•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 397,809 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 2,519 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our PHP advertiser: Lunarpages PHP Web Hosting
Views: 7410 | Replies: 15
 |
•
•
Join Date: May 2005
Posts: 228
Reputation: 
Rep Power: 4
Solved Threads: 0
Posting Whiz in Training
Hey, say I have a table that spits out the information from a mysql table. Say it gives you the names of users, and certain information about each user, say address, phone number, whatever. Doesn't matter.
What I want to do is make each of the persons' name a hyperlink that you can click on to edit their information. When you click on their name, it would pull up a form with their current information already filled out in it. Then, you would be free to edit any of that information, and submit it to update the database.
I'm sure I've seen it done before, but how do I pass a record id onto that form so it knows which record to pull the information about?
What I want to do is make each of the persons' name a hyperlink that you can click on to edit their information. When you click on their name, it would pull up a form with their current information already filled out in it. Then, you would be free to edit any of that information, and submit it to update the database.
I'm sure I've seen it done before, but how do I pass a record id onto that form so it knows which record to pull the information about?
•
•
Join Date: Sep 2006
Posts: 44
Reputation:
Rep Power: 2
Solved Threads: 3
Light Poster
Just build each link like:
<a href='editform.php?id=53'>John Doe</a>
<a href='editform.php?id=53'>John Doe</a>
•
•
Join Date: May 2005
Posts: 228
Reputation:
Rep Power: 4
Solved Threads: 0
Posting Whiz in Training
•
•
•
•
Originally Posted by MCP 
Just build each link like:
<a href='editform.php?id=53'>John Doe</a>
Dude, it's that easy? Thanks! Oh, then how do I call it on the edit page, once I'm there? I need to some how grab that id number on the edit page to fill it with all the info.
Last edited by nathanpacker : Jan 9th, 2007 at 11:16 pm.
•
•
Join Date: May 2005
Posts: 228
Reputation:
Rep Power: 4
Solved Threads: 0
Posting Whiz in Training
Hey, never mind on how to call the variable. I just realized that it is a variable. I can just use it like any other variable! Man, you saved my life. This is great. Thanks again.
•
•
Join Date: Sep 2006
Posts: 44
Reputation:
Rep Power: 2
Solved Threads: 3
Light Poster
No problem! FYI, you can pass multiple variables by doing:
whatever.php?id=5&variable2=whatever&xyz=aaa
whatever.php?id=5&variable2=whatever&xyz=aaa
•
•
Join Date: May 2005
Posts: 228
Reputation:
Rep Power: 4
Solved Threads: 0
Posting Whiz in Training
•
•
•
•
Originally Posted by MCP
No problem! FYI, you can pass multiple variables by doing:
whatever.php?id=5&variable2=whatever&xyz=aaa
Sweet, thanks, I was just wondering that.
•
•
Join Date: Jan 2007
Location: Cheshire, UK
Posts: 59
Reputation:
Rep Power: 2
Solved Threads: 1
/dev/null
If i was doing this, I would use a form.
Passing variable's to the URL is problematic and open to abuse. By changing the URL at the top, people would be able to see others information.
You can protect this obviously, by employing sessions, and when they log in, their session ID is inserted into the db and tied to their account. You would have to code the edit page to first check the session, then run a mysql statement to confirm that the session ID ties to that account, if it does, render the rest of the page. If it doesn't redirect them to the login page again and kill their session using session_destroy()
Form:
By using a form, you've locked down the ability to change the ID of the page that people will be editing. Using the following code would be a very simple implementation of this.
[php]
<form action="edituser.php" method="post" enctype="multipart/form-data" name="edit" id="form">
<input name="id" type="hidden" value="<?php echo "$uID"; ?>">
<input type="submit" value="Edit" name="submit">
[/php] You would have to deploy an SQL statement at the top of this page to get the $uID, again, I'd use sessions and insert the sessionID into the user table at point of login.
Your edit page would then use the following code to get the information
[php]
<?
//insert session checker here and use header to redirect
// Get userID
$user = $_POST['uID'];
// get user detals mysql here
// select user,name from table where user = $user
?>
[/php]
HTH
Passing variable's to the URL is problematic and open to abuse. By changing the URL at the top, people would be able to see others information.
You can protect this obviously, by employing sessions, and when they log in, their session ID is inserted into the db and tied to their account. You would have to code the edit page to first check the session, then run a mysql statement to confirm that the session ID ties to that account, if it does, render the rest of the page. If it doesn't redirect them to the login page again and kill their session using session_destroy()
Form:
By using a form, you've locked down the ability to change the ID of the page that people will be editing. Using the following code would be a very simple implementation of this.
[php]
<form action="edituser.php" method="post" enctype="multipart/form-data" name="edit" id="form">
<input name="id" type="hidden" value="<?php echo "$uID"; ?>">
<input type="submit" value="Edit" name="submit">
[/php] You would have to deploy an SQL statement at the top of this page to get the $uID, again, I'd use sessions and insert the sessionID into the user table at point of login.
Your edit page would then use the following code to get the information
[php]
<?
//insert session checker here and use header to redirect
// Get userID
$user = $_POST['uID'];
// get user detals mysql here
// select user,name from table where user = $user
?>
[/php]
HTH
Last edited by cpickering : Jan 10th, 2007 at 9:03 am.
•
•
Join Date: Aug 2006
Posts: 138
Reputation:
Rep Power: 3
Solved Threads: 2
Junior Poster
•
•
•
•
Originally Posted by nathanpacker
[...] I just realized that it is a variable. I can just use it like any other variable![...]
Note that register_globals can be turned off, and is off by default in later PHP versions as it's considered a bad practice. Use $_GET superglobal instead.
Also don't forget to validate the user input. In this case id is integer value so the correct access should be:
[php]
$id=(int)$_GET['id'];
[/php]
If it's not numerical, use mysql_real_escape_string() before putting them into your queries.
•
•
Join Date: Jan 2007
Location: New Zealand, Wanganui
Posts: 8
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Re: Can a text link pass php variables? This is something that will pull variables from the database and link the username to a file called "edit.php"
[php]echo "
<Table cellspacing=2><tr><td width=30><b>Line number</b></td><td width=180><center><b>ID</b></center></td><td width=80><b>Username</b></td></tr>" ;
//select a table from the database order by id in descending order
$var1 = Mysql_query("SELECT * FROM `table` ORDER BY id DESC");
//Fill table with variables
while ($var2 = Mysql_fetch_array($var1))
{
$num++ ;
echo "<tr><td width=30><b>$num:</b></td><td width=180><center>$var2[id]</center></td><td width=50> <a href=edit.php?id=$var2[id]>$var2[username]</a></td></tr>";
}
echo "</table>";[/php]
"edit.php" should look something along the lines of this:
[php]
if (!$id){
//no id present
echo"there was no id to edit";
}else{
/*put all your edit script here editting via $id
for example the queries should run:
mysql_query("update `field` set 'feild'='$formvariable' where 'id'='$id' ");
*/
}
[/php]
Hope this helps you out.
[php]echo "
<Table cellspacing=2><tr><td width=30><b>Line number</b></td><td width=180><center><b>ID</b></center></td><td width=80><b>Username</b></td></tr>" ;
//select a table from the database order by id in descending order
$var1 = Mysql_query("SELECT * FROM `table` ORDER BY id DESC");
//Fill table with variables
while ($var2 = