Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hello,

 

Is it possible to have two form submissions on one page? I would lke my user to be able to delete or edit their record on the same page. So far my code almost works however, I am now wondering if I am trying to do something that can't be done.

 

The user accesses their record from a list on another page. Then the information is passed through an id in a URL to a page where the record is displayed in full.

 

Thanks,

 

Marie

Link to comment
Share on other sites

You can have multiple forms on a single page. In your instance, you can implement the functionality in a number of different ways e.g. include a checkbox for deletion and then your form processor can check if that checkbox isset. this method only involves one form. Post your code and specify what happens and we might be able to offer more help.

Link to comment
Share on other sites

Hello:

 

If someone hits submit for the editing portion WITHOUT changing anything, then I get a "user could not be updated due to a system error and then an "undefined Index: sure" in place of the form to delete the page. If someone updates the update form then it gets updated but I still get the "undefinied index: sure" error in place of the form to delete the page. The code APPEARS to work only when the person actually deletes or not deletes their post so when they the second submit button page appears to be functioning properly.

 

Following is my code:

 

<?php

 

// Check for a form submission:

if ($_SERVER['REQUEST_METHOD'] == 'POST')

 

// Check for an optimal name:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['optimal'])) {

if (!empty($_POST['optimal'])) {

$o = mysqli_real_escape_string ($connect, $_POST['optimal']);

} else {

$errors['optimal'] = 'Please enter an optimal name.';

}

 

// Check for an alternate code:

//if (preg_match ('/^[A-Z0-9-0 \'.-]{2,10}$/i', $_POST['alternate'])) {

if (!empty($_POST['alternate'])) {

$a = mysqli_real_escape_string ($connect, $_POST['alternate']);

} else {

$errors['alternate'] = 'Please enter an alternate code.';

}

 

// Check for a amount:

//if (preg_match ('/^[A-Z0-9-0 $]{2,30}$/i', $_POST['amount'])) {

if (!empty($_POST['amount'])) {

$m = mysqli_real_escape_string ($connect, $_POST['amount']);

} else {

$errors['amount'] = 'Please enter the amount.';

}

 

// Check for a currency:

//if (preg_match ('/^[A-Z0-9-0 $]{2,10}$/i', $_POST['currency'])) {

if (!empty($_POST['currency'])) {

$c = mysqli_real_escape_string ($connect, $_POST['currency']);

} else {

$errors['currency'] = 'Please enter the currency';

}

 

// Check for a tiimeframe:

//if (preg_match ('/^[A-Z0-9-0 \'.-]{2,40}$/i', $_POST['timeframe'])) {

if (!empty($_POST['timeframe'])) {

$t = mysqli_real_escape_string ($connect, $_POST['timeframe']);

} else {

$errors['timeframe'] = 'Please enter when this happened';

}

 

// Check for a location:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['location'])) {

if (!empty($_POST['location'])) {

$l = mysqli_real_escape_string ($connect, $_POST['location']);

} else {

$errors['location'] = 'Please enter the location.';

}

 

// Check for a description:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['description'])) {

if (!empty($_POST['description'])) {

$d = mysqli_real_escape_string ($connect, $_POST['description']);

} else {

$errors['description'] = 'Please enter a description.';

}

 

if (empty($errors)) { // If everything's OK...

 

// Make the query:

$q = "UPDATE pages SET optimal='$o', alternate='$a', amount='$m', currency='$c', timeframe='$t', location='$l', description='$d' WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3a>Your information has been edited.</h3a></p>';

 

} else { // If it did not run OK.

echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.

echo '<p>' . mysqli_error($connect) . '<br />Query: ' . $q . '</p>'; //

 

// Retrieve the user's information:

$q = "SELECT id, optimal, alternate, amount, currency, timeframe, location, description FROM pages WHERE id=$id";

$r = @mysqli_query ($connect, $q);

 

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

 

// Get the user's information:

$row = mysqli_fetch_array ($r, MYSQLI_NUM);

// Create the form:

 

echo '<form action="page.php" method="post">

 

<p>optimal:</p>

<input type="text" name="optimal" size="40" maxlength="15" value="' . $row[1] . '" /></p>

 

<p>Alternate:</p>

<input type="text" name="alternate" size="40" maxlength="40" value="' . $row[2] . '" /></p>

 

<p>Amount:</p>

<input type="text" name="amount" size="40" maxlength="30" value="' . $row[3] . '" /></p>

 

<p>Currency:</p>

<input type="text" name="currency" size="40" maxlength="60" value="' . $row[4] . '" /> </p>

 

<pTimeframe:</p>

<input type="text" name="timeframe" size="40" maxlength="40" value="' . $row[5] . '" /> </p>

 

<p>Location:</p>

<input type="text" name="location" size="40" maxlength="15" value="' . $row[6] . '" /></p>

 

<p>Description:</p>

<input type="textarea" name="description" size="60" maxlength="100" value="' . $row[7] . '" /></p>

 

 

<p><input type="submit" name="submit" value="Submit" /></p>

<input type="hidden" name="id" value="' . $id . '" />

</form>';

 

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

 

 

if ($_POST['sure'] == 'Yes') { // Delete the record.

