javascript lightbox causes error when updating mysql table - javascript

I have created a comment-reply system for my blog in php. Comments are stored in a table called comments(comments_id, comment, comment_date, user, flag). I use a script which displays comments and near to each comment there is a link called "delete" in order for the user to delete its own comment in case want to do so.
my php script for displaying comments is :
<?php
// ... above code
$comments .= $row['comment']; // comment printed succesfully here
if($comment_user_id == $session_user_id){
$comments .="<table border='1' style='display:inline-table;'><td><h2><font size='2'>
<form action='deletepost.php' method='post'>
<input type='hidden' name='var' value='$comment_id;'>
<input type='submit' value='delete'>
</form>
</h2></font></td></table>";
}
?>
in order to delete a comment, I update the table comments and set flag=1, so my script will not display comments having their flag=1 in table. In order to do this I use script deletepost.php
<?php
$comment = mysql_real_escape_string($_POST['var']);
if(isset($comment) && !empty($comment)){
mysql_query("UPDATE `comments` SET `flag`=1 WHERE (`user`='$session_user_id' AND `comments_id`='$comment')");
header('Location: wall.php');
}
?>
My script until now works perfect without problem and the user that posts a comment can delete its own comment without any error. The problem started when I decided to insert a lightbox in javascript, so that the user will be asked before deleting a comment. So I have changed my first script to the following:
<?php
// ... above code
$comments .= $row['comment']; // comment printed succesfully here
if($comment_user_id == $session_user_id){
$comments .="<table border='1' style='display:inline-table;'><td><h2><font size='2'>
// at this point problem occurs when inserting javascript lightbox
<a href = javascript:void(0) onclick = document.getElementById('light').style.display='block';document.getElementById('fade').style.display='block'><h2><font color=green size=3>Delete All</font></h2></a>
<div id=light class=white_content>DELETE THIS COMMENT?
<form action='deletepost.php' method='post'>
<input type='hidden' name='var' value='$comment_id;'>
<input type='submit' value='delete'>
</form>
<a href = javascript:void(0) onclick = document.getElementById('light').style.display='none';document.getElementById('fade').style.display='none'><div id=pading><button>Cancel</button></div></a></div>
<div id=fade class=black_overlay></div>
</h2></font></td></table>";
}
?>
By using the javascript lightbox as shown above, when the user will press delete, a lightbox starts and asks user if wants to delete the comment. The problem is that now when the user press delete button, it is not deleting the certain comment but the last comment that finds in comments table. Probably there is something else I need to write in my javascript to correct this, in order to know which comment to delete (set its flag to 1). Any idea how to fix it?

Make sure the 'deletepost.php' is getting the correct comment id($comment) that you wanted to delete.
May be that can be the cause.

Related

fetch data without reloading by passing a variable to jquery

I want to fetch some data (without reloading page) based on UserIds that are linked to a tags. I am not able to pass on UserID to jquery successfully and accurately. What it does is, just picks the last UserID and fetches it.
I have also tried to pass on variable throuh a-tag URL but could not get it accurately in jquery file. It fetches the data from already opened url, not the one being clicked right now.
HTML:
<?php foreach($Messagers as $Messagers1){ ?>
<form action="" method="post">
<input type="hidden" id="ANP" value="<?php echo ($Messagers1['UserID']*3);?>"></input>
<a class="LoadMsgsBtn">
Click to load data
</a>
</form>
<?php}?>
<div id="result">
<--The output will come here!-->
</div>
jquery:
$(document).ready(function(){
$(".LoadMsgsBtn").click(function LoadMsgsfunc(){
var ANP = $("input#ANP").val();
var Msg=6;
alert(ANP);
$("#result").load("LoadDB.php",{
ANP: ANP,
Msg: Msg
});
})
});
LoadDB.php:
<?php
$ID = $_POST['ANP'];
$Msg = $_POST['Msg'];
echo $ID . "\n";
echo $Msg;
I want to fetch data from database without reloading using UserID sent. $Messager is an array having multiple rows, there is a series of a-tags. clicking on any a-tag sents corresponding UserID to jquery code
Classic issue of multiple element selection. It's a bit tricky when you are using loops and jquery selectors ;) Check out the following code. It should work like butter B)
<?php foreach($Messagers as $Messagers1){ ?>
<form action="" method="post">
<a class="LoadMsgsBtn" href="javascript:void(0)" onclick="featchData('<?php echo ($Messagers1['UserID']*3);?>')">
Click to load data
</a>
</form>
<?php}?>
<div id="result">
<--The output will come here!-->
</div>
Javascript
function featchData(userId)
{
console.log(userId);
//if you get the id, write in the rest of the code here ;)
}

