Jump to content

Links No Clicking

derekshull

By derekshull
in PHP Coding Help

 Share

Recommended Posts

derekshull Member

derekshull

Posted
Posted

I created a folder system and this piece of code is in a column that list all the folders that have been created by the user. It then is supposed to allow the user to click on the folder name (link) and send it to a page that displays all the items that have been tagged with that folder name.

 

My problem is that it's not clicking through to the page. You can click the link but it just sits there and does nothing. When only 1 folder is created it's fine but if you create more than one folder it just sits there. Any ideas?

 

global $user;
$username = $user->name;


$listquery = mysql_query("SELECT * FROM folders WHERE username='$username'");


while ($rows = mysql_fetch_array($listquery)) {


$id = $rows['ID'];
$username = $rows['username'];
$foldername = $rows['foldername'];
$newfoldername = mysql_real_escape_string($foldername);


echo "
<script type='text/javascript'>
function submitform()
{
 document.myform.submit();
}
</script>
<form name='myform' action='viewfolder' method='post'>
<input type='hidden' name='foldertoview' value='$newfoldername'/>
<a href='javascript: submitform()'>$newfoldername</a>
</form>
<br>
";


}

Link to comment
Share on other sites
krisw44 Newbie

krisw44

Posted
Posted

I think the problem is that you are declaring the function for "submitform" inside of the while loop. So there is a function name conflict when you have more than one folder. The form is the same name every time too... You should probably increment the form name and them pass the increment value to the function so that it know which form to pull the data from.

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Have you looked at the actual source code created? Have you used any error console within your browser to see what javascript errors are being thrown? If you had done either I'm sure you'd see the problem. Plus, I can tell you're doign it wrong because you are using global and you are using mysql_real_escape_string() to escape data for the HTML page (?).

 

You have a while loop that is generating content. Part of that content is a javascript function. You cannot have two functions with the same name in your page! And, the way you are doing this is way more complicated than it should be.

 

You should

1. Use a common HTML hyperlink and send the folder ID as part of the query string

2. Change your viewfolder script to use the folder ID instead of the folder name

 

global $user;
$username = $user->name;
$listquery = mysql_query("SELECT ID, foldername FROM folders WHERE username='$username'");

while ($rows = mysql_fetch_array($listquery))
{
   $foldername = htmlentities($foldername);
   echo "<a href='viewfolder.php?if={$rows['ID']}'>{$foldername}</a><br>\n";
}

Link to comment
Share on other sites
derekshull Member

derekshull

Posted
  • Author
Posted

I tried this but no luck :-/

 

global $user;
$username = $user->name;


echo "<br><a href='http://www.1511project.com/node/viewmyprojects'>All Needs</a><br>";


$listquery = mysql_query("SELECT * FROM folders WHERE username='$username'");
$i=1;


while ($rows = mysql_fetch_array($listquery)) {


$id = $rows['ID'];
$username = $rows['username'];
$foldername = $rows['foldername'];
$newfoldername = mysql_real_escape_string($foldername);


echo "
<script type='text/javascript'>
function submitform".$i++."()
{
 document.myform.submit();
}
</script>
<form name='myform".$i++."' action='viewfolder' method='post'>
<input type='hidden' name='foldertoview' value='$newfoldername'>
<a href='javascript: submitform".$i++."()'>$newfoldername</a>
</form>
";


}

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted (edited)

Psycho couldn't someone just put in another ID and view some else's folder if I did it the way you laid out? I put the code you provided in but nothing came up when I did that.

 

Using a form is adding no more security than allowing the ID to be put on the query string. It is a trivial task to modify the data being sent in a form (even in hidden and select fields). That is why you should ALWAYS validate data coming from the user (POST, GET, COOKIE, etc.). So, your page to display the folder contents should verify that the ID belongs to the user which you already know based upon session data, right? You should probably be storing the user ID in session rather than username though.

Edited by Psycho
Link to comment
Share on other sites
derekshull Member

derekshull

Posted
  • Author
Posted

Krisw44 wins this round he set me on the right track. Here's what I came up with that works:

 

global $user;
$username = $user->name;









echo "<br><a href='http://www.1511project.com/node/viewmyprojects'>All Needs</a><br>";









$listquery = mysql_query("SELECT * FROM folders WHERE username='$username'");
$i=1;









while ($rows = mysql_fetch_array($listquery)) {









$id = $rows['ID'];
$username = $rows['username'];
$foldername = $rows['foldername'];
$newfoldername = mysql_real_escape_string($foldername);
$j = $i++;





echo "
<script type='text/javascript'>
function submitform".$j."()
{
 document.myform".$j.".submit();
}
</script>
<form name='myform".$j."' action='viewfolder' method='post'>
<input type='hidden' name='foldertoview' value='$newfoldername'>
<a href='javascript: submitform".$j."()'>$newfoldername</a>
</form>
";


}

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

There is absolutely no need to create a function for every link! You can just echo the function BEFORE the loop. The only reason I didn't give you code for that was because this process is much more difficult than it should be to begin with. And, as I stated, using "hidden" fields adds absolutely NO security.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.