 

// Make the query:

$q = "DELETE FROM pages WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3>The page has been deleted.</h3></p>';

 

} else { // If the query did not run OK.

echo '<p class="error">The Page could not be deleted due to a system error.</p>'; // Public message.

echo '<p>' . mysqli_error($connect) . '<br />Query: ' . $q . '</p>'; // Debugging message.

}

 

} else { // No confirmation of deletion.

echo '<p><h3>The Above Page has NOT been deleted.</h3></p>';

}

 

} else { // Show the form.

 

 

// Retrieve the user's information:

$q = "SELECT id, optimal, alternate, amount, currency, timeframe, location, description FROM pages WHERE id=$id";

$r = @mysqli_query ($connect, $q);

 

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

 

// Get the user's information:

$row = mysqli_fetch_array ($r, MYSQLI_NUM);

 

 

// Display the record being deleted:

echo "<h3>

Are you sure you want to delete your Page?</h3>";

 

// Create the form:

echo '<form action="page.php" method="post">

<input type="radio" name="sure" value="Yes" /> Yes

<input type="radio" name="sure" value="No" checked="checked" /> No

<input type="submit" name="submit" value="Submit" />

<input type="hidden" name="id" value="' . $id . '" />

</form>';

 

} else { // Not a valid user ID.

echo '<p class="error">This page has been accessed in error.';

}

}

}

?>

Link to comment
Share on other sites

You can have 2 forms on the same page but you must differentiate the processing in some way. For both the edit and the delete processing you check for $_SERVER['REQUEST_METHOD'] == POST. Really what you want to do is have 2 different checks - one for form 1 and one for form 2.

 

The error 'undefined sure index' is because you check for it before it has been defined. Alter the code to

if (isset($_POST['sure'])) {

$_POST['sure'] will only be set if it has been checked so you can then delete that record.

 

If you try to update a record without actually changing anything you won't get an error but mysqli_num_rows will return 0 rows because no rows have actually been updated.

 

A couple of suggestions if you don't mind:

  1. You are missing a curly brace after the first if conditional.
  2. It's really helpful if you comment your big nested ifs to quickly see where each one ends.
  3. I would suggest that you structure this as one form - having 2 forms makes the logic more complicated than it needs to be.

Link to comment
Share on other sites

The easiest way to have multiple forms on one page in my experience is to use a unique hidden field in each form that you check before processing the form. For example:

 

<form action="script.php" method="post">

 <input type="hidden" name="formType" value="1">

 <!-- Other input items here -->

 <input type="submit" value="Submit">

</form>

<form action="script.php" method="post">

 <input type="hidden" name="formType" value="2">

 <!-- Other input items here -->

 <input type="submit" value="Submit">

</form>

 

As we can see, both forms are submitting to the same script, but one form has a hidden input with the name formType and a value of 1, and the other has the same name but with a value of 2.

 

Now, when either form is submitted, you might do something like the following in script.php:

 

<?php

 if (isset($_POST['formType'])) {

   if ($_POST['formType'] === 1) {

     // Processing for form 1

   } else if ($_POST['formType'] === 2) {

     // Processing for form 2

   }

 }

?>

 

That all make sense?

Link to comment
Share on other sites

Okay, I have combined two forms into one and rearranged a few things. For the most part it works, however, I get error messages which arn't really needed.

 

Following is my code:

 

<?php

 

// Check for a form submission:

if ($_SERVER['REQUEST_METHOD'] == 'POST')

 

// Check for an optimal name:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['optimal'])) {

if (!empty($_POST['optimal'])) {

$o = mysqli_real_escape_string ($connect, $_POST['optimal']);

} else {

$EditpagesTBR_errors['optimal'] = 'Please enter an optimal name.';

}

 

// Check for an alternate code:

//if (preg_match ('/^[A-Z0-9-0 \'.-]{2,10}$/i', $_POST['alternate'])) {

if (!empty($_POST['alternate'])) {

$a = mysqli_real_escape_string ($connect, $_POST['alternate']);

} else {

$EditpagesTBR_errors['alternate'] = 'Please enter an alternate code.';

}

 

// Check for a amount:

//if (preg_match ('/^[A-Z0-9-0 $]{2,30}$/i', $_POST['amount'])) {

if (!empty($_POST['amount'])) {

$m = mysqli_real_escape_string ($connect, $_POST['amount']);

