can someone please tell me how to save a javascript rendered countdown timer to mysql db using PHP ?
e.g
I have this button, that when someone clicks it, the countdown appears and starts counting.
so yeah, that's my problem, what's the best way to do in order to ensure that
- the exact date/time(in unix format) the button got clicked will be saved in db?
is this possible with PHP ?
// this is the PHP and HTML
<?php foreach($task->result() as $row): ?>
<tr>
<td><a title="<?php echo $row->descr; ?>"
href="#"><?php echo $row->title; ?></a>
</td>
<td><input type = "button"
id =<?php echo $row->title; ?>
value = "Unlocked"
onmouseover = "asktolock(this.id)"
onclick = "lockme(this.id)">
</td>
<td><?php echo $row->assign_to; ?></td>
<td><a id="txt"></a></td>
</tr>
Have your button populate a hidden formfield with a timestamp when it is clicked. Set the form to POST to a PHP script which processes the formfields and stores them where you like.
ETA: So on your form you'll need a field like this (with a unique name) for every timestamp you wish to store:
<input type='hidden' name='mytimestamp_unique' id='mytimestamp_unique' value=''/>
And then you'll add some code to your javascript function to set the value of the corresponding "mytimestamp" field. Something like:
function lockme(id){
//parse the id to get the unique part of the id which is also the unique part of mytimestamp_unique
var $hiddenfield=getElementById('mytimestamp_' + $uniquepart);
$hiddenfield.value=new Date().getTime();
//do other lockme stuff
}
Related
I'd like to know if there is a way to pass a record id to another page without showing in the URL (using $_GET).
This is my code:
<table class="table table-bordered">
<thead>
<tr>
<td>#</td>
<td>Sigla</td>
<td>Nome</td>
<td>Bilancio</td>
<td>Responsabile</td>
<td>Azione</td>
</tr>
</thead>
<tbody>
<?php foreach ($rows as $row): ?>
<tr>
<td><?=$row['id']?></td>
<td><?=$row['sigla']?></td>
<td><?=$row['nome']?></td>
<td><?=$row['bilancio']?></td>
<td><?=$row['responsabile']?></td>
<td class="actions">
<a href="update.php?id=<?php echo $row['id']; ?>" class="edit">
<i class="fas fa-pen fa-xs"></i>
</a>
<a href="delete.php?id=<?php echo $row['id']; ?>" class="trash">
<i class="fas fa-trash fa-xs"></i>
</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
As you can see for each record i create an <href> with the redirect to the "delete" or "update", so i will pass the id via $_GET.
Is there a way to not show the id in the URL?
You need AJAX or a form
Using a link to delete is VERY dangerous since once viist from a crawler and your database is corrupt
I suggest something like this
delegate the click to the container table
use data-attributes for the ID
Ajax using POST - I use fetch to do that here
let fetchData = {
method: 'POST'
}
const url = "delete.php";
document.querySelector("form").addEventListener("click", function(e) {
const tgt = e.target;
if (tgt.classList.contains("trash") && confirm("Delete "+this.id+"?")) {
e.preventDefault();
fetchData["body"] = {
"id": this.getAttribute("data-id")
};
fetch(url, fetchData)
.then(function() {
console.log("deleted");
});
}
})
<a href="#" data-id="<?php echo $row['id']; ?>" class="trash">
<i class="fas fa-trash fa-xs"></i>
</a>
The id being shown in the URL is an absolute non-issue. That doesn't make the delete operation any more secure or insecure. What you have are one, perhaps two, other issues:
Any destructive operation must use POST requests. Normal links are free to be crawled by search engines, or preloaded by browsers. Which means, as soon as Google has crawled all your links, your database will be empty. That's why using POST is important, because every properly behaved HTTP client understands that POST is destructive.
If you're asking this question because you're afraid users can simply manipulate the id shown in the URL and delete other records they're not supposed to delete, then your real issue isn't in where you pass the id, but that you have no permission checking on your server.
For starters, use a form to create POST requests:
<form action="delete.php?id=<?php echo htmlspecialchars(urlencode($row['id'])); ?>"
method="post">
<input type="submit" value="Delete">
</form>
(Also note the proper way to URL-encode and HTML-encode the value, since you're embedding it in a URL in the context of HTML.)
On the PHP side, you'd process this something like this:
<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$id = $_GET['id'];
// permission checking here
// delete record here
}
Instead of transporting the ID as a query parameter, you could also make it a form field:
<form action="delete.php" method="post">
<input type="hidden" name="id" value="<?php echo htmlspecialchars($row['id']); ?>">
<input type="submit" value="Delete">
</form>
On the server you'd then take the value from $_POST['id'] instead of $_GET['id'].
