delete syntax

Anon

I have a php script that allows a user to delete db entries in mysql. I want to add a "confirm delete" before the query is executed. Maybe a quick page that says "are you sure you want to delete ($record) from ($db)? or something like that. Can anyone help me out?

cordex

Add this to before your delete query.
if(!$conf_in)
{
echo "<form action=script.php method=post>\n";
// confirmation text and buttons and such here
// make sure all the variables that you would normally send to delete are also included here via hidden form fields
echo "<input type=hidden name=conf_in value=1>\n";
echo "</form>\n";
}
else
// execute your delete query here

[deleted]

The way I do it is like this:
In the form I have two hidden fields, 'command' and 'nextcommand'.

The 'command' field contains a string 'verify'.
The 'nextcommand' field contains the command that should be executed when the user clicks 'ok' on the verification screen.

At the top of the script I have a statement that checks to see if the $command var contains 'verify'.

If it does, I print a simple form where I replace $command with the value of $nextcommand.
That way, when this 'confirmation' form is submitted, it will execute the real command, and not try to verify again.

In the rest of the form I print all the HTTP_POST_VARS key/value pairs in hidden fields.
That way the form will behave exactly like the original form, but none of the data is visible.

Et presto, a very simple and very effective verification screen.

If you want you can change the confirmation screen to print the submitted data outside the form fields too, so it shows up as plain HTML so theuser can read it back without editing it.

cordex

I've also used a switch statement based on the wording of the submit buttons. Such as:

switch($val_st)
case "Delete":
// form here
echo "<input type=submit name=val_st value=Confirm Delete>";
break;
case "Confirm Delete":
// delete query run here
break;

shrug There are many ways, grasshopper.

Anon

Ok... I still have a few questions. On the first echo statement, what function does script.php carry out? Also, why is it (!$conf_in)?

Anon

Yes.. This sounds like it would work well. What would be the command you would put in the value for 'nextcommand"? Would it be a mysql statement? And one last thing, how do you print the HTTP_POST_VARS key/value pairs?