Javascript Form Submit not Working.

[Jumpy09]

These codes doesn't work:

echo "<form id=\"outbox\" action=\"?page=readmail\" method=\"POST\"><input type=\"hidden\" name=\"outboxid\" value=\"$outboxid\"><a href=\"javascript: document.forms['outbox'].submit();\">$username</a></form>";

echo "<form id=\inbox\" action=\"?page=readmail\" method=\"POST\"><input type=\"hidden\" name=\"inboxid\" value=\"$inboxid\"><a href=\"javascript: document.forms['inbox'].submit();\">$username</a></form>";

 

Which is Identical to this code which works:

echo "<form id=\"addfriend\" action=\"?page=addfriend\" method=\"POST\"><input type=\"hidden\" name=\"uid\" value=\"$uid\"><a href=\"javascript: document.forms['addfriend'].submit();\">Add Friend</a></form>";

 

Is there something I should be aware of when it comes to Javascript?  I figure they both should work instead of just the uid one.

 

The third one directs the user where it needs to go.  The first and second one is as accurate as I can think, and doesn't redirect anywhere.

If the ?page= was wrong it would go to my homepage.

 

Any ideas?  The $username still shows up!  And yes, both the first two direct to the same page.  Which I need to test if works, and can only do so by a post... cause I'm difficult like that.

[PFMaBiSmAd]

You are missing a " in the first code that makes the id= attribute invalid HTML.

 

Why are you using a form for this? You don't have any user input (which is what forms are for), so you might as well just use a href link without using any form or javascript.

[Jumpy09]

I want to post data so people cannot change a link to make something completely different show up.  I could have done it differently, but it's just how I ended up coding things.  For the inboxid and outboxid it refers to a specific post in the database.  If I do it this way, there is no chance of someone bringing up a message meant for someone else.  Even though I coded a double redundancy in the sql query, I feel safer this way.

 

Alright  I found the " .. but the one above it is on a different page, still confused about it.

[PFMaBiSmAd]

If I do it this way, there is no chance of someone bringing up a message meant for someone else.

 

You cannot enforce security that way. Anyone can alter anything that is present in a form or a link in a browser.

 

The only way you can enforce security is by not putting the piece of data in the hands of the visitor. If you want to insure that only the current visitor can access his information, you must handle that solely on the server, such as using his id stored in a session variable instead of using an id that came from the browser with the http request.

[Jumpy09]

Currently all I have in the session variables are the $session->username, for the person who's currently logged in.  I've been coding a ton this past week, and I honestly thank you for the suggestion.  As for the session variable, I do pull userid's from that variable.  Since the form is hidden, I figure no one will really know about it's existence.  I use the $session->username as a reduncany to pull information specific to a user.  As for messages, that part is coded in a query from the database pulling a list of messages and then the person can click on the message to check out what all is posted inside of it.

 

I've got the javascript script used for a few other things as well that all work.  It may not be the best way, but it works and it's sufficient.  If you want to aid me in finding a better way, I'll be more than willing to alter what I have.  Unfortunately, I'm coding with what I know and what I can find available.  When I scrape enough money, I will hire someone to go over the code and alter anything that can be altered and provide the exact same results.

 

I know most of you guys are real selective with your code, I just want to know why it isn't working.  And I have no idea, which is why I came here.  I've on several occasions found a fix to problems I had, I'd sit here and check over it for 10 - 15 minutes before posting.

 

I didn't come here to ask if my code is valid and correct to use in the sense I am using it in.  Hell most of my code probably isn't to professional standards, I just want to know what is wrong.  I hope you didn't take offense to that, so my question is.  Is the code right? as it is?  Or is there a problem with it that is preventing it from working?

 

Besides the outboxid and inboxid are for specific posts.  Those specific posts must match the uid from the sender and the uid from the receiver!  Double redundancy as I told you.  I just prefer it that way, instead of the other way.  Either way information is moving with the http request.

[Jumpy09]

I figure I found why it isn't working.  Sense I am generating a table of a list, the form id is identical for all messages displayed.

 

So my new question is: is there a method of stripping numbers out of a $_POST variable so that I could retain the code I wrote on the page it's suppose to submit to?

 

Such as:

 

$blah = $_POST['outbox3'];

$blah2 = $blah(stipped)

so that

$blah2 = outbox

[PFMaBiSmAd]

My first reply both told you what is wrong with the code you posted (missing " on the id= attribute) that is preventing it from working and the better way (just use a href= link, no form and no javascript is needed.)

 

As to your last post, that makes little sense and does not show an actual example of what you are trying.

 

The reason you are having so much trouble with getting this to work is you are making it more complicated than necessary - http://en.wikipedia.org/wiki/KISS_principle

[Jumpy09]

If you want to link me to the keep it simple stupid and undermining my intelligence, I'll properly explain why I have it that way.

 

For starters the submit button itself is the posted value.

 

if ($_POST['inbox']) { blah blah } else if ($_POST['outbox']) { blah blah blah } else { echo "I'm not sure why you are here, you shouldn't be!  Redirect Coming Soon!"; }

 

Is that enough for you?  I'm using 1 page to display EITHER an inbox message or an outbox message!  Yes it may be more than required, but it's how I ended up coding it.  Just to hear that it's more complicated than required makes me feel good about myself.

 

I am coding this site for me, so does it really matter how I am doing it?  Besides the " the code works.  So now I just need to find another method to strip numbers from a bit of information.  Once I find that, I will have a successful working JavaScript href link.

 

So, want to continue this bickering about how complicated shit is suppose to be, or you want to aid me in getting the code I am actually coding to work?  Once again I didn't come here for your opinion on why I am doing what I am doing... if I wanted that I would have asked!  IS THIS TOO MUCH?

 

So, I'm going to do the same thing you did to me.  http://en.wikipedia.org/wiki/KISS_principle and just answer the damn question, instead of going WAY off topic and suggesting shit without even actually suggesting a realistic method.  I do not like the link thing, I think it's tacky.  I'm doing it this way, whether or not I find the answer here.  If you don't like it, that's fine!  I couldn't care less.

 

Edit:  I fixed the damn " and it still isn't working because it's re-posting the same form ID and Submit Form.. causing multiple forms with the same ID!  I can put a variable on the end of it, but that still requires the strip of numbers.    No worries, I'll just find the damn thing on google, I got my original answer and now I can move on to other alternatives than having my coding methods ridiculed.