-
Confirming Deletion?
I am doing an exercise from the book Build Your Own Database Driven Website Using PHP & MySQL.
In one assignment we are asked to create some kind of confirmation for the deletion of a record. Since the book do not give the solution do anyone have a suggestion?
On the Author page for instance I see:
Daniel Lamarche [ Edit ] [ Delete ]
Clicking the Delete link will confirm the deletion. Is there a way to display a form first asking "Are you sure?" when the user clicks the "Submit" button the deletion would proceed.
I do not wish to have the complete solution. Just an approach, a hint in the right direction. The author suggest using a multipurpose page for the confirmation and the deletion.
Thanks for your help.
D. Lamarche
-
Two ways of doing this, either use javascript to make a messagebox asking if you are sure or not, or when the delete function is called make a form that asks you if you are sure ^^
-
Ok -T- now that is a ... little bit of help. Thanks. Let's see now.
Would something like this work?
At the top of my page I would have something like:
<?php if (isset($_POST['submitted'])):
...
Here is the code to delete the record.
...
?>
<XHTML link to return to the previous page>
<?php else: ?>
<form> asking to confirm using <label> only I suppose.
<input type="submit" value="Submit" />
<input type="hidden" name="submitted" value="TRUE" />
</form>
<?php endif; ?>
<end of XHTML>
Would that make sense? I am not sure and I know nothing of Javascript.
D. Lamarche
-
yupp that works ^^
or you could shorten it down a little like this
PHP Code:
<?php
if($_POST) {
// delete code goes here
} else {
echo "<form action=\"\" method=\"POST\">";
echo "Are you sure you want to delete name? <input type=\"submit\" name=\"confirm\" value=\"confirm\" />";
echo "</form>";
}
?>
-
Confirming Deletion
For asking user confirmation while deleting record u can call following Javascript :
function confirmdelete(id)
{
var deletestatus = confirm('Are you sure you want to delete ? ');
if(deletestatus == true)
{
document.frmname.formvar.value=id;
document.frmname.submit();
}
}
And the above function can be called as below in html or php page :
<a href="#" onClick="confirmdelete(<?=$rec['id']?>);">Delete</a>
:)
-
Thank you very much -T- it works well. Also thanks to jagat_21. One day I will try this.
One last thing -T- I would like to specify the name of the author in the delete message. So I thought I would pass the name of the Author as an additional parameter after the ?id=$id but there seem to be a problem sending it. If I want to specify more than one parameter after the ? do I use a comma or another ? I tried a few things but it does not work when I use the $_GET['authorname'] in the other form.
Presently I use:
echo "<a href='deleteauthor.php?id=$id'>[Delete]</a>"
So how can I add the author name stored in $authorname after the ?id=$id so that the next form can display Are you sure to want to delete Daniel Lamarche from your database?
Thank you soo much for your time.
D. Lamarche
-
Personally I would just use the id and do a database call to get the author name. It's generally a bad idea to display input from url/forms on your website as it opens up for XSS exploits.
Of course you have to check the id if it has been tampered with. Easiest way of doing that is to check if it's an integer (if your ID is integer that is)
to check if it's integer do this:
PHP Code:
if ( ctype_digit( $_GET['id'] ) === false ) {
// we have an error, tell the user and stop the script
}