} else {

$EditpagesTBR_errors['amount'] = 'Please enter the amount.';

}

 

// Check for a currency:

//if (preg_match ('/^[A-Z0-9-0 $]{2,10}$/i', $_POST['currency'])) {

if (!empty($_POST['currency'])) {

$c = mysqli_real_escape_string ($connect, $_POST['currency']);

} else {

$EditpagesTBR_errors['currency'] = 'Please enter the currency';

}

 

// Check for a tiimeframe:

//if (preg_match ('/^[A-Z0-9-0 \'.-]{2,40}$/i', $_POST['timeframe'])) {

if (!empty($_POST['timeframe'])) {

$t = mysqli_real_escape_string ($connect, $_POST['timeframe']);

} else {

$EditpagesTBR_errors['timeframe'] = 'Please enter when this happened';

}

 

// Check for a location:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['location'])) {

if (!empty($_POST['location'])) {

$l = mysqli_real_escape_string ($connect, $_POST['location']);

} else {

$EditpagesTBR_errors['location'] = 'Please enter the location.';

}

 

// Check for a description:

//if (preg_match ('/^[A-Z \'.-]{2,40}$/i', $_POST['description'])) {

if (!empty($_POST['description'])) {

$d = mysqli_real_escape_string ($connect, $_POST['description']);

} else {

$EditpagesTBR_errors['description'] = 'Please enter a description.';

}

 

if (empty($EditpagesTBR_errors)) { // If everything's OK...

 

 

 

if ($_POST['sure'] == 'Yes') { // Delete the record.

 

// Make the query:

$q = "DELETE FROM pages WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3>The page has been deleted.</h3></p>';

 

} else { // If the query did not run OK.

echo '<p class="error">The Notice could not be deleted due to a system error.</p>'; // Public message.

echo '<p>' . mysqli_error($connect) . '<br />Query: ' . $q . '</p>'; // Debugging message.

}

 

} else { // No confirmation of deletion.

echo '<p><h3>The Above page has NOT been deleted.</h3></p>';

}

 

 

// Make the query:

$q = "UPDATE pages SET optimal='$o', alternate='$a', amount='$m', currency='$c', timeframe='$t', location='$l', description='$d' WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3a>Your information has been edited.</h3a></p>';

 

} else { // If it did not run OK.

echo '<p class="error">The user could not be edited due to a system error. We apologize for any inconvenience.</p>'; // Public message.

echo '<p>' . mysqli_error($connect) . '<br />Query: ' . $q . '</p>'; // Debugging message.

}

 

} // End of if (empty($errors)) IF.

 

// Retrieve the user's information:

$q = "SELECT id, optimal, alternate, amount, currency, timeframe, location, description FROM pages WHERE id=$id";

$r = @mysqli_query ($connect, $q);

 

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

 

// Get the user's information:

$row = mysqli_fetch_array ($r, MYSQLI_NUM);

 

} else { // Show the form.

}

 

// Create the form:

 

echo '<form action="page.php" method="post">

 

<p>optimal:</p>

<input type="text" name="optimal" size="40" maxlength="15" value="' . $row[1] . '" /></p>

 

<p>Alternate:</p>

<input type="text" name="alternate" size="40" maxlength="40" value="' . $row[2] . '" /></p>

 

<p>Amount:</p>

<input type="text" name="amount" size="40" maxlength="30" value="' . $row[3] . '" /></p>

 

<p>Currency:</p>

<input type="text" name="currency" size="40" maxlength="60" value="' . $row[4] . '" /> </p>

 

<pTimeframe:</p>

<input type="text" name="timeframe" size="40" maxlength="40" value="' . $row[5] . '" /> </p>

 

<p>Location:</p>

<input type="text" name="location" size="40" maxlength="15" value="' . $row[6] . '" /></p>

 

<p>Description:</p>

<input type="textarea" name="description" size="60" maxlength="100" value="' . $row[7] . '" /></p>

 

<h3> Are you sure you want to delete your page?</h3>

 

<input type="radio" name="sure" value="Yes" /> Yes

<input type="radio" name="sure" value="No" checked="checked" /> No

<input type="submit" name="submit" value="Submit" />

<input type="hidden" name="id" value="' . $id . '" />

 

</form>';

 

?>

Link to comment
Share on other sites

Yes, you are right. Sometimes I don't know how much or how little to put in these posts.

 

Following is the main portion of the code. I took out the bit of code that was showing up after the user deletes their page - the piece that was not needed. So right now it is working almost the way I would like, however, I would still like the user's page information to show up in the form after the user has deleted it from the database, just so that they know what they just deleted. Right now the form fields are blank after they delete it from the database. When I had the two forms separated, it was working that way, however, that was when I was getting the undefined index error.

