[HTML/PHP] Pop-ups & forms

Seguer · June 2009

You.. can do it that way. That's actually how I did my Greasemonkey script in my signature - the Javascript function that I tack on to each page actually contains part of the html that appears in the popup, but I don't suggest that.

EDIT Before I even hit reply: I think I misunderstood, you if blocks are in PHP right? That's another way you can do it, such as index.php?action=add or action=update and then in the page itself you echo/print/etc a bunch of stuff for that page.

What you're moving into is basic CRUD operations (create/read/update/delete). The page you've been working on so far is Read.

Think about it this way - if you want to update an entry, that form needs to know which entry it is updating, and you actually need to read in its data first so that you can see what was there.

As for having multiple pages you can do this a few ways - on that "Read" page you can have links that go to Update/Delete which can display forms that were hidden on that page itself to do what you want for Update, or just a delete link.

Create could go at the bottom of the page with all the form elements required to create a new entry.

guar · June 2009

What I was thinking was placing if statements inside the javascript to check for each unique id, but the way I tried didn't work. I'm not sure I understand the index.php?action=xxx route, but what I meant for having separate pages was a page for add (add.php), update (update.php), and remove/delete (remove.php). They would be small pages containing only textareas, etc. intended for the pop-up windows.

ed: I'd prefer not to have separate pages, which is why I brought it up.

Seguer · June 2009

Did you take a look at the thickbox link?

It will do what you want - a popup containing whatever html you want, and in this case form elements.

guar · June 2009

I did, but I'd rather implement this myself than download a solution.

Seguer · June 2009

Alright well you'd still have to do a lot yourself - all thickbox does is easily let you have a little popup. You still have to figure out what goes in the popup and how your code handles it.

guar · June 2009

Any tips on how to get started? I tried doing separate pages, but I've run into the problem of being unable to identify for which system the pop-up is being called. My code:

add.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <form action="add.php" method="post"> <LABEL for="name">Name: </LABEL> <INPUT type="text" id="name" size="10" maxlength="127"> <p /> <LABEL for="comment">Comment: </LABEL> <INPUT type="text" id="comment" size="10" maxlength="255"> <p /> <input type="radio" id="status" value="u">Unfinished <br /> <input type="radio" id="status" value="b">Beaten <br /> <input type="radio" id="status" value="c">Completed <br /> <input type="radio" id="status" value="w">Wishlist <p /> <input type="submit" value="Add"> </form> </body> </html> [/CODE] [SIZE=4][B]add.php[/B][/SIZE] [CODE] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <?php $link = mysql_connect('localhost', 'root', '110185'); $db = mysql_select_db('backlog'); mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)"); mysql_close($link); ?> </body> </html> [/CODE] Again, I'd like to not have separate pages, but this seemed like the easiest method. I'd prefer to keep all code in index.php[CODE]
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="css/css.css" rel="Stylesheet" type="text/css" />
</head>
<body>
<form action="add.php" method="post">
<LABEL for="name">Name: </LABEL>
<INPUT type="text" id="name" size="10" maxlength="127"> <p />
<LABEL for="comment">Comment: </LABEL>
<INPUT type="text" id="comment" size="10" maxlength="255"> <p />
<input type="radio" id="status" value="u">Unfinished <br />
<input type="radio" id="status" value="b">Beaten <br />
<input type="radio" id="status" value="c">Completed <br />
<input type="radio" id="status" value="w">Wishlist <p />
<input type="submit" value="Add">
</form>
</body>
</html>
[/CODE]

add.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <?php $link = mysql_connect('localhost', 'root', '110185'); $db = mysql_select_db('backlog'); mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)"); mysql_close($link); ?> </body> </html> [/CODE] Again, I'd like to not have separate pages, but this seemed like the easiest method. I'd prefer to keep all code in index.php[CODE]
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="css/css.css" rel="Stylesheet" type="text/css" />
</head>
<body>
<?php
$link = mysql_connect('localhost', 'root', '110185');
$db = mysql_select_db('backlog');
mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)");
mysql_close($link);
?>
</body>
</html>
[/CODE]

Again, I'd like to not have separate pages, but this seemed like the easiest method. I'd prefer to keep all code in index.php

xzzy · June 2009

I used to be the same way, but it's really not necessary. Piling too much into a single file makes it much harder to maintain down the road. It really doesn't buy you any advantages.