How to autopopulate a text box in html and php

So I have a page where a new user can input a username pswrd ect. then they fill out some information. An admin can then go and see whos registered and If so desired can go and edit the information entered by the user. What happens is when the admin clicks a button that redirects them to the schedule page I want the text fields to already be populated with all the information. I have confirmed with echo statements that I do have all the correct information at button press, I just cant get the text fields to update when the page loads.
Here is an example of one of the text boxes
<input type="text" id = "textBoxSchedule" name="email" placeholder="Email" value="<?php echo $email?>" required>
I have correctly set the value of $email, but what my guess is, is that HTML runs, creates the text box and then the PHP runs so its set after the value is created.
Thank you for your help!
EDIT:
Ok so heres how I get the information. From the admin page, I know what user I want to edit. So I pass that user name value through the $_SESSION variable and then I can use that one piece of information to get the rest of the text fields. Im not sure if this will have an affect or if its something I can utalize but the text boxes are below a header of:
<form action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']);?>" method = "post">
(im partner coding this and he wrote a majority of this so im still working on understanding it all.)
Try using javascript for it.
<input type="text" id = "textBoxSchedule" name="email" placeholder="Email" required>
<?php echo "<script>myFunction(".$email."); </script>" ?>
The JS is ~
myFunction(x){
document.getElementById('textBoxSchedule').value = x;
}
Don't have enough reputation to comment, so I'll post an answer
<?php echo $email?>
You forgot the semicolon ( ; ) and you didn't leave a space before ?>
Also although it's not false, you should not put spaces before and after = symbol in html attributes
id = "textBoxSchedule"
Lastly I presume you reload the page and you don't expect php to run in client's browser?
I’ve tested your script on a blank php page with the following code:
<?php
$email = "test#email.com";
?>
<input type="text" id = "textBoxSchedule" name="email" placeholder="Email" value="<?php echo $email?>" required>
And I’ve managed to get the text box showing properly.
If you still have a problem showing your text box, you might want to double check the value of your $email variable of the code prior and after the example you’ve given us.

How to prevent data submission after refresh [duplicate]

