3

So I am trying to submit a variable and the name of the variable via a form. I switched a button from submit to button because I need additional validation.

Anyway, here's the button now:

<button type="button" onclick="subForm()" name="del" id="deletebutton" value="'.$org.'">Delete</button>

Here's my current validation:

<script type="text/javascript">
function subForm() 
{
    if(confirm("Are you sure you want to delete this?"))
        document.forms["addorg"].submit();
   else
       return false;

}
</script>

And here's my script on the other side:

if (isset($_POST["del"])  && ($_POST['del'] !== '')) {
    $del = mysql_real_escape_string(html2txt($_POST['del']));
    $resfile = mysql_query('SELECT file_loc from organization WHERE org_id = '.$del);
    $org_name = mysql_real_escape_string(html2txt($_POST['orgname']));

    if (!$resfile) 
        header('Location: '.$admin.'?error=query');

    while ($filerow = mysql_fetch_array($resfile)) {
        $fileplace = $filerow['file_loc'];
        unlink(".".$fileplace);
        rmdir($org_name);
    }

    mysql_query("DELETE from organization where org_id='".$del."'");
    header('Location: '.$admin);
}

It is not currently deleting the records that I want. How do I pass along the "del" name to the other page?

Improve this question
4
  • 4
    Your query is vulnerable to SQL injection. Commented Jan 31, 2012 at 18:20
  • Show more of your HTML. Is your <button> inside a <form>? Commented Jan 31, 2012 at 18:21
  • 3
    you can revert back to a submit input and attach an event to the onsubmit of the form. no need to use a button. Commented Jan 31, 2012 at 18:23
  • I did that originally, Yoa, but I've got another button, and I can't figure out how to make a script that will detect the difference between the two buttons. Commented Jan 31, 2012 at 18:26

4 Answers 4

Reset to default
3

You can use <input type="hidden">:

echo '<input type="hidden" name="org_id" value="'.$org_id.'" />'

This should render something like:

<input type="hidden" name="org_id" value="1" />

Using this code you can access the hidden field data using:

$org_id = $_POST['org_id'];
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

instead use onsubmit

<form method='POST' onsubmit='return subForm();'>

and

<script type="text/javascript">
function subForm() 
{
        if(confirm("Are you sure you want to delete this?"))
            return true;
       else
           return false;

}
</script>

edit: you can also change

if (isset($_POST["del"])  && ($_POST['del'] !== '')) {

to 

    if ( !empty($_POST['del']) ) {

but i think this line is your problem

$resfile = mysql_query('SELECT file_loc from organization WHERE org_id = '.$del);

try

$resfile = mysql_query("SELECT file_loc from organization WHERE org_id = '".$del."' ");
Improve this answer

2 Comments

I am already using onsubmit, but I have two buttons and need to distinguish between the two of them.
put one of the buttons after the </form> tag, then it will not submit the form
0

Looking at http://www.w3schools.com/tags/tag_button.asp suggests that the 'name' of a button isn't submitted as opposed to its 'value' or 'text'. Why not use an input of type hidden as just suggested?

Improve this answer

2 Comments

note w3fools. try MDN
@paislee: Never knew about that site until now, but it seems like they're being a bit over-dramatic about most of their issues. They make it seem like w3schools.com is completely useless and everyone should avoid it or they will form the worst habits ever practiced, but then it complains about things like "The example above will work in most browsers, but don't rely on it. Forgetting the end tag can produce unexpected results or errors" just because they didn't mention that the end tag in <p> is optional? Give me a break. Plenty of professionals have started from w3schools.com and been fine.
0

I suggest you rethink using a form at all and consider AJAX. This would solve the problem of knowing which button was clicked and the page doesn't need to reload.

Here is a sample of what you're trying to do:

<html>
<head>
    <script type="text/JavaScript">
        var xmlhttp;
        if (window.XMLHttpRequest)
            xmlhttp=new XMLHttpRequest();
        else
            xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");

        function deleteOrganization(orgID)
        {
            xmlhttp.onreadystatechange = function()
            {
                if (xmlhttp.readyState == 4 && xmlhttp.status == 200)
                {
                    // in your PHP file, have it echo something like "SUCCESS" or "FAIL", and the response will be alerted here
                    alert(xmlhttp.responseText);
                    refreshList();  // either call another function to update the list or return the new list after the success/fail response.
                }
            };
            xmlhttp.open("GET", "delete.php?orgID="+ orgID, true);
            // OR - xmlhttp.open("GET", "page.php?action=DELETE&orgID="+ orgID, true);
            xmlhttp.send();
        }

        function refreshList()
        {
            // either delete the row with JavaScript or make another AJAX call to get the new list after the entry was deleted.
        }
    </script>
</head>
<body>
    <button onclick="deleteOrganization('<?php echo $org; ?>')">Delete</button>
</body>
</html>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.