you have to do to prevent XSS when outputting data that was send from the client before.)
Submitting a form with GET will overwrite any query string you'd put in the url (I'm not sure what you wanted to do with your $_SERVER['QUERY_STRING'] though as that would give the query string used to access the page where your form is.
What you'll want to do is to use hidden input fields in your form for your action and item_id attributes.
<form method="GET" action="cart.php">
<input type="hidden" name="action" value="add"/>
<input type="hidden" name="item_id" value="<?=$data->item_id?>"/>
<small>Quantity </small><input type="text" size="2" placeholder="1" name="add_quantity">
<input type="submit" name="add_clicked" class="button" value="Add to Cart">
</form>
Upon submission this will go to the url cart.php?action=add&item_id=1234&add_quantity=2
Alternatively you could (and most likely should) submit the form via POST; then any data in the form will be sent as POST parameters and the query string parameters defined in your action will be kept.
Pass the info in the query strings via a hidden field. So let's assume you're passing the account number in the query string, it would look like this:
<input type="hidden" name="account_number" value="$account_number">
I have mysql table members with columns id, user, password, and verified
When a user logs in, using user and password (compared against members-db) they are presented with a form. The form gathers info to be manually checked by an admin.
Upon submitting the form, it will send an email to admin with all the details to manually confirm.
The problem that I am hitting is that admin wants the email to contain a link that will enable him to update the verified field in members table upon clicking. I need to send a previously stored variable with the form to do so. That way I have a link to the members table.
For example, If I store $user_id as the id of whichever row I need to update, and I could send it forward with the form, then I could just use the UPDATE feature WHERE id = $user_id
Here is my form ...
<form method="post" name="verify_form" action="../includes/verify.php">
Website for Online Verification: <input type="text" name="webpage" id="webpage" /><br />
Identification Number: <input type="text" name="number" id="number" /><br />
Expiration Date: <input type="text" name="expire" id="expire" /><br />
<input type="submit" value="Verify Me!" onclick="return vformhash(this.form, this.form.webpage, this.form.number, this.form.expire);" />
<input type="reset" value="Clear Form" />
</form>
Is there a way to send my previously captured $user_id to the verify.php page when user submits?
You could use a hidden field:
<input type="hidden" name="userid" value="<?php echo $user_id; ?>" >
You can use:
<input type='hidden' name='user' value=<?php echo $user_id; ?>>
inside the form.
You could send it in url like
$url = "verify.php?user_id=" . $ user_id;
And access it in verify.php page by
$ user_id = $_GET ['user_id'];
You can use hidden fields: <input type="hidden"....
If the information is sensitive, you should not put it in those hidden fields, but rather store it in the session or otherwise on your server. You can then use a hidden field to store a key that you can use to find those values again later.
If you would use regular session variables, without a key in the form, you might get the issue of finding the wrong value if the user has multiple forms open in multiple tabs.
Two options:
Change your for tag to pass the ID as a GET param :
action="../includes/verify.php?user_id=123"
-or-
Add a hidden field :
<input type="hidden" name="user_id" id="user_id" value="123" />
You will be able to access this value with either $_GET['user_id'] for option #1, or $_POST['user_id'] for option #2 within your PHP script.
When the user logs in, save their ID in a session value such as $_SESSION["userID"]. Then in verify.php you can access $_SESSION["userID"]. It's cleaner than passing the ID back and forth as parameters.
Here's what I'm looking to accomplish. When a user creates a profile they fill out some information with a form. After they submit the form the information is displayed on their profile. One of the form fields is going to be a button that other users can click to do an action. To display the button this is the PHP I currently have:
add_action('kleo_bp_after_profile_name', 'my_profile_button');
function my_profile_button()
{
echo 'Talk';
}
I need to input the form information into the href="#" spot. Does anyone know a way around this?
Thanks.
It sounds like you want to simply submit a form that a user fills out. If that is the case, you can't use a link, but you need to use a button:
<form action="submitpage.php" method="post">
Name: <input type="text" />
<input type="submit" value="Some Text" />
</form>
or
<form action="submitpage.php" method="post">
Name: <input type="text" />
<button type="submit" class="success button radius show-for-small">Some Text</button>
</form>
Sure, if you have captured that information with a POST variable, named 'redirect' for example, you could use it to generate a button. The problem is that I don't understand very well what you mean with be put into href="#" spot, because buttons don't have that property, so I write you the code to use it on a redirection which is done at clicking the button:
<input type="button" value="submit" onclick="location.href='<?php echo $_POST["redirect"];?>';">
If you want to use information in a link, which actually have href property use this:
<a id="link" href="<?php echo $_POST['redirect'];?>">Text of the link</a>
Let's say I have a form that looks like this:
<form action="/script.php" method="post">
<input name="my_input" length="80" />
<input type="submit" value="submit" />
</form>
Now I also want to include a numeric identifier - call it a ticket id. "Here's the ticket history, do you want to add something?" The user can't modify that.