But if you're determined to do it, you can direct page rendering by adding variables to the url, and testing for that variable in your script. That is, something like:

http://me.com/index.php

Loads the main page.

http://me.com/index.php?page=form

Loads the submission form. Make branches in your script with an if() statement.

But like I said, it gets messy fast.

guar · June 2009

I'll take your advice then. Would my approach be the best for going about what I'm trying to do, or is there an easier way? When I fill in the form and submit, my database doesn't seem to reflect the changes.

SporkAndrew · June 2009

You're posting from a form, right? So you need to change:

mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)");

to:

$sql = "INSERT INTO ds (name, comment, status) VALUES (". $_POST['name'] .",". $_POST['comment'].",".$_POST['status'])";
mysql_query($sql;);

or you can use _REQUEST if you prefer. Is this your first time attempting this sort of thing?

guar · June 2009

It is. I'm familiar with MySQL and basic HTML, PHP is a little new, but all of this is new to me.

SporkAndrew · June 2009

Well to access variables coming in from forms you can either check the $_GET or $_POST depending on what you specify your form's method to be, or just use the catch-all $_REQUEST which includes both.

As for your one page / multiple pages I usually seperate things out onto seperate pages. A controller for a database element will consist of a page for adding / editing, one for deleting and one for browsing the contents. I find it's easier for me to maintain a bunch of small pages rather than one massive one.

You could also streamline your code from the previous page by including an switch to check for the form being submitted, and either displaying the form or processing the results, so something like add.php consisting of:

<?php
if (isset($_POST['submitter_check')) {
    // perform db update   
    print "totally saved";    
} else {
?>
    <form action="add.php" method="post">
        <input type="hidden" name="submitter_check" value="totallytrue" />
        <!-- rest of form gubbins -->
    </form>
<?php
}
?>

I'm probably not the best at explaining things, but I do this stuff for a living so the knowledge is there, buried under layers of crap.

xzzy · June 2009

SporkAndrew wrote: »
You're posting from a form, right? So you need to change:
mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)");
to:
$sql = "INSERT INTO ds (name, comment, status) VALUES (". $_POST['name'] .",". $_POST['comment'].",".$_POST['status'])";
mysql_query($sql;);
or you can use _REQUEST if you prefer. Is this your first time attempting this sort of thing?

Please do the world a favor and run all submitted variables through mysql_real_escape_string before putting them in a query.

Nightslyr · June 2009

SporkAndrew wrote: »

Well to access variables coming in from forms you can either check the $_GET or $_POST depending on what you specify your form's method to be, or just use the catch-all $_REQUEST which includes both.

Bad idea, generally speaking, for security reasons. Use the correct super-global array.

Nightslyr · June 2009

Also, guar, I think you want something like (add.php):

<?php
   if(isset($_POST['submit'])
   {
      $link = mysql_connect('localhost', 'root', '110185');
      $db = mysql_select_db('backlog');

      /* you should check to see if the inputs have values, and if they're legit/properly formed before inserting them into the db.  also, for the love of god, use mysql_real_escape_string(). */

      mysql_query("INSERT INTO ds (name, comment, status) VALUES ($name, $comment, $status)");
      mysql_close($link);

      // redirect if necessary
   }
?>

<!DOCTYPE html
        PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">;
<html>
<head>
    <link href="css/css.css" rel="Stylesheet" type="text/css" />
</head>
<body>
    <form action="add.php" method="post">
        <LABEL for="name">Name: </LABEL>
            <INPUT type="text" id="name" size="10" maxlength="127"> <p />
        <LABEL for="comment">Comment: </LABEL>
            <INPUT type="text" id="comment" size="10" maxlength="255"> <p />
        <input type="radio" id="status" value="u">Unfinished <br />
        <input type="radio" id="status" value="b">Beaten <br />
        <input type="radio" id="status" value="c">Completed <br />
        <input type="radio" id="status" value="w">Wishlist <p />
        <input type="submit" value="Add">
    </form>
</body>
</html>

Aside from some logical things, your one file solution should be similar to the code above.

guar · June 2009

Nightslyr wrote: »

you should check to see if the inputs have values, and if they're legit/properly formed before inserting them into the db. also, for the love of god, use mysql_real_escape_string().

