473,776 Members | 1,665 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Help with $_POST and $_SERVER['PHP_SELF'] please.

I am using values stored an $_POST array to display records from a table before
asking the user if he is sure he wants to delete them. If the user confirms then
the records are deleted. Without boring you with all of the code here is the
rough idea.

<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit'])) {
// Then display the records that were marked for deletion
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center"> <font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"> <input type="submit" name="submit" value="Yes I want to delete
these records"></p>
</form>
<?php
}
else {
$query2="DELETE FROM Catalogue WHERE $delete";
mysql_query($qu ery2) or die("Failed Query of " . $query2);
echo "Your records were successfully deleted";
}

Everything works fine up to the point where the user confirms that he wants to
delete the records. Then I get a failed delete query message as follows:

Warning: implode(): Bad arguments. in
mywebsite\user\ htdocs\deletese lectedrecords.p hp on line 17
Failed Query of DELETE FROM Catalogue WHERE ( id = )

Since there are no values for id I can only assume that the original array held
within $_POST['delete'] is no longer stored when the page is refreshed after the
user has confirmed that he wants to delete the records. That being the case how
can I best code the page so that I can use an array in both instances. I'm
hazarding a guess that I may have to pass the array on by using something like
<input='hidde n' etc etc>. That being the case how do I do that or is there a
better way of achieving my objective?

Hope that all makes sense.
Regards
Dynamo

May 19 '06 #1
7 2491
>I am using values stored an $_POST array to display records from a table before
asking the user if he is sure he wants to delete them. If the user confirms then
the records are deleted. Without boring you with all of the code here is the
rough idea.
You get a new $_POST on each form submission. You do not get
stuff left over from the previous form submission in it.
Since there are no values for id I can only assume that the original array held
within $_POST['delete'] is no longer stored when the page is refreshed after the
user has confirmed that he wants to delete the records. That being the case how
This is the way it's supposed to work. You shouldn't have left-over
crap from previous form submissions. Considering that some of that
data might be credit card numbers or passwords, that would be a horrible
insecurity.
can I best code the page so that I can use an array in both instances. I'm
hazarding a guess that I may have to pass the array on by using something like
<input='hidden ' etc etc>. That being the case how do I do that or is there a
better way of achieving my objective?


Two possibilities are (1) store the ID in the session, or (2) put
the ID in a hidden field in the confirmation page form, so it shows
up in the new $_POST. Since it goes through the browser, remember
that this value can be hacked.

Always remember that you need to check whether the user has the
authority to delete the record *AT THE TIME THE CONFIRMATION IS
SUBMITTED*. You checked when generating the confirmation page?
Great, but that alone is not good enough.

Gordon L. Burditt
May 19 '06 #2
Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)
<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"> <font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"> <input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben
May 20 '06 #3
I kinda guessed that if I used a new php page that the original $_POST array
would be lost. However, I mistakenly thought that if I used $_SERVER['PHP_SELF']
as the action for the form that the array would still be stored. It appears that
that is not the case. So the problem remains of how to EASILY pass the array
from the first page to the next. I had already tried using

<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">

but it didn't work. When I debugged by using

<?php
echo "<pre>\n";
print_r($_POST['delete']);
echo "</pre>\n";
?>

on the second page all I got was the word "Array", hence when that was inserted
into the delete query I got

$query1 = "DELETE FROM Catalogue WHERE id = Array"

So I'm hazarding another guess that my hidden field input should be something
morelike this
<?php
for each (value stored in the array){
?>
<input type="hidden" name="delete[]" value="<?php echo (value stored in array);
?>">
<?php
}
?>

Only problem is I'm not sure what goes into the (value stored in array) part of
the code. Any help greatly appreciated. Is there an easier way of passing the
array?

Regards
Dynamo

In article <pa************ *************** @bens-house.org.uk>, Ben Holness
says...

Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)
<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">


** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"> <font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"> <input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben


May 20 '06 #4
Try this,

<?php
foreach ($_REQUEST['delete'] as $val){
?>
<input type="hidden" name="delete[]" value="<?php echo $val; ?>">
<?php
}
?>

Otherwise you can use sessions as Gordon mentions, which is more secure;

At the top of each page add the line

session_start() ;

When you get the delete array, add it to the session

$_SESSION['deleteArray']=$_REQUEST['delete'];

When you actually want to delete the items, use $_SESSION['deleteArray']

More information under sessions at php.net

Ben
May 20 '06 #5
Dynamo wrote:
I kinda guessed that if I used a new php page that the original $_POST array
would be lost. However, I mistakenly thought that if I used $_SERVER['PHP_SELF']
as the action for the form that the array would still be stored. It appears that
that is not the case. So the problem remains of how to EASILY pass the array
from the first page to the next. I had already tried using

<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">

but it didn't work. When I debugged by using

<?php
echo "<pre>\n";
print_r($_POST['delete']);
echo "</pre>\n";
?>

on the second page all I got was the word "Array", hence when that was inserted
into the delete query I got

$query1 = "DELETE FROM Catalogue WHERE id = Array"

So I'm hazarding another guess that my hidden field input should be something
morelike this
<?php
for each (value stored in the array){
?>
<input type="hidden" name="delete[]" value="<?php echo (value stored in array);
?>">
<?php
}
?>

Only problem is I'm not sure what goes into the (value stored in array) part of
the code. Any help greatly appreciated. Is there an easier way of passing the
array?

Regards
Dynamo

In article <pa************ *************** @bens-house.org.uk>, Ben Holness
says...
Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)

<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">


** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"> <font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"> <input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben



Ben,

The problem here is:

value="<?php echo $_POST['delete'];

If $_POST['delete'] is an array, the result will be

value="Array"

in your page. You can see that if you view the source code for your page in
your browser.

