473,325 Members | 2,608 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

Question on best practice for allowing edits of lists

I want to provide users a page where they can browse entries in a database
10 at a time, for example. I am doing this as a table, where each row is a
database entry. I want to be able to give the user the ability to modify
entries. By either clicking on a link or a button on each row, I want the
user to be sent to another page to edit that entry.

What is the best way to track which entry the user is wanting to edit?

Thanks for ideas...
Jul 28 '05 #1
5 1697
rik
Make each entry in the table a hyperlink with the querystring
containing a primary key reference.

<a href='edit_entry.php?id=1'>Edit This Entry</a>

On the edit_entry.php page read the primary key in and use it to find
the item you are wanting them to edit.

Using a form is also easy and just involves having a hidden variable
storing the primary key id in it.

In terms of which is best, I'd only use a form when I need lots of info
to be passed (such as on the edit_entry.php page where you will hae a
number of fields to update). Having a big grey button at the end of
each row will also detract from the text contained in the row so would
be less visually pleasing (especially 10 or so unerneath one another).

Either way is fine though, just a preference of mine.

Rick

Jul 28 '05 #2
rik
Make each entry in the table a hyperlink with the querystring
containing a primary key reference.

<a href='edit_entry.php?id=1'>Edit This Entry</a>

On the edit_entry.php page read the primary key in and use it to find
the item you are wanting them to edit.

Using a form is also easy and just involves having a hidden variable
storing the primary key id in it.

In terms of which is best, I'd only use a form when I need lots of info
to be passed (such as on the edit_entry.php page where you will hae a
number of fields to update). Having a big grey button at the end of
each row will also detract from the text contained in the row so would
be less visually pleasing (especially 10 or so unerneath one another).

Either way is fine though, just a preference of mine.

Rick
www.e-connected.com

Jul 28 '05 #3
One concern with the process of editing records is simultaneous
editing.

That is user A clicks on the link and begins editing..

Then user B, a quicker sort of person, does the same thing and SAVES
FIRST.

User A is still on the form page, plodding along and finally finishes
and hits the SAVE button, overwriting B's changes.

The classic rule is that you shouldn't be able to save over a record
that has been edited underfoot.

The easiest way to check this is to use a timestamp field (I'm using
mySQL vernacular) -- that is, a field whose date is set every time the
record is saved. (You can use a conventional date field and manually
set it to now() using SQL every time you save. I tend to call this
field "updated" by convention.

Load the old 'updated' field into a hidden field on the form.

The form will submit to a save_record.php page (or some such) and on
this page, BEFORE YOU SAVE, do a SELECT to determne the records'
current value for 'updated'. if it is different from the 'updated'
value that the record had when you loaded it, don't resave the data.
give the user an error message ("Your record has been edited by someone
else; your changes haven't been made. ) and return them to the list
view. If they want, they can click on the record and edit it again.

Also, in the event that someone else has deleted the record, you might
want to check that there is a record in the system with the current ID.
Ideally you'd have a "check out" system that prevented user B from
opening the record when user A was editing it, but in the web
environment it's very problematic to do this because its tough to
determine when the user has shifted gears (left the edit page without
saving the record) so "stale checkouts" are common.

These security measures are most necessary in data held in common by
several users. Private records like BLOG pages or user_ID records
probably don't need asynchronous edit protection.

Jul 28 '05 #4
SOR
<comp.lang.php , Mark Feller , mj***@lycos.com>
<35***************@newssvr33.news.prodigy.com>
<Thu, 28 Jul 2005 14:37:51 GMT>
I want to provide users a page where they can browse entries in a database
10 at a time, for example. I am doing this as a table, where each row is a
database entry. I want to be able to give the user the ability to modify
entries.


What if 2-3 users are editing the same 10 entrys at the same time .

- one user saves a entry
- another user saves the same entry 30 seconds later
Jul 28 '05 #5
On Thu, 28 Jul 2005 11:38:26 -0700, bingomanatee wrote:
One concern with the process of editing records is simultaneous editing.

That is user A clicks on the link and begins editing..