I'm trying to do that right now, by checking to see if the comment field is empty. I guess I'm not doing it correctly, as instead of adding an entry with/without a comment, it adds one with no comment and a completely blank entry.

if($_POST[comment] = null) $query = "INSERT INTO ds VALUES ('$_POST[name]', null, '$_POST[status]')"; else $query = "INSERT INTO ds VALUES ('$_POST[name]', '$_POST[comment]', '$_POST[status]')"; [/CODE] Also, why do I need mysql_real_escape_string() ?[CODE]
if($_POST[comment] = null)
$query = "INSERT INTO ds VALUES ('$_POST[name]', null, '$_POST[status]')";
else
$query = "INSERT INTO ds VALUES ('$_POST[name]', '$_POST[comment]', '$_POST[status]')";
[/CODE]

Also, why do I need mysql_real_escape_string() ?

Woot427 · June 2009

guar wrote: »

Nightslyr wrote: »

you should check to see if the inputs have values, and if they're legit/properly formed before inserting them into the db. also, for the love of god, use mysql_real_escape_string().

I'm trying to do that right now, by checking to see if the comment field is empty. I guess I'm not doing it correctly, as instead of adding an entry with/without a comment, it adds one with no comment and a completely blank entry.

if($_POST[comment] = null) $query = "INSERT INTO ds VALUES ('$_POST[name]', null, '$_POST[status]')"; else $query = "INSERT INTO ds VALUES ('$_POST[name]', '$_POST[comment]', '$_POST[status]')"; [/CODE] Also, why do I need mysql_real_escape_string() ?[/QUOTE] Use "==" when checking to see if something is equal, "=" makes assignments. Right now, that code sets the comment to null, which technically returns true, so it then inserts that blank comment. As for mysql_real_escape_string, it prevents SQL injection by escaping the data. SQL injection occurs when someone enters SQL into a text box or passes it through post data, and MySQL/any other SQL server executes that query. [IMG]http://imgs.xkcd.com/comics/exploits_of_a_mom.png[/IMG][CODE]
if($_POST[comment] = null)
$query = "INSERT INTO ds VALUES ('$_POST[name]', null, '$_POST[status]')";
else
$query = "INSERT INTO ds VALUES ('$_POST[name]', '$_POST[comment]', '$_POST[status]')";
[/CODE]

Also, why do I need mysql_real_escape_string() ?

Use "==" when checking to see if something is equal, "=" makes assignments. Right now, that code sets the comment to null, which technically returns true, so it then inserts that blank comment.

As for mysql_real_escape_string, it prevents SQL injection by escaping the data. SQL injection occurs when someone enters SQL into a text box or passes it through post data, and MySQL/any other SQL server executes that query.

guar · June 2009

I had it working, but now it won't accept anything without a comment. The only changes I've made are swapping some table parameters, but it should still accept input with a null comment field (it accepts it at the command line).

Before
mysql> describe ds; +---------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------+--------------+------+-----+---------+-------+ | name | varchar(127) | YES | | NULL | | | comment | varchar(255) | YES | | NULL | | | status | char(1) | YES | | NULL | | +---------+--------------+------+-----+---------+-------+ 3 rows in set (0.02 sec) [/CODE] [SIZE=4][B]After[/B][/SIZE] [CODE]mysql> describe ds; +---------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------+--------------+------+-----+---------+-------+ | name | varchar(127) | NO | PRI | NULL | | | comment | varchar(255) | YES | | NULL | | | status | char(1) | NO | | NULL | | +---------+--------------+------+-----+---------+-------+ 3 rows in set (0.02 sec) [/CODE] And here's my add.php code: [CODE] <?php $link = mysql_connect('localhost', 'root', '******'); $db = mysql_select_db('backlog'); $query = null; if($_POST[name] != NULL) { if($_POST[comment] == NULL) $query = sprintf("INSERT INTO ds VALUES ('%s', null, '$_POST[status])')", mysql_real_escape_string($_POST[name])); else $query = sprintf("INSERT INTO ds VALUES ('%s', '%s', '$_POST[status]')", mysql_real_escape_string($_POST[name]), mysql_real_escape_string($_POST[comment])); } if($query != null) mysql_query($query); mysql_close($link); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <form action="add.php" method="post"> Name: <input type="text" name="name" /> <p /> Comment: <input type="text" name="comment" /> <p /> <input type="radio" name="status" value="u" checked />Unfinished <br /> <input type="radio" name="status" value="b" />Beaten <br /> <input type="radio" name="status" value="c" />Completed <br /> <input type="radio" name="status" value="w" />Wishlist <p /> <input type="submit" value="Add" /> </form> </body> </html> [/CODE][CODE]
mysql> describe ds;
+