Since $_POST['delete'] is an array, you have a couple of choices. You can
serialize the array before storing it, then use htmlentities() in case you have
other chars in the string (i.e. a " mark).

The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session() ;
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
May 20 '06 #6
Many thanks. Apart from a couple of false starts everything is now OK. First
time I tried your code I simply copied and pasted it and ended up with an
unknown function error. Although you correctly call it session_start() to begin
with, in the actual sample code you called it start_session() . Second time I
tried it I got a couple of warnings that headers had already been sent and that
the session could not be started. That was because I hadn't called the function
at the ABSOLUTE beginning of the page. I had

<?php
include("connec t.php");
session_start() ;
?>

But when I changed it to

<?php
session_start() ;
include("connec t.php");
?>

Everything was honky dory. I guess a little bit always needs to be left to the
programmer to sort out eh? :-)

Many thanks to all those that helped with this posting

Dynamo


In article <F9************ *************** ***@comcast.com >, Jerry Stuckle says...
The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session() ;
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].


May 20 '06 #7
Dynamo wrote:
Many thanks. Apart from a couple of false starts everything is now OK. First
time I tried your code I simply copied and pasted it and ended up with an
unknown function error. Although you correctly call it session_start() to begin
with, in the actual sample code you called it start_session() . Second time I
tried it I got a couple of warnings that headers had already been sent and that
the session could not be started. That was because I hadn't called the function
at the ABSOLUTE beginning of the page. I had

<?php
include("connec t.php");
session_start() ;
?>

But when I changed it to

<?php
session_start() ;
include("connec t.php");
?>

Everything was honky dory. I guess a little bit always needs to be left to the
programmer to sort out eh? :-)

Many thanks to all those that helped with this posting

Dynamo


In article <F9************ *************** ***@comcast.com >, Jerry Stuckle says...

The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session() ;
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].



Sorry about the function name. I guess I shouldn't post before my first pot of
coffee :-).

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attgl obal.net
=============== ===
May 21 '06 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
9
3202
$_SERVER[PHP_SELF] and <SELECT>
by: Salve Håkedal | last post by:
When I select Februar here and sends, selection returns to Januar. I know why: no option is marked selected... But can php get this right in an easy way? <html><head><title>Part of a bigger page</title></head> <?php $form =" <form action=\"$_SERVER\" method=\"post\"> <select name=obs_mnd> <option value=\"Jan\">Januar</option> <option value=\"Feb\">Februar</option>
PHP
13
6116
Why no [fragment] in parse_url($_SERVER['PHP_SELF'])?
by: deko | last post by:
I'm trying to identify which named anchor is currently being viewed on a page. Although the address bar of my browser shows #whatever appended to the end of the url, I can't seem to find it in a variable. My efforts below return no value for ANYTHING except . Am I missing something? $url = parse_url($_SERVER); $scheme = ($url);
PHP
3
5473
Difference between $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF']
by: Joshua Beall | last post by:
Hi All, What is the difference between $_SERVER and $_SERVER, and which is better to use? According to the CGI 1.1 spec (http://hoohoo.ncsa.uiuc.edu/cgi/env.html), SCRIPT_NAME is not something specific to Apache (if I understand that correctly). But where does PHP_SELF come from? What creates that? According to http://php.net/reserved.variables, PHP has no control over the $_SERVER array. Quote:
PHP
10
15205
form action = <?=$_SERVER['PHP_SELF']?> - stopped working
by: tHatDudeUK | last post by:
My form action code to submit values to itself have stopped working using the code form action = <?=$_SERVER?> This code used to work My web host recently told me they enabled phpsuexec option in apache which apparently needs me to CHMOD my PHP page to 750 and the directory to 755. (I don't know what this means but know how to CHMOD files). I have CHMODed the
PHP
10
5267
$_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?)
by: Jim Carlock | last post by:
Looking for a way to extract the path from the pfqpn (partially full qualified path name). $sThisServer = $_SERVER; // returns either aquaticcreationsnc.com or www.aquaticcreationsnc.com $sThisServer = $_SERVER; // returns aquaticcreationsnc.com whether or not the end-user typed // in the preceding www.
PHP
5
2845
Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected)
by: Tom | last post by:
I have a function that restricts access to a page to logged in users. When a user who isn't logged in goes to the page, it will dynamically generate a login form. I'm trying to use it in conjunction with the free shared SSL certificate offered by my host. To use SSL, you would change a URL like this http://mydomain.com/page.php
PHP
4
5672
XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ?
by: Jim Carlock | last post by:
Are the XSS / Cross Site Scripting attacks fixed in Version 4.44? I'm seeing that $_SERVER doesn't return the $_SERVER appended to it. I was just messing with a few things and noticed that PHP_SELF returns only the page name now and without the $_GET query... http://blog.phpdoc.info/archives/13-XSS-Woes.html
PHP
4
2807
$_SERVER[PHP_self]
by: vinnie | last post by:
can someone explain me with an easy example what the function for? I've read on the php.net, but didn;t really catch the point. I'm a newbie. Thanks
PHP
21
10696
How to use $_SERVER['PHP_SELF'] properly
by: paitoon | last post by:
Hello there, The fuction $_SERVER; is nice to use but it so complicate for me... In my site to try to use this to add the information to database..but it work not correct because it will work every time i open that page or even i click to reflesh window......even i use funtion if or even i use window confirm msg....they can not help. please help me to explain what should i do with this to stop the script to not work before i sut mit...
PHP
0
9628
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
9464
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10122
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
0
9923
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
1
7471
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6722
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5497
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4031
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
3
2860
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us