I think that this problem occurs often on a web application development. But I'll try to explain in details my problem.
I'd like to know how to correct this behavior, for example, when I have a block of code like this :
<?
if (isset($_POST['name'])) {
... operation on database, like to insert $_POST['name'] in a table ...
echo "Operation Done";
die();
}
?>
<form action='page.php' method='post' name="myForm">
<input type="text" maxlength="50" name="name" class="input400" />
<input type="submit" name="Submit" />
</form>
When the form gets submitted, the data get inserted into the database, and the message Operation Done is produced. Then, if I refreshed the page, the data would get inserted into the database again.
How this problem can be avoided? Any suggestion will be appreciated :)
Don't show the response after your create action; redirect to another page after the action completes instead. If someone refreshes, they're refreshing the GET requested page you redirected to.
// submit
// set success flash message (you are using a framework, right?)
header('Location: /path/to/record');
exit;
Set a random number in a session when the form is displayed, and also put that number in a hidden field. If the posted number and the session number match, delete the session, run the query; if they don't, redisplay the form, and generate a new session number. This is the basic idea of XSRF tokens, you can read more about them, and their uses for security here: http://en.wikipedia.org/wiki/Cross-site_request_forgery
Here is an example:
<?php
session_start();
if (isset($_POST['formid']) && isset($_SESSION['formid']) && $_POST["formid"] == $_SESSION["formid"])
{
$_SESSION["formid"] = '';
echo 'Process form';
}
else
{
$_SESSION["formid"] = md5(rand(0,10000000));
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">
<input type="hidden" name="formid" value="<?php echo htmlspecialchars($_SESSION["formid"]); ?>" />
<input type="submit" name="submit" />
</form>
<?php } ?>
I ran into a similar problem. I need to show the user the result of the POST. I don't want to use sessions and I don't want to redirect with the result in the URL (it's kinda secure, I don't want it accidentally bookmarked). I found a pretty simple solution that should work for the cases mentioned in other answers.
On successfully submitting the form, include this bit of Javascript on the page:
<script>history.pushState({}, "", "")</script>
It pushes the current URL onto the history stack. Since this is a new item in history, refreshing won't re-POST.
UPDATE: This doesn't work in Safari. It's a known bug. But since it was originally reported in 2017, it may not be fixed soon. I've tried a few things (replaceState, etc), but haven't found a workaround in Safari. Here are some pertinent links regarding the issue:
Safari send POST request when refresh after pushState/replaceState
https://bugs.webkit.org/show_bug.cgi?id=202963
https://github.com/aurelia/history-browser/issues/34
Like this:
<?php
if(isset($_POST['uniqid']) AND $_POST['uniqid'] == $_SESSION['uniqid']){
// can't submit again
}
else{
// submit!
$_SESSION['uniqid'] = $_POST['uniqid'];
}
?>
<form action="page.php" method="post" name="myForm">
<input type="hidden" name="uniqid" value="<?php echo uniqid();?>" />
<!-- the rest of the fields here -->
</form>
I think it is simpler,
page.php
<?php
session_start();
if (isset($_POST['name'])) {
... operation on database, like to insert $_POST['name'] in a table ...
$_SESSION["message"]="Operation Done";
header("Location:page.php");
exit;
}
?>
<html>
<body>
<div style='some styles'>
<?php
//message here
echo $_SESSION["message"];
?>
</div>
<form action='page.php' method='post'>
<!--elements-->
</form>
</body>
</html>
So, for what I needed this is what works.
Based on all of the above solutions this allows me to go from a form to another form, and to the n^ form , all the while preventing the same exact data from being "saved" over and over when a page is refreshed (and the post data from before lingers onto the new page).
Thanks to those who posted their solution which quickly led me to my own.
<?php
//Check if there was a post
if ($_POST) {
//Assuming there was a post, was it identical as the last time?
if (isset($_SESSION['pastData']) AND $_SESSION['pastData'] != $_POST) {
//No, Save
} else {
//Yes, Don't save
}
} else {
//Save
}
//Set the session to the most current post.
$_session['pastData'] = $_POST;
?>
We work on web apps where we design number of php forms. It is heck to write another page to get the data and submit it for each and every form. To avoid re-submission, in every table we created a 'random_check' field which is marked as 'Unique'.
On page loading generate a random value and store it in a text field (which is obviously hidden).
On SUBMIT save this random text value in 'random_check' field in your table. In case of re-submission query will through error because it can't insert the duplicate value.
After that you can display the error like
if ( !$result ) {
die( '<script>alertify.alert("Error while saving data OR you are resubmitting the form.");</script>' );
}
No need to redirect...
replace die(); with
isset(! $_POST['name']);
, setting the isset to isset not equal to $_POST['name'], so when you refresh it, it would not add anymore to your database, unless you click the submit button again.
<?
if (isset($_POST['name'])) {
... operation on database, like to insert $_POST['name'] in a table ...
echo "Operation Done";
isset(! $_POST['name']);
}
?>
<form action='page.php' method='post' name="myForm">
<input type="text" maxlength="50" name="name" class="input400" />
<input type="submit" name="Submit" />
</form>
This happen because of simply on refresh it will submit your request again.
So the idea to solve this issue by cure its root of cause.
I mean we can set up one session variable inside the form and check it when update.
if($_SESSION["csrf_token"] == $_POST['csrf_token'] )
{
// submit data
}
//inside from
$_SESSION["csrf_token"] = md5(rand(0,10000000)).time();
<input type="hidden" name="csrf_token" value="
htmlspecialchars($_SESSION["csrf_token"]);">
I think following is the better way to avoid resubmit or refresh the page.
$sample = $_POST['submit'];
if ($sample == "true")
{
//do it your code here
$sample = "false";
}