+

+

+

+
3 rows in set (0.02 sec)
[/CODE]

After
mysql> describe ds; +---------+--------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +---------+--------------+------+-----+---------+-------+ | name | varchar(127) | NO | PRI | NULL | | | comment | varchar(255) | YES | | NULL | | | status | char(1) | NO | | NULL | | +---------+--------------+------+-----+---------+-------+ 3 rows in set (0.02 sec) [/CODE] And here's my add.php code: [CODE] <?php $link = mysql_connect('localhost', 'root', '******'); $db = mysql_select_db('backlog'); $query = null; if($_POST[name] != NULL) { if($_POST[comment] == NULL) $query = sprintf("INSERT INTO ds VALUES ('%s', null, '$_POST[status])')", mysql_real_escape_string($_POST[name])); else $query = sprintf("INSERT INTO ds VALUES ('%s', '%s', '$_POST[status]')", mysql_real_escape_string($_POST[name]), mysql_real_escape_string($_POST[comment])); } if($query != null) mysql_query($query); mysql_close($link); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <form action="add.php" method="post"> Name: <input type="text" name="name" /> <p /> Comment: <input type="text" name="comment" /> <p /> <input type="radio" name="status" value="u" checked />Unfinished <br /> <input type="radio" name="status" value="b" />Beaten <br /> <input type="radio" name="status" value="c" />Completed <br /> <input type="radio" name="status" value="w" />Wishlist <p /> <input type="submit" value="Add" /> </form> </body> </html> [/CODE][CODE]mysql> describe ds;
+

+

+

+

+
3 rows in set (0.02 sec)
[/CODE]

And here's my add.php code:

<?php $link = mysql_connect('localhost', 'root', '******'); $db = mysql_select_db('backlog'); $query = null; if($_POST[name] != NULL) { if($_POST[comment] == NULL) $query = sprintf("INSERT INTO ds VALUES ('%s', null, '$_POST[status])')", mysql_real_escape_string($_POST[name])); else $query = sprintf("INSERT INTO ds VALUES ('%s', '%s', '$_POST[status]')", mysql_real_escape_string($_POST[name]), mysql_real_escape_string($_POST[comment])); } if($query != null) mysql_query($query); mysql_close($link); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> </head> <body> <form action="add.php" method="post"> Name: <input type="text" name="name" /> <p /> Comment: <input type="text" name="comment" /> <p /> <input type="radio" name="status" value="u" checked />Unfinished <br /> <input type="radio" name="status" value="b" />Beaten <br /> <input type="radio" name="status" value="c" />Completed <br /> <input type="radio" name="status" value="w" />Wishlist <p /> <input type="submit" value="Add" /> </form> </body> </html> [/CODE][CODE]
<?php
$link = mysql_connect('localhost', 'root', '******');
$db = mysql_select_db('backlog');

$query = null;
if($_POST[name] != NULL) {
if($_POST[comment] == NULL)
$query = sprintf("INSERT INTO ds VALUES ('%s', null, '$_POST[status])')",
mysql_real_escape_string($_POST[name]));
else
$query = sprintf("INSERT INTO ds VALUES ('%s', '%s', '$_POST[status]')",
mysql_real_escape_string($_POST[name]),
mysql_real_escape_string($_POST[comment]));
}

if($query != null)
mysql_query($query);

mysql_close($link);
?>

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link href="css/css.css" rel="Stylesheet" type="text/css" />
</head>
<body>
<form action="add.php" method="post">
Name:
<input type="text" name="name" /> <p />
Comment:
<input type="text" name="comment" /> <p />

<input type="radio" name="status" value="u" checked />Unfinished <br />
<input type="radio" name="status" value="b" />Beaten <br />
<input type="radio" name="status" value="c" />Completed <br />
<input type="radio" name="status" value="w" />Wishlist <p />
<input type="submit" value="Add" />
</form>
</body>
</html>
[/CODE]

Nightslyr · June 2009

I don't believe sprintf can accept null as a parameter. Also, you need to ensure that the order of your parameters are correct when you query the db. It needs to match the actual table structure, so name, then comment, then status.

