How to add script :"Are you sure to delete data?"

[Shadow_Walker]

Hello PHP Freaks,

 

I think this is just if else statement problem but im kinda lose to it.

The whole code is succesful in deleting the data from database the problem is i wanted to put a script that remind the user if he/she really sure to delete the data. By the way this is the script.

<?php

	// connect to the database
	 	include 'Connect.php';
	
	// confirm that the 'student_id' variable has been set
	 	if (isset($_GET['student_id']) && is_numeric($_GET['student_id']))
		{
	// get the 'student_id' variable from the URL
	 	$student_id = $_GET['student_id'];
		
	// delete record from database
		if ($stmt = $mysql->prepare("DELETE FROM student_information WHERE student_id = ? LIMIT 1")) 
		{
			$stmt->bind_param("i",$student_id);	
			$stmt->execute();
			$stmt->close();
		}
		else
		{
			echo "ERROR: could not prepare SQL statement.";
		}
		$mysql->close();
		
	// redirect user after delete is successful
		header("Location: Admin_Home.php");
	}
	else
	// if the 'student_id' variable isn't set, redirect the user
		{
			header("Location: Admin_Home.php");
		}
?>

Please help me modify these codes and where to put the missing line/s of codes.

[adam_bray]

Sounds like you want a Javascript confirmation rather than changing any PHP.

[QuickOldCar]

Can add js into the form itself like so.

 

 

<form action="delete.php" method="post" onsubmit="if (! confirm('Delete this user?')) return false;">
<input type="submit" value="Delete User" >
</form>

[Shadow_Walker]

Yes Adam Bray,,

 

it's javascript confirmation---> the codes im looking for.

[Shadow_Walker]

Hello Quick Old car,

 

The present working script i have where the DELETE link located is in ajax and here it is:

$searchResults .= "  <td><a href='Student_View.php?id={$student_id}'>View</a> </td>\n";
        $searchResults .= "  <td><a href='Admin_Edit_Student_Info.php?id={$student_id}'>Update</a></td>\n";
        $searchResults .= "  <td><a href='Admin_Delete_Student.php?id={$student_id}'>Delete</a></td>\n";
        $searchResults .= "</tr>\n";

I have understood your suggested codes im sure if i written it in a "form" way, sure thing it will works.

 

I wonder if there is any other way i could insert the javascript you suggested in this script to work the same way as we wanted.

 

Please advise

[Ch0cu3r]

Copyt the code used for the forms onSubmit event and apply it to an onClick event for the delete link, example

 $searchResults .= "  <td><a href='Admin_Delete_Student.php?id={$student_id}' onclick=\"if (! confirm('Delete this user?')) return false;\">Delete</a></td>\n";

Beware though. If the user has javascript disabled they will not be prompted with the confirmation dialog box.

[Shadow_Walker]

Thank you Ch0cu3r,

 

It works!!  I think i'd include that reminder in my homepage.

 

This thread has been considered SOLVED.

[Jacques1]

Changing data based on a plain GET request is wrong and a very bad idea. For example, I could delete all student records simply by publishing a bunch of images with URLs like http://yoursite.com/Admin_Edit_Student_Info.php?id=1. If any admin visits this page, they immediately trigger the DELETE query without even realizing it.

 

For extra fun, people can inject malicious JavaScript code through the id parameter and steal the session ID of the admin or show them a fake login page to get their password.

 

This is hardly a “solution”, not even by the lowest standards. A proper approach would look something like this:

• You need to escape all user input with htmlspecialchars() before you can insert it into the HTML document.
• To change data, you need to use a form with the POST method.
• If you want a robust solution which works without JavaScript, add a hidden field named something like confirmed to the form when the user confirms the message. When that field is missing in the request, you know the user doesn't have JavaScript turned on, and you can fallback to plain HTML.
• Now is the right time to start thinking about cross-site request forgery.

<?php

$use_fallback_confirmation = false;
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['student_id']))
{
    if (isset($_POST['confirmed']) && $_POST['confirmed'])
    {
        echo htmlspecialchars('Deleted record of student ' . $_POST['student_id'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
    }
    else
    {
        // JavaScript seems to be turned off.
        $use_fallback_confirmation = true;
    }
}

?>
<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-8">
        <title>A form with confirmation</title>
        <script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
        <script>
            $(function () {
                $('#delete_student_record').submit(function (event) {
                    if (confirm('Do you really want to delete the student record?'))
                    {
                        $(this).append('<input type="hidden" name="confirmed" value="1">');
                    }
                    else
                    {
                        event.preventDefault();
                    }
                });
            });
        </script>
    </head>
    <body>
        <?php if ($use_fallback_confirmation): ?>
            Do you really want to delete the student record?
        <?php endif; ?>
        <form id="delete_student_record" method="post">
            <input type="hidden" name="action" value="delete">
            <input type="hidden" name="student_id" value="1">
            <?php if ($use_fallback_confirmation): ?>
                <input type="hidden" name="confirmed" value="1">
             <?php endif; ?>
            <input type="submit" value="Delete student">
        </form>
    </body>
</html>

Edited June 1, 2014 by Jacques1