 

Thanks,

 

Marie

 

==========================================

 

if ($_POST['sure'] == 'Yes') { // Delete the record.

 

// Make the query:

$q = "DELETE FROM pages WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3>The page has been deleted.</h3></p>';

 

} else { // If the query did not run OK.

echo '<p class="error">The page could not be deleted due to a system error.</p>'; // Public message.

echo '<p>' . mysqli_error($connect) . '<br />Query: ' . $q . '</p>'; // Debugging message.

}

 

} else { // No confirmation of deletion.

echo '<p><h3>The page below has NOT been deleted.</h3></p>';

}

 

// Make the query:

$q = "UPDATE pages SET optimal='$o', alternate='$a', amount='$m', currency='$c', timeframe='$t', location='$l', description='$d' WHERE id=$id LIMIT 1";

$r = @mysqli_query ($connect, $q);

if (mysqli_affected_rows($connect) == 1) { // If it ran OK.

 

// Print a message:

echo '<p><h3a>Your information has been edited.</h3a></p>';

 

} // End of if (empty($errors)) IF.

 

}

 

// Retrieve the user's information:

$q = "SELECT id, optimal, alternate, amount, currency, timeframe, location, description FROM pages WHERE id=$id";

$r = @mysqli_query ($connect, $q);

 

if (mysqli_num_rows($r) == 1) { // Valid user ID, show the form.

 

// Get the user's information:

$row = mysqli_fetch_array ($r, MYSQLI_NUM);

 

} else { // Show the form.

}

Link to comment
Share on other sites

For obvious reasons, you cannot retrieve a record from the DB after it has been deleted.

 

In general, I do not recommend deleting any data from the DB unless there is some legal requirement to do so, etc.

Whenever you want to delete a record, instead of deleting it, why not add an extra field to your table that serves as an active/inactive flag? When a user wants to delete a record, instead of actually deleting it, you could change the flag to inactive, so that the data can no longer be accessed.

 

By doing that, you can easily retrieve the "deleted" data for confirmation purposes, even after it has been made inactive.

 

If you actually want to delete the data, you will have to store the relevant data in a cookie or session before deleting it, in order to still have access to it after it has been deleted.

Link to comment
Share on other sites

Yes, it makes sense that the information would not be in the database. I thought about this later and I don't know how the form was "working" before. The form seemed to retain the information thus allowing the page to state something along the lines that the following information has been deleted.

 

However, it makes sense to make a user and / or their information inactive in case they deleted in error or want to reactive their information at a later date or whatever.

 

Thanks for posting your ideas.

 

Marie

Link to comment
Share on other sites

No problem.

It's always hard to figure out why buggy code "magically" works sometimes, but generally it's either something you overlooked or the browser doing something weird, like caching old code, even though you've since updated the file and refreshed the page.

 

It can be tricky, for sure.

Good luck with your project!

Link to comment
Share on other sites

  • 1 month later...

Hello All,

 

Just wondering about making a user inactive. Do I create an inactive field in the various tables that holds their information? Does this mean that each query has to be screened for inactive or active users? OR do I move all the inactive information into another table? OR when my user cancels do I use the REVOKE command?

 

Marie

Link to comment
Share on other sites

Just one general suggestion, Marie. I see you use preg_match() for pretty much everything, even for things like currency, etc. It would be better to deploy some other functions for validation there, like is_numeric() and checkdate() for dates. There's really not much point in using preg_match() on regular strings like location either. What happens if I try to type "Lillestrøm", my home town, in there? :)

 

As a general tip, validate against data that will break your application. Just make sure it's safe to use in the right context. (For example in a db) Not data submitted by an idiot. There is not really any way to screen away foolish input from a user.

  • Upvote 1
Link to comment
Share on other sites

Yes, I understand. Thanks for the info. I was keeping that page fairly loose to make it easier to the user to enter whatever they would like to enter, however, it make sense to use the proper validation with the right form field. I will have to go through all my pages and clean them up, I think.

 

So you are saying with Lilestrøm the ø may not come out properly. That is a real possibility and one that may be frustrating for my user. The other users who may see their posts have to understand what is going on as well.

 

Marie

Link to comment
Share on other sites

It's because you only allow letters from a-z in your preg_match() regular expression. As a general suggestion, filter more than do validation on Strings. You can't really force how the user should write input except when there's a strict pattern (and that's rare). Things like short names for states "NY (new york) might be possible, but still tricky.

 

Using mysql_real_escape_string(), strip_tags(), trim() and other filter functions to prevent injection of script tags and prevent SQL injection is really the best thing to do on strings. Other than that, leave the user free to send in something silly, simple because it's impossible to guard against.

 

If you really need to force certain charachters, I would suggest something more like the ctype functions. http://www.php.net/manual/en/ref.ctype.php

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...