Then user B, a quicker sort of person, does the same thing and SAVES
FIRST.

User A is still on the form page, plodding along and finally finishes and
hits the SAVE button, overwriting B's changes.

The classic rule is that you shouldn't be able to save over a record that
has been edited underfoot.

The easiest way to check this is to use a timestamp field (I'm using mySQL
vernacular) -- that is, a field whose date is set every time the record is
saved. (You can use a conventional date field and manually set it to now()
using SQL every time you save. I tend to call this field "updated" by
convention.

Load the old 'updated' field into a hidden field on the form.

The form will submit to a save_record.php page (or some such) and on this
page, BEFORE YOU SAVE, do a SELECT to determne the records' current value
for 'updated'. if it is different from the 'updated' value that the record
had when you loaded it, don't resave the data. give the user an error
message ("Your record has been edited by someone else; your changes
haven't been made. ) and return them to the list view. If they want, they
can click on the record and edit it again.

Also, in the event that someone else has deleted the record, you might
want to check that there is a record in the system with the current ID.
Ideally you'd have a "check out" system that prevented user B from opening
the record when user A was editing it, but in the web environment it's
very problematic to do this because its tough to determine when the user
has shifted gears (left the edit page without saving the record) so "stale
checkouts" are common.

These security measures are most necessary in data held in common by
several users. Private records like BLOG pages or user_ID records probably
don't need asynchronous edit protection.


Why suggest a method that you admit doesn't work? You *don't* need a
timestamp at all ( although it's always handy ). What you need is the
values for all editable fields at the time the update window was opened.

So, stuff a copy of each of these fields into a hidden field or session
var, and then, at update time, check to see that all of those values are
still the same as those stored in the database for the entry in question.

If they've changed, then you can use logic to see whether any of the
current changes are logical, and see how clever you can be in resolving
the problem. Personally, I'd be braindead stupid and refuse, although you
could probably get away with silently ignoring the update if the changes
to be made have all been done by someone else.

The overhead of checking many fields rather than one will never be that
big. As the changes are being made manually, and people don't type that
fast - you'll only ever have a slack handful of changes to make to a
single record.

No stale anything - guaranteed success ( assuming that the select / update
method is atomic, which it isn't ).

My $0.02,

Steve
Jul 29 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

26
by: djw | last post by:
Hi, Folks- I have a question regarding the "proper" use of try: finally:... Consider some code like this: d = Device.open() try: d.someMethodThatCanRaiseError(...) if SomeCondition: raise...
9
by: Henning Kage | last post by:
I'm using Python only for some months now and I'm wondering, whether such assignments as above are creating bitwise copies of an object or just recieve a reference. That means I wanted to know,...
9
by: Dave H | last post by:
Hello, I have a query regarding definition lists. Is it good practice semantically to use the dt and dd elements to mark up questions and answers in a frequently asked questions list, or FAQ? ...
5
by: Roger Bonine | last post by:
I'm working on a rewrite of our employee database. I plan to implement a fairly heavyweight base class, which includes 20 or 30 fields, including address and phone number collections and the like....
105
by: Christoph Zwerschke | last post by:
Sometimes I find myself stumbling over Python issues which have to do with what I perceive as a lack of orthogonality. For instance, I just wanted to use the index() method on a tuple which does...
6
by: Peter Oliphant | last post by:
I just discovered that the ImageList class can't be inherited. Why? What could go wrong? I can invision a case where someone would like to add, say, an ID field to an ImageList, possible so that...
7
by: CSharpguy | last post by:
I'm coding my first business web app in .NET 2.0 and its only a read only web app. I'm just pulling data from the database and allowing users to filter the data in the grids by using dropdowns....
13
by: Eric_Dexter | last post by:
All I am after realy is to change this reline = re.line.split('instr', '/d$') into something that grabs any line with instr in it take all the numbers and then grab any comment that may or may...
90
by: John Salerno | last post by:
I'm a little confused. Why doesn't s evaluate to True in the first part, but it does in the second? Is the first statement something different? False print 'hi' hi Thanks.
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.