Note that this does not fundamentally change anything and is mostly a matter of taste.
You can customise that drab submit button in various ways, or perhaps switch to more interactive Javascript; but those are all just ways to pretty up this basic operation.
You can do it by something like this https://laravel.com/docs/5.8/encryption
At back-end you have to encrypt all your parameters like the following code:
$encryptedParameters = encrypt([
'id' => 132,
'something' => 'value',
'another_key' => 'another_value',
]);
and then send this value to your html template.
At front-end if you want to do it by GET do something like this and your users can't see what are you sending to your back-end because it is encrypted:
and if you want to do it by POST you can do it by Ajax or by generating a form and putting this value as a hidden input inside it. and then when user clicked on this link at back-end you have to decrypt it and use it's values like the following code:
$decryptedParameters = decrypt($_GET['s']);
$id = $decryptedParameters['id'];
$something = $decryptedParameters['something'];
$another_key = $decryptedParameters['another_key'];
Convert the GET request to a Post using a hidden form submission, a preferred method is to encrypt the record id when submitting the data.
I have a table which I load with values from the database. The table has an update button which I want to pull specific data values from the database based on the id.
<tr>
<td><?php echo $result['id'];?></td>
<td><?php echo $rowcount ?></td>
<td><?php echo $result['Level Date'];?></td>
<td><?php echo $result['Recieve Date'];?></td>
<td><button type="button" name ="updateid" id="updateid" class="btn btn-primary" data-toggle="modal" data-target="#previous-detail-modal"> Update</button></td>
Can you advice on how I can get the value of $result['id'] of that particular row so I can use it in a function. Currently it keeps taking the last row count value
I tried many solutions reading the posts from others but I am not able to get the value. Would appreciate some help on this
Based on your comment:
I need the id on the client side
You can emit the ID from your PHP code onto the button itself as a data attribute, the same way you emit it anywhere else:
<button type="button" name="updateid" id="updateid" class="btn btn-primary" data-id="<?php echo $result['id'];?>" data-toggle="modal" data-target="#previous-detail-modal">Update</button>
Then in your client-side code, wherever you're handling the button click or otherwise identifying the button, you can pull the data attribute from that button. For example, if you have a reference to the element in a variable called myButton:
let id = myButton.dataset.id;
Edit: In a comment on the question you show the use of jQuery. In that case you might pull the data value with that:
let id = $('#updateid').data('id');
Is it possible to get the button ID? I have accumulated forms and I wanted to get the button clicked using the unique ID. The following scripts I used:
echo("<table><tr>
<td id=\"i\"><img src='presentations/uploaded_files/$name.png' alt='animal' width='50px' height='50px'/></td>
<td id=\"n\">$name</td>
<td id=\"d\">$dsc</td>
<td id=\"t\">$type</td>
<td id=\"g\">$grade</td>
<td id=\"b\">
<form enctype=\"multipart/form-data\" action=\"admin_update_animal.php\" method=\"POST\"><input type=\"submit\" value=\"Update\" name=\"update\" id=\"$name\"/></form></td>
</tr></table>");
I used the following when any of the button clicked:
if (isset($_POST['update'])) {
$f=trim($_POST['update']);
}
But I wanted to get which button clicked using its unique ID assigned.
I am very glad for a help. Thanks.
You cannot directly read the id of a control because name is passed to the server side script via any methods. You can use hidden input fields whose value can be the id of the button. This lets you know the id of the button in the server side.
This can be done as:-
<script type="text/javascript">
function createField(id)
{
var x = document.getElementById("hide");
var y = "<input type='hidden' name='iddetector' value='"+id+"'/>";
x.innerHTML = y;
return;
}
</script>
//maintain other stuffs here and now
<input type="submit" id="uniqueid" name="submit" value="submit"onClick="createField('uniqueid');return true;"/><br>
<div id="hide"></div>
You can detect the id of the button i the sever side as:-
<?php
$idButton = isset($_POST['iddetector'])?$_POST['iddetector']:NULL;
echo "The id of the button clicked is ".$idButton;
?>
What is passed via POST is the name of the control, not the id. To capture the ID you would be better off using JavaScript before submit.
The point is that you may have multiple controls in different places in the page with the same name (but different IDs) that perform the same task (like submit).
I had a hard time to formulate this question so it would be understandable, but here goes.