Try simply:

$queryFormat = "INSERT INTO ds VALUES ('%s', '%s', '%s')";
$query = sprintf($queryFormat, 
   mysql_real_escape_string($_POST['name']), 
   mysql_real_escape_string($_POST['comment']), 
   mysql_real_escape_string($_POST['status']));

You don't need to check if the comment is null...an empty string will suffice. So, that way, you remove a conditional and make your code that much easier to debug.

guar · June 2009

Great catch, thanks!

zeeny · June 2009

Mmm, just in case you're interested. You had a typo in the original code. Misplaced ' that made your char field take 2 chars which can't happen. It would have worked otherwise.

Edit: And it's always a good idea to read your code before asking for help.

guar · June 2009

If I'm posting here, it's because I've gone over my code several times and I'm completely stumped. Writing code is like writing a paper, it helps to get a second (or fifth) opinion.

Seguer · June 2009

Damn you guys, I go to sleep and holy crap a whole page goes by.

Just a few things guar:

I would use an add.php that has the form and submits (POSTs) to itself, then have code that checks the $_POST super global array to see whether a form submission occured, because you can then report errors or report success directly on the form, with the old data that was submitted.

Accessing stuff from an array (zeeny mentioned this) you have to use a ' or " to escape the literal string, so that something like $_POST[name] becomes $_POST. This is so PHP knows that name is not a function/variable/etc. PHP usually is smart enough to "figure it out", but will tell you what it assumed (if your PHP said nothing I'd check your settings, not sure which unfortunately..)

HTML Labels: If you put the input inside the Label, you don't need to use the for attribute. Useful when the label and input are directly next to each other in the source code.

I think, but I'm not sure, that the Doctype needs to be the very first line that a browser sees, so if you have PHP before it, just end the php (?>) on the same line as the Doctype.

<?php

//stuff

?><!DOCTYPE...

How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console

This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.

SporkAndrew · June 2009

xzzy wrote: »

Please do the world a favor and run all submitted variables through mysql_real_escape_string before putting them in a query.

It's been so long since I actually used raw sql to make an update that I forget it every time. Usually propel / Smarty sanitises everything for me.

guar · June 2009

Dropped the tables and added my parameters to the start of index.php. OP updated with new code. I'm in the process of working on remove/delete now, which should make it easy to do update afterwards (layout-wise).

Seguer wrote: »

How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console

This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.

Different table for each system + columns are the same. I might consider having one table, but I'd need to have 2 primary keys to avoid any duplicates.

guar · June 2009

Here's a question: can I call a method from index.php from within remove.php? Specifically, I need to use the sortBy() method I defined in index.php; could I do something like parent.sortBy(#, #) ?

zeeny · June 2009

guar wrote: »

Here's a question: can I call a method from index.php from within remove.php? Specifically, I need to use the sortBy() method I defined in index.php; could I do something like parent.sortBy(#, #) ?

Make a sort.inc.php file. Cut/paste the sortBy() function in it and do an

require('sort.inc.php'); // assuming same directory

in the start of the php section of both files making use of the routine.
It is usually a good idea to organize all functions by type/relation into separate inc files into separate php include files. Makes it a lot easier to reuse code.

It's even a better idea to make use of PHP's OO capabilities, but probably unnecessary for the size of your project.

Seguer · June 2009

guar wrote: »

Dropped the tables and added my parameters to the start of index.php. OP updated with new code. I'm in the process of working on remove/delete now, which should make it easy to do update afterwards (layout-wise).

Seguer wrote: »

How have you separated out your database tables for the different consoles? Do you have a table for each console? You might want to look at having a single table and an extra column, either enum or just plain-text to describe, such as console_type. Then you just select where console_type = type of console

This would also make it easier to grab related data such as "all my unfinished games". Obviously this only works if the columns are the same in all your tables.

