tags:

views:

53

answers:

3
Q: 

HTML layout question?

I was just wondering I'm trying to display all a members friend requests in their own form for example, three friend requests will be displayed in three different forms or 20 friend requests will be displayed in 20 different forms and so on. The reason for this is because I want each friend request to have its own Add Friend or Deny Friend button.

So my question is: Is this a good way to display friend requests or is there a better way using HTML or PHP & MySQL?

Here is a code sample.

<ul>
    <li>
        <form method="post" action="index.php" enctype="multipart/form-data">
            <fieldset>
                <h3>Someone wants to be your friend!</h3>
                <a href=""><img src="./images/avatar.png" /></a>
                <input type="submit" name="add_friend" value="Add Friend" />
                <input type="submit" name="deny_friend" value="Deny Friend" />
            </fieldset>
        </form>
    </li>

    <li>
        <form method="post" action="index.php" enctype="multipart/form-data">
            <fieldset>
                <h3>Someone wants to be your friend!</h3>
                <a href=""><img src="./images/avatar.png" /></a>
                <input type="submit" name="add_friend" value="Add Friend" />
                <input type="submit" name="deny_friend" value="Deny Friend" />
            </fieldset>
        </form>
    </li>

    <li>
        <form method="post" action="index.php" enctype="multipart/form-data">
            <fieldset>
                <h3>Someone wants to be your friend!</h3>
                <a href=""><img src="./images/avatar.png" /></a>
                <input type="submit" name="add_friend" value="Add Friend" />
                <input type="submit" name="deny_friend" value="Deny Friend" />
            </fieldset>
        </form>
    </li>
</ul>
A: 

If you want to play it safe (i.e. have something that works without JavaScript) using multiple forms is usually the way to go. If you can rely on JavaScript, you can use with "naked" form elements and submit them through AJAX.

However, in this case, there's no need for POST and forms. You're much better off using simple GET requests:

 <h3>Someone wants to be your friend!</h3>
 <a href="/friends/?command=add&id=1234567">Add friend</a>
 <a href="/friends/?command=deny&id=1234567">Denyfriend</a>
Unicron  2010-07-07 21:17:29
No, you're not better off. Using `GET` should never cause a state change, it should always be safe to re-issue a GET request at any time and as many times as you want.
Stephen P  2010-07-07 21:33:00
+1  A: 

It's ok that way. It's clean. All you need to have is some sort of an ID of the friend request, to know what operation to do server-side, regardless of server-side language.

Alexander  2010-07-07 21:18:26
Where should I put the ID at?
maximum  2010-07-07 21:22:37
You can use <input type="hidden" value="2496258" name="request_id"/>It won't be visible to the user, but passed with the form, so you can access it via $_POST superglobal.That's a bit simple from the Security point of view, but it will do for now. Mosts sites don't bother securing forms.
Alexander  2010-07-07 21:27:53
but what if i want my form secure?
maximum  2010-07-07 21:30:50
Well the protection you might need is protection from robots (unlikely, but in case you will need something like this, ReCaptcha will help), and protection from CSRF. See Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery . You can search discussions here for that, and if you don't find any, ask a separate question.
Alexander  2010-07-07 21:34:55
Do I need to put a hidden field under both the Add Friend and Deny Friend buttons?
maximum  2010-07-07 21:45:05
No, you don't need. One field for the ID, and if needed - one for the security verification key for CSRF protection.
Alexander  2010-07-07 22:18:11
A: 

You can put the ID value as a hidden field in the form, that way your server-side logic will be able to get that parameter and add/deny the appropriate friend.

However, I agree with Unicron -- GET requests would probably be easier (just include the parameters in the URL) unless you need to hide the ID field for security reasons.

a.feng  2010-07-07 21:26:53
Anyway hidden fields are only hidden in HTML, but an advanced user can easily find it out, so it's more an aesthetic issue in this case.
Alexander  2010-07-07 21:31:00

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?