473,406 Members | 2,356 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > help with $_post and $_server['php_self'] please.

Join Bytes to post your question to a community of 473,406 software developers and data experts.

Help with $_POST and $_SERVER['PHP_SELF'] please.

I am using values stored an $_POST array to display records from a table before
asking the user if he is sure he wants to delete them. If the user confirms then
the records are deleted. Without boring you with all of the code here is the
rough idea.

<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit'])) {
// Then display the records that were marked for deletion
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p align="center"><font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"><input type="submit" name="submit" value="Yes I want to delete
these records"></p>
</form>
<?php
}
else {
$query2="DELETE FROM Catalogue WHERE $delete";
mysql_query($query2) or die("Failed Query of " . $query2);
echo "Your records were successfully deleted";
}

Everything works fine up to the point where the user confirms that he wants to
delete the records. Then I get a failed delete query message as follows:

Warning: implode(): Bad arguments. in
mywebsite\user\htdocs\deleteselectedrecords.php on line 17
Failed Query of DELETE FROM Catalogue WHERE ( id = )

Since there are no values for id I can only assume that the original array held
within $_POST['delete'] is no longer stored when the page is refreshed after the
user has confirmed that he wants to delete the records. That being the case how
can I best code the page so that I can use an array in both instances. I'm
hazarding a guess that I may have to pass the array on by using something like
<input='hidden' etc etc>. That being the case how do I do that or is there a
better way of achieving my objective?

Hope that all makes sense.
Regards
Dynamo

May 19 '06 #1
7 2466
>I am using values stored an $_POST array to display records from a table before
asking the user if he is sure he wants to delete them. If the user confirms then
the records are deleted. Without boring you with all of the code here is the
rough idea.
You get a new $_POST on each form submission. You do not get
stuff left over from the previous form submission in it.
Since there are no values for id I can only assume that the original array held
within $_POST['delete'] is no longer stored when the page is refreshed after the
user has confirmed that he wants to delete the records. That being the case how
This is the way it's supposed to work. You shouldn't have left-over
crap from previous form submissions. Considering that some of that
data might be credit card numbers or passwords, that would be a horrible
insecurity.
can I best code the page so that I can use an array in both instances. I'm
hazarding a guess that I may have to pass the array on by using something like
<input='hidden' etc etc>. That being the case how do I do that or is there a
better way of achieving my objective?


Two possibilities are (1) store the ID in the session, or (2) put
the ID in a hidden field in the confirmation page form, so it shows
up in the new $_POST. Since it goes through the browser, remember
that this value can be hacked.

Always remember that you need to check whether the user has the
authority to delete the record *AT THE TIME THE CONFIRMATION IS
SUBMITTED*. You checked when generating the confirmation page?
Great, but that alone is not good enough.

Gordon L. Burditt
May 19 '06 #2
Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)
<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"><font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"><input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben
May 20 '06 #3
I kinda guessed that if I used a new php page that the original $_POST array
would be lost. However, I mistakenly thought that if I used $_SERVER['PHP_SELF']
as the action for the form that the array would still be stored. It appears that
that is not the case. So the problem remains of how to EASILY pass the array
from the first page to the next. I had already tried using

<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">

but it didn't work. When I debugged by using

<?php
echo "<pre>\n";
print_r($_POST['delete']);
echo "</pre>\n";
?>

on the second page all I got was the word "Array", hence when that was inserted
into the delete query I got

$query1 = "DELETE FROM Catalogue WHERE id = Array"

So I'm hazarding another guess that my hidden field input should be something
morelike this
<?php
for each (value stored in the array){
?>
<input type="hidden" name="delete[]" value="<?php echo (value stored in array);
?>">
<?php
}
?>

Only problem is I'm not sure what goes into the (value stored in array) part of
the code. Any help greatly appreciated. Is there an easier way of passing the
array?

Regards
Dynamo

In article <pa***************************@bens-house.org.uk>, Ben Holness
says...

Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)
<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">


** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"><font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"><input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben


May 20 '06 #4
Try this,

<?php
foreach ($_REQUEST['delete'] as $val){
?>
<input type="hidden" name="delete[]" value="<?php echo $val; ?>">
<?php
}
?>

Otherwise you can use sessions as Gordon mentions, which is more secure;

At the top of each page add the line

session_start();

When you get the delete array, add it to the session

$_SESSION['deleteArray']=$_REQUEST['delete'];

When you actually want to delete the items, use $_SESSION['deleteArray']

More information under sessions at php.net

Ben
May 20 '06 #5
Dynamo wrote:
I kinda guessed that if I used a new php page that the original $_POST array
would be lost. However, I mistakenly thought that if I used $_SERVER['PHP_SELF']
as the action for the form that the array would still be stored. It appears that
that is not the case. So the problem remains of how to EASILY pass the array
from the first page to the next. I had already tried using

<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">

but it didn't work. When I debugged by using

<?php
echo "<pre>\n";
print_r($_POST['delete']);
echo "</pre>\n";
?>

on the second page all I got was the word "Array", hence when that was inserted
into the delete query I got

$query1 = "DELETE FROM Catalogue WHERE id = Array"

So I'm hazarding another guess that my hidden field input should be something
morelike this
<?php
for each (value stored in the array){
?>
<input type="hidden" name="delete[]" value="<?php echo (value stored in array);
?>">
<?php
}
?>

Only problem is I'm not sure what goes into the (value stored in array) part of
the code. Any help greatly appreciated. Is there an easier way of passing the
array?

Regards
Dynamo

In article <pa***************************@bens-house.org.uk>, Ben Holness
says...
Dynamos comments are totally valid, but on the basis that you stripped all
that stuff out, you just need to add a hidden input here to make it work...