Different table for each system + columns are the same. I might consider having one table, but I'd need to have 2 primary keys to avoid any duplicates.

You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?

Also, your javascript popup function should probably add the bolded+underlined parts - not all browsers might treat an anchor object as resolving to its href.

        function popup(link, id) {
            if(!window.focus) return true;
            if(id == 'add')
                window.open(link[u][b].href[/b][/u], id, 'width=427, height=336');
            else
                window.open(link[u][b].href[/b][/u], id, 'width=450, height=350');
            return false;
        }

guar · June 2009

Seguer wrote: »

You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?

No, just the title. If I could figure out how to pass the system name to the pop-up window, I'd stick with my current setup. I don't really need to query the database beyond what I'm doing at this point.

So I have this method:

<script type="text/javascript"> function select() { var i = document.rform.rname.selectedIndex; var selected = document.rform.rname.options[i].text; document.rform.name.value = selected; document.rform.comment.value = ""; } </script> [/CODE] [SPOILER] [SIZE=4][B]remove.php[/B][/SIZE] [CODE] <?php require('sort.inc.php'); $link = mysql_connect('localhost', 'root', '110185'); $db = mysql_select_db('backlog'); $names = sortBy(name, ds); $cmnt = sortBy(comment, ds); $stat = sortBy(status, ds); $n = mysql_num_rows($names); $query = null; //if($_POST[name] != NULL) { //$query = sprintf("DELETE FROM ds WHERE name=''"); //} if($query != null) mysql_query($query); mysql_close($link); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">; <html> <head> <link href="css/css.css" rel="Stylesheet" type="text/css" /> <script type="text/javascript"> function select() { var i = document.rform.rname.selectedIndex; var selected = document.rform.rname.options[i].text; document.rform.name.value = selected; document.rform.comment.value = ""; } </script> </head> <body> <form name="rform" action="remove.php" method="post"> <select name="rname" onchange="select()"> <?php for($k = 0; $k < $n; $k++) { echo "<option>"; echo mysql_result($names, $k); echo "</option>"; } ?> </select> <p /> Name: <br /> <textarea name="name" rows="5" cols="75" wrap="physical" disabled="true"></textarea> <p /> Comment: <br /> <textarea name="comment" rows="5" cols="75" wrap="physical" disabled="true"></textarea> <p /> <input type="radio" name="status" value="u" disabled="true" />Unfinished <br /> <input type="radio" name="status" value="b" disabled="true" />Beaten <br /> <input type="radio" name="status" value="c" disabled="true" />Completed <br /> <input type="radio" name="status" value="w" disabled="true" />Wishlist <p /> <input type="submit" value="Remove" /> </form> </body> </html> [/CODE] [/SPOILER] My intent is to have the Name, Comment, and Status fields display the values corresponding to what's selected in the drop down menu. How can I get the comment and status to do this?[CODE]
<script type="text/javascript">
function select() {
var i = document.rform.rname.selectedIndex;
var selected = document.rform.rname.options.text;

document.rform.name.value = selected;
document.rform.comment.value = "";
}
</script>
[/CODE]

Spoiler:

My intent is to have the Name, Comment, and Status fields display the values corresponding to what's selected in the drop down menu. How can I get the comment and status to do this?

Seguer · June 2009

You're starting to move into AJAX territory, or having all that data exist on the page initially.

You need to use an id column. DELETE from where name is a bad idea.

In fact you've gone about this removal form the wrong way; you shouldn't need one at all. On your index page you should just be able to click a link to remove that particular game.

Game Name
Game Description
Edit | Delete

Edit takes you to a form, Delete just deletes (preferably with a javascript confirm at the very least).

The delete link should take you to something like /delete.php?id=6, where id is the id of the game being deleted, which would then just redirect back to index.php

I feel like doing this myself over the weekend now...

EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id

Kris · June 2009

guar wrote: »

Seguer wrote: »

You just need an auto-increment id column which is unique - anything else like name/title doesn't need to be?

No, just the title.

Just as a side note, ideal database design suggests you never use a column with inherent meaning as a primary key. I would understand not wanting to redo all your work so far, but in the future, an auto-incrementing ID as a primary key would be preferable.

guar · June 2009

It probably wouldn't be too much work and I'm planning on adding another column, alt_name, for those with special characters.

guar · June 2009

Seguer wrote: »

EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id

I'm not sure I understand this. Can I pass variables between pages, or are you implying I make a separate page for each id?