Advantage in sending a value defined with PHP in a form

EDIT: This code isnt for debugging, it is written only as an example and doesnt need completion as the point of it is just seeing the advantages of using a HIDDEN input in a form to retrieve some value. The answers may also be quick and graphic or metaphorical. I dont want a working code, just the advantages of using each methodology. I also fixed an imaginary condition to the while loop and a value for $record_id and placed them so you can understand.
<?php
if (isset($_POST['delete_action'])) {
$deletedRow = $_POST['row_to_be_deleted'];
mysqli_query($connection, "DELETE FROM table_name WHERE record_id = " . $deletedRow);
//Here is where hidden field value is used
}
$someSQL = "SELECT * FROM comments_tbl WHERE postID=$PostRetrievedID";
while ($someFetch = mysqli_fetch_array($con, $someSQL)) {
$record_id = $someFetch['comment_ID'];
$record_content = $someFetch['comment_Content'];
?>
<span>
<?php echo $record_content; ?>
</span>
<form method="post">
<input type="hidden" name="row_to_be_deleted" value="<?php echo $record_id; ?>"/>
<input type="submit" name="delete_action" value="Delete comment"/>
</form>
<?php
}
?>
If your question is about why hidden fields even exists, then I have to say that they are used on lots of websites for the exact reason you show in the example.
Lots of times, when you have a form and the user submits it, you need some extra data that the user should not see so that you can manage the data the user submitted. Like in you example, one common use is to atach the ID of the row.

Self submitting form, then refresh page?

I have a page in PHP with a form that contains multiple checkmarks. These checkmarks can be used to either DELETE the records or create LABELS for whatever is selected.
I got the delete section going just fine as I use the same page ($_SERVER['PHP_SELF']) to run a query, but the labels isn't working because I need to pass the values to another page called PDF_Label_Print.php. I would like to stay away from session variables if possible.
The page works, but sometimes it doesn't refresh automatically. Any ideas? Thanks!
if (isset($_GET['labels']) && (is_array($news_ids) && count($news_ids) > 0))
{
$label_list = implode(',', $news_ids);
echo "<form action='PDF_Label_Print.php' method='post' name='frm' target='_blank'>
<input type='hidden' name='full_list' value='". htmlentities(serialize($label_list)) ."' />
<input type='hidden' name='tbl_name' value='" . $_SESSION['officeid'] ."' />
<input type='hidden' name='report' value='list' />
<input type='hidden' name='avery' value='5160' />
</form>";
echo "<script language='JavaScript'>document.frm.submit();</script>";
// refresh page.
echo '<script language="javascript">window.location = "welcome.php"</script>';
}
the problem is that after submitting a form javascript might stop working till the post is done, and the form action is another page.BUT again, when submitting a form (without ajax) the page should refresh automatically.
So what you need is on the PDF_Label_Print.php page to redirect back to the welcome page
header("location:welcome.php"); // or anyother page you want to redirect after posting
Thank you for everyone who took to their time to look at my question.
Turns out I was able to resolve the issue by using POST instead of GET on my form. The header location is now refreshing the page correctly.

Categories

Resources