(Note: Example typed and not tested)

<?php
$delete = '( id = ' . implode(' OR id = ', $_POST['delete'] ) . ' ) ';
if (!isset($_POST['submit']))
{
// Then display the records that were marked for deletion ?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">


** Hidden input here **
<input type="hidden" name="delete" value="<?php echo $_POST['delete']; ?>">
<p> align="center"><font face="Arial" size="2"><b>Are you sure you wish to
continue?</b></font></p>
<p align="center"><input type="submit" name="submit" value="Yes I want
to delete these records"></p>
</form>


[snip]
Cheers,

Ben



Ben,

The problem here is:

value="<?php echo $_POST['delete'];

If $_POST['delete'] is an array, the result will be

value="Array"

in your page. You can see that if you view the source code for your page in
your browser.

Since $_POST['delete'] is an array, you have a couple of choices. You can
serialize the array before storing it, then use htmlentities() in case you have
other chars in the string (i.e. a " mark).

The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session();
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
May 20 '06 #6
Many thanks. Apart from a couple of false starts everything is now OK. First
time I tried your code I simply copied and pasted it and ended up with an
unknown function error. Although you correctly call it session_start() to begin
with, in the actual sample code you called it start_session(). Second time I
tried it I got a couple of warnings that headers had already been sent and that
the session could not be started. That was because I hadn't called the function
at the ABSOLUTE beginning of the page. I had

<?php
include("connect.php");
session_start();
?>

But when I changed it to

<?php
session_start();
include("connect.php");
?>

Everything was honky dory. I guess a little bit always needs to be left to the
programmer to sort out eh? :-)

Many thanks to all those that helped with this posting

Dynamo


In article <F9******************************@comcast.com>, Jerry Stuckle says...
The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session();
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].


May 20 '06 #7
Dynamo wrote:
Many thanks. Apart from a couple of false starts everything is now OK. First
time I tried your code I simply copied and pasted it and ended up with an
unknown function error. Although you correctly call it session_start() to begin
with, in the actual sample code you called it start_session(). Second time I
tried it I got a couple of warnings that headers had already been sent and that
the session could not be started. That was because I hadn't called the function
at the ABSOLUTE beginning of the page. I had

<?php
include("connect.php");
session_start();
?>

But when I changed it to

<?php
session_start();
include("connect.php");
?>

Everything was honky dory. I guess a little bit always needs to be left to the
programmer to sort out eh? :-)

Many thanks to all those that helped with this posting

Dynamo


In article <F9******************************@comcast.com>, Jerry Stuckle says...

The way I prefer is to store it in the session. Just call session_start() at
the beginning of each page where you need sessions (before ANY output -
including whitespace - is generated) and store it in the session, i.s.

<?php
start_session();
(perhaps other stuff here, i.e. validation code)
$_SESSION['delete'] = $_POST['delete'];
?>

Then the next time through you can get it from $_SESSION['delete'].



Sorry about the function name. I guess I shouldn't post before my first pot of
coffee :-).

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
May 21 '06 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
$_SERVER[PHP_SELF] and <SELECT>
by: Salve Håkedal | last post by:
When I select Februar here and sends, selection returns to Januar. I know why: no option is marked selected... But can php get this right in an easy way? <html><head><title>Part of a bigger...
PHP
13
Why no [fragment] in parse_url($_SERVER['PHP_SELF'])?
by: deko | last post by:
I'm trying to identify which named anchor is currently being viewed on a page. Although the address bar of my browser shows #whatever appended to the end of the url, I can't seem to find it in a...
PHP
3
Difference between $_SERVER['SCRIPT_NAME'] and $_SERVER['PHP_SELF']
by: Joshua Beall | last post by:
Hi All, What is the difference between $_SERVER and $_SERVER, and which is better to use? According to the CGI 1.1 spec (http://hoohoo.ncsa.uiuc.edu/cgi/env.html), SCRIPT_NAME is not...
PHP
10
form action = <?=$_SERVER['PHP_SELF']?> - stopped working
by: tHatDudeUK | last post by:
My form action code to submit values to itself have stopped working using the code form action = <?=$_SERVER?> This code used to work My web host recently told me they enabled phpsuexec...
PHP
10
$_SERVER['SCRIPT_NAME'] versus $_SERVER['PHP_SELF'] (or other?)
by: Jim Carlock | last post by:
Looking for a way to extract the path from the pfqpn (partially full qualified path name). $sThisServer = $_SERVER; // returns either aquaticcreationsnc.com or www.aquaticcreationsnc.com ...
PHP
5
Problem Getting Script's URL ($_SERVER['PHP_SELF'] not what I expected)
by: Tom | last post by:
I have a function that restricts access to a page to logged in users. When a user who isn't logged in goes to the page, it will dynamically generate a login form. I'm trying to use it in...
PHP
4
XSS / Cross Site Scripting Attacks Fixed $_SERVER['PHP_SELF'] ?
by: Jim Carlock | last post by:
Are the XSS / Cross Site Scripting attacks fixed in Version 4.44? I'm seeing that $_SERVER doesn't return the $_SERVER appended to it. I was just messing with a few things and noticed that...
PHP
4
$_SERVER[PHP_self]
by: vinnie | last post by:
can someone explain me with an easy example what the function for? I've read on the php.net, but didn;t really catch the point. I'm a newbie. Thanks
PHP
21
How to use $_SERVER['PHP_SELF'] properly
by: paitoon | last post by:
Hello there, The fuction $_SERVER; is nice to use but it so complicate for me... In my site to try to use this to add the information to database..but it work not correct because it will...
PHP
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!