Nightslyr · June 2009

guar wrote: »

Seguer wrote: »

EDIT: As for passing the "system name" to the popup window, that is simple - just have the link be different using page.php?systemname=something, or in the case that I really want you to use, page.php?id=id

I'm not sure I understand this. Can I pass variables between pages, or are you implying I make a separate page for each id?

You can pass variables between pages. From the '?' on is what's known as a query string. PHP can grab a hold of whatever value(s) is/are in there via the $_GET superglobal array.

So, say you have a query string of page.php?system=23&user=67 - you can simply grab them like so:

<?php
   $system = $_GET['system'];
   $user = $_GET['user'];

Be sure to code defensively, though, as values are being passed to your script from the address bar. Anyone can modify the query string and submit it to your page(s).

Seguer · June 2009

Sorry guar I thought you knew what I meant by that because GET had already been discussed here; Nightslyr is right. $_GET will get what you want from the query string. Variables on a query string are separated by an & so ?var1=value1&var2=value2. You probably want to use mysql_escape_string on the id or name if you're going to directly use it in a query (coding defensively)

guar · June 2009

Great, thanks guys.

Seguer · June 2009

Just one more thing: when you write your links to include query strings, you need to write & as & (& is a "reserved" character to start an entity character, of which & means &)

guar · June 2009

A few quick questions: (1) for auto-increment, can I force the database to fill deleted unique ids? i.e. I populate a table with ids 1 through 8, but delete ids 3 and 7 sometime after. Is there a way for the next entry added to have 3 assigned to its id number?

(2) I've set it up before to have the pop-up window close on submit, but it closes before the data is sent. How can I have it so after hitting the 'Add/Update' button, it closes the window and refreshes index.php ? I have delete.php set up to immediately redirect back to index.php via a meta tag in the header, can I do something similar with this?

Infidel · June 2009

guar wrote: »

A few quick questions: (1) for auto-increment, can I force the database to fill deleted unique ids? i.e. I populate a table with ids 1 through 8, but delete ids 3 and 7 sometime after. Is there a way for the next entry added to have 3 assigned to its id number?

You don't want to do this. An ID is just that, it should be unique for the lifetime of your database. The game that was #3 is not the game you are adding, so you don't want to call it #3 in your database.

If I have another table that has a record saying "I completed 56% of game #3" and I don't clean that up when I delete #3 from the game table, then when I add a new game and it's given ID #3 then it's inconsistently marked 56% complete.

That's a trivial example and likely to be cleaned up properly, but only because the database is so simple. The proper way is the way the database is currently working your auto-increment and this is why.

guar wrote: »

(2) I've set it up before to have the pop-up window close on submit, but it closes before the data is sent. How can I have it so after hitting the 'Add/Update' button, it closes the window and refreshes index.php ? I have delete.php set up to immediately redirect back to index.php via a meta tag in the header, can I do something similar with this?

You could do asynchronous submits (AJAX) but the simpler solution for you would probably be to do the redirect yes. Just handle the form submit and then redirect to a closewin.php that just simply closes itself.

Btw, you can do an HTTP redirect instead of an HTML meta refresh, by doing the following instead of sending any HTML back.

header('Location: /mypage.php');

Nightslyr · June 2009

Infidel wrote: »
Btw, you can do an HTTP redirect instead of an HTML meta refresh, by doing the following instead of sending any HTML back.
header('Location: /mypage.php');

You just need to do it before anything (HTML, whitespace, etc...) is sent to the browser, else you'll get a "Headers already sent" error.

Infidel · June 2009

Nightslyr wrote: »
Infidel wrote: »
Btw, you can do an HTTP redirect instead of an HTML meta refresh, by doing the following instead of sending any HTML back.
header('Location: /mypage.php');
You just need to do it before anything (HTML, whitespace, etc...) is sent to the browser, else you'll get a "Headers already sent" error.

Right right, it needs to be the only thing sent. Not technically, but as far as you're concerned it's easiest to think of it that way Guar.

Penny Arcade

[HTML/PHP] Pop-ups & forms

Posts