My question is...what is the safest way to get that ticket id in the form submission?
No problem accomplishing it, but my question is around security. So here are the ways to get a variable back that I can think of:
<form action="/script.php" method="post">
<input name="my_input" length="80" />
<input type="hidden" name="ticket_id" value="12345" />
<input type="submit" value="submit" />
</form>
or
<form action="/script.php?ticket_id=12345" method="post">
<input name="my_input" length="80" />
<input type="submit" value="submit" />
</form>
I'm concerned that someone could craft a malicious POST and submit it and append their comments to a different ticket. i.e., compose a POST from their own server/browser/tool. If I was doing this with GET then they certainly could do that just by changing the url vars - it's possible to do that also with POST too, right?
I can check that the user owns that ticket of course and do some other validation, but fundamentally, how do you present data to a user and safely get it back again in an HTML form?
Is there something other than creating a unique serial number ("FORM 12345 should present ticket id 6789") record on the server side and then checking it back?
I'm using PHP & MySQL on the backend though I'm not sure my question is specific to those technologies.
use session
form.php
<?
session_start();
$_SESSION['ticket_id'] = '1234';
?>
script.php
<?
session_start();
$ticket_id = $_SESSION['ticket_id'];
?>
The problem I have is that I have multiple submit inputs in a single form. Each of these submit inputs has a different value and I would prefer to keep them as submit.
Whenever the user presses Enter, it is as though the topmost submit input is being pressed, and so it is causing problems for the code checking which input was clicked.
Is there a way for PHP to determine whether or not the input was clicked, or was just the input that was selected when the user pressed the Enter key?
You can identify which button was used provided you structure your HTML correctly
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Preview">
<input type="submit" name="action" value="Post">
The $_POST array (or $_GET/$_REQUEST) will contain the key "action" with the value of the enacted button (whether clicked or not).
Now, "clicking" is explicitly a client-side behavior - if you want to differentiate between a click and a keypress, you'll need to add some scripting to your form to aid in that determination.
Edit
Alternatively, you can be "sneaky" and use a hidden submit that should correctly identify a key-pressed for submission, but this probably has some significant impact on accessibility.
<?php
if ( 'POST' == $_SERVER['REQUEST_METHOD'] )
{
echo '<pre>';
print_r( $_POST );
echo '</pre>';
}
?>
<form method="post">
<input type="text" name="test" value="Hello World">
<input type="submit" name="action" value="None" style="display: none">
<input type="submit" name="action" value="Edit">
<input type="submit" name="action" value="Preview">
<input type="submit" name="action" value="Post">
</form>
Roberto,
PHP is server-side technology and therefore runs on the server - so there is no way for it to determine what keys where pressed at the client (aka the user). That is, of course, unless you specifically code the client-side to include such information with the server requests (posting form data is a form of request too).
One way to accomplish that is by using Javascript in your client code.
See this page as a starting point regarding handling form submit events using Javascript.
http://www.w3schools.com/jsref/jsref_onSubmit.asp
You may also have to add a listener for key press events on your page in order to capture the user pressing the Enter key and then recording this information.
http://www.howtocreate.co.uk/tutorials/javascript/domevents offers a discussion on the topic of adding/removing event listeners in Javascript but you have to be very careful when using events because improperly used they can be the source of memory leaks which are hard to debug and cause for unhappy users :)
PHP alone can't determine how the form submit event was triggered, because that happens on the client-side while PHP is a server-side language. You'd have to implement Javascript to listen for -- and log to the server-side -- key presses and mouse clicks, and then analyze that data to find what you're looking for.
Now, PHP can tell which submit input was triggered, as it will appear in the form data while the others will not. Most browsers make the first submit input the default (the one that is triggered on an Enter key press). You could re-order all your submits so as to control which submit is triggered.
PHP can't really know what happened on the client side.
I'd recommend using javascript. When the user do the action, catch it and store it in an hidden field that will be submited with the form. You can also keep track of what input is active and store it in an hidden field.
The code would go a bit like that (i didnt checked the syntax)
<input type="text" onfocus="setCurrent(this)" id="1" />
<input type="hidden" id="hid" />
function setCurrent(o){
$('hid').value = o.id;
}
I think that playing around with events catching and hidden fields should give you the result that you want.
Hope that helps
It's how you write the markup on the client side.
For example, here is one (non-XHTML) way you could do this:
In the HTML file:
<form method="post" action="myform.php" id="myform">
... form items here ...
<input type="submit" name="enter_key" value="true" style="display:none">
<input type="hidden" name="pressed_button" id="pressed_button" value="false">
<input type="button" value="Submit"
onclick="document.getElementById('pressed_button').value='true';document.getElementById('myform').submit();">
</form>
In myform.php:
if ($_POST['pressed_button']=='false') {
// Logic for enter key
} else {
// Logic for button press
}