Jump to content

How to add script :"Are you sure to delete data?"


Go to solution Solved by Ch0cu3r,

Recommended Posts

Hello PHP Freaks,

 

I think this is just if else statement problem but im kinda lose to it.

The whole code is succesful in deleting the data from database the problem is i wanted to put a script that remind the user if he/she really sure to delete the data. By the way this is the script.

<?php

	// connect to the database
	 	include 'Connect.php';
	
	// confirm that the 'student_id' variable has been set
	 	if (isset($_GET['student_id']) && is_numeric($_GET['student_id']))
		{
	// get the 'student_id' variable from the URL
	 	$student_id = $_GET['student_id'];
		
	// delete record from database
		if ($stmt = $mysql->prepare("DELETE FROM student_information WHERE student_id = ? LIMIT 1")) 
		{
			$stmt->bind_param("i",$student_id);	
			$stmt->execute();
			$stmt->close();
		}
		else
		{
			echo "ERROR: could not prepare SQL statement.";
		}
		$mysql->close();
		
	// redirect user after delete is successful
		header("Location: Admin_Home.php");
	}
	else
	// if the 'student_id' variable isn't set, redirect the user
		{
			header("Location: Admin_Home.php");
		}
?>

Please help me modify these codes and where to put the missing line/s of codes.

Hello Quick Old car,

 

The present working script i have where the DELETE link located is in ajax and here it is:

$searchResults .= "  <td><a href='Student_View.php?id={$student_id}'>View</a> </td>\n";
        $searchResults .= "  <td><a href='Admin_Edit_Student_Info.php?id={$student_id}'>Update</a></td>\n";
        $searchResults .= "  <td><a href='Admin_Delete_Student.php?id={$student_id}'>Delete</a></td>\n";
        $searchResults .= "</tr>\n";

I have understood your suggested codes im sure if i written it in a "form" way, sure thing it will works.

 

I wonder if there is any other way i could insert the javascript you suggested in this script to work the same way as we wanted.

 

Please advise

  • Solution

Copyt the code used for the forms onSubmit event and apply it to an onClick event for the delete link, example

 $searchResults .= "  <td><a href='Admin_Delete_Student.php?id={$student_id}' onclick=\"if (! confirm('Delete this user?')) return false;\">Delete</a></td>\n";

Beware though. If the user has javascript disabled they will not be prompted with the confirmation dialog box.

Changing data based on a plain GET request is wrong and a very bad idea. For example, I could delete all student records simply by publishing a bunch of images with URLs like http://yoursite.com/Admin_Edit_Student_Info.php?id=1. If any admin visits this page, they immediately trigger the DELETE query without even realizing it.

 

For extra fun, people can inject malicious JavaScript code through the id parameter and steal the session ID of the admin or show them a fake login page to get their password.

 

This is hardly a “solution”, not even by the lowest standards. A proper approach would look something like this:

  • You need to escape all user input with htmlspecialchars() before you can insert it into the HTML document.
  • To change data, you need to use a form with the POST method.
  • If you want a robust solution which works without JavaScript, add a hidden field named something like confirmed to the form when the user confirms the message. When that field is missing in the request, you know the user doesn't have JavaScript turned on, and you can fallback to plain HTML.
  • Now is the right time to start thinking about cross-site request forgery.
<?php

$use_fallback_confirmation = false;
if (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['student_id']))
{
    if (isset($_POST['confirmed']) && $_POST['confirmed'])
    {
        echo htmlspecialchars('Deleted record of student ' . $_POST['student_id'], ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
    }
    else
    {
        // JavaScript seems to be turned off.
        $use_fallback_confirmation = true;
    }
}

?>
<!DOCTYPE HTML>
<html>
    <head>
        <meta charset="utf-8">
        <title>A form with confirmation</title>
        <script src="http://code.jquery.com/jquery-1.11.1.min.js"></script>
        <script>
            $(function () {
                $('#delete_student_record').submit(function (event) {
                    if (confirm('Do you really want to delete the student record?'))
                    {
                        $(this).append('<input type="hidden" name="confirmed" value="1">');
                    }
                    else
                    {
                        event.preventDefault();
                    }
                });
            });
        </script>
    </head>
    <body>
        <?php if ($use_fallback_confirmation): ?>
            Do you really want to delete the student record?
        <?php endif; ?>
        <form id="delete_student_record" method="post">
            <input type="hidden" name="action" value="delete">
            <input type="hidden" name="student_id" value="1">
            <?php if ($use_fallback_confirmation): ?>
                <input type="hidden" name="confirmed" value="1">
             <?php endif; ?>
            <input type="submit" value="Delete student">
        </form>
    </body>
</html>
Edited by Jacques1
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.