I have a page called apartments.php. On this page I list a number of rows from my database on apartments that you can show interest to rent.
The apartments are printed out like this:
<?php
foreach ($apartments as $apartment) { ?>
<tr>
<td><?php echo $apartment['apartments_room'] ?></td>
<td><?php echo $apartment['apartments_area'] ?></td>
<td><?php echo $apartment['apartments_rent'] ?></td>
<td><?php echo $apartment['apartments_address'] ?></td>
<td><?php echo $apartment['apartments_floor'] ?></td>
<td><?php echo $apartment['apartments_city'] ?></td>
<td><?php echo $apartment['apartments_freeFromDate'] ?></td>
<td>Apply!</td>
</tr>
<?php } ?>
Each apartment that gets printed out has its own button. When you press this button, a modal / popup will show.
And here's my problem.
When the modal pops up I want it to show the information of the apartment from witch I pressed the button.
So the data-reveal-id value from the button (that represent the specific apartment's db-id) is what I need to get into the modal divs id-value. Additionally I need to write out the address of that apartment (the db column 'apartments_address').
So this is how I need it to be:
<div id="HERE I NEED TO GET THAT ID" class="reveal-modal">
<h2>AND HERE I NEED TO PRINT OUT THE NAME OF THE ADDRESS</h2>
// Here i make room for an application form, but that's irrelevant...
</div>
This shouldn't be a hard thing, right? I hope you can help me out. Thanks!
(For more details if it matters, I'm using the modal of Foundation Zurb 4.)
First, your html isn't linking to a new page:
<a href="#" id="<?php echo $apartment['apartments_id'] ?>">
This should probably look something like this:
<a href="streetEdit.php?id=<?php echo $apartment['apartments_id'] ?>">
Then you can create a new php page named streetEdit.php
in that page, you can select the appropriate row from the database
$sql = "select * from myApartmentsTable where id = {$_GET['id']}";
See how the ID passed in the URL above shows up in $_GET?
next, do your query using the sql and output it on the page.
inside that you need an html form. Use a hidden input to keep track of the ID you are editing:
<form method="POST" action="updateStreet.php">
<input type="hidden" name="id" value="<?php echo $apartment['apartments_id'] ?>">
<input type="text" name="streetName" value="<?php echo $apartment['streetName'] ?>"
<input type="submit">
</form>
Then you need to write updateStreet.php. Since the form was POSTed you will use $_POST instead of $_GET
$id = $_POST['id'];
$streetName = $_POST['streetName'];
Note, you should use PDO for doing your sql queries
$sql = "update apartments set streetName = :name where id = :id";
$pdo = new PDO();
$stmt = $pdo->prepareStatement($sql);
$stmt->bindParam(':name', $streetName );
$stmt->bindParam(':id', $id);
http://php.net/manual/en/pdo.prepared-statements.php
This will prevent SQL injection attacks.. Ask further if you have more questions
I am working on an php file, winch shows an table with values of the database. every row has an imagebutton at the end, which should change the status, displayed with an image.
so I think short function of it all must be, on click go to script go to php or jQuery?
the buttons also have to give the id of the user to the next script or function, or os there a better way?
here is my basic approach, with no functionality, for the moment
in index.php
include("function.php");
while ($row_user = mysql_fetch_assoc($result_user)) {
$sqle = mysql_query("
SELECT COUNT(*) FROM
places2user
WHERE
user = '".mysql_real_escape_string($row_user['ID'])."'
");
$res23 = mysql_fetch_array($sqle);
echo <table>
echo <tr>
echo "<td>".$row_user['ID']." </td><td><input type=\"image\" src=\"images/".htmlentities($row_user['receive'], ENT_QUOTES)."\" id=\"status\" name=\"status\" ></td>
echo </tr>
echo </table>
}
there is also a function.php, with a changestatus($id) function, which updates the database values, but I think, this is not the right way to code this.
While programming, don't rely on javascript only. I always create form using just html and css, make sure it works, and than add fancy stuff with jQuery or so. This way you know the form will also work without javascript (great for users without it).
But to come to your question:
if you use this, it should do what you want:
<?php echo "<form action='?' method='post'>
<table>
<tr>
<td>".$row_user['ID']." </td>
<td><input type='hidden' name='userId' value='".$row_user['ID']."'/>
<input type=\"image\" src=\"images/".htmlentities($row_user['receive'], ENT_QUOTES)."\" id=\"status\" name=\"status\" ></td>
</tr>
</table></form>";