ansaurus

Question

Answer 1

A:

Based on this, it's not easy to see what you're doing wrong.

However: You really shouldn't be doing it this way anyway; it opens you up to various hacks, XSS attacks, and database insertion attacks.

palmaceous 2010-10-04 13:03:56

Answer 2

A:

This is correct, you have one form with multiple hidden form fields with the name "do_insert2" but different values. When you submit, the browser will send the value assigned to the last of the hidden form fields with same name.

You can try a bit of JavaScript, if thats acceptable:

1) assign a name to the form such as form1

2) move the hidden field outside the loop and leave it empty:

<input name="do_insert2" type="hidden" value="">

3) assign a little JavaScript to each of the image buttons like this:

<input type="image" yada="yada" onclick="document.form1.do_insert2.value = '<? echo $row['MessageId'] ?>';">

You might want to have a look at this article.

Salman A 2010-10-04 13:09:45

Answer 3

A:

Not really safe but it will work:

<input type="image" src="delete.png" onClick="location.href='test.php?delete=<?=$row['MessageId'] ?>'">

PHP

<?php
$id_delete = (isset($_GET['delete']) && $_GET['delete'] !='') ? (int) $_GET['delete'] : -1;
print $id_delete;
?>

Bas van Dorst 2010-10-04 13:14:16

Answer 4

A:

Suggestions:

Use a separate form for each pair of html input fields (button and hidden field)
Try to have unique names for your hidden input fields.

andreas 2010-10-04 13:15:24

Answer 5

A:

A better way to do this is to add the message id to the button like so:

<input type="image" src="delete.png" name="delete;<?=$row['MessageId'];?>" />

This will give something like:

<input type="image" src="delete.png" name="delete;1" />
<input type="image" src="delete.png" name="delete;2" />

Now, the submitted data will only include the name of the used submit button. When you click the button with 'delete;1', print_r($_POST) gives:

Array
(
    [delete;1_x] => 25
    [delete;1_y] => 9
)

If you click the image with 'delete;2', only 'delete;2' gets posted. That way you know which image was clicked and what to delete.

The thing with using images as a submit button is that you also get the coordinates of where you clicked on this image. But that's no problem, you can easily extract the message id:


// when submitted, go through all the submitted values
foreach ($_POST as $key => $value) {
  // if a key starts with 'delete;', you know a delete image was clicked
  if (substr($key,0,7)=='delete') {
    // first remove the 'delete;' part
    $key = str_replace('delete;','',$key);

    // split the key on the '_' sign
    $key = explode('_',$key);

    /* now the $key variable is an array
    Array
    (
      [0] => 1
      [1] => x
    )
    */

    // and the first value is your message Id
    $deleteId = $key[0];

    // now validate that it's a number
    if (preg_match('/^[0-9]+$/',$deleteId,$matches) {
      // run your delete query
      $sql = "DELETE FROM messages WHERE id = $deleteId";
      mysql_query($sql);
    }

    // break the foreach loop, since you have what you need
    break;
  }
}

It's usually simpler when you don't use images, since you can simply split the posted value on e.g. ";" and you don't need to worry about the coordinates. But this is still a very simple way to retrieve the correct information and keep your HTML clean by only adding a simple id to the name of the image button.

Alec 2010-10-04 13:16:27

Answer 6

A:

You don't really need the do_insert2 element as the type="image" acts like a submit button and when you printed $_POST it would contain the value of the button that was pressed:

$_POST['delete'] = 15;

If you pressed the <image type="image" name="delete" value="15">

methodin 2010-10-04 13:47:46

ansaurus

tags:

views:

answers:

Php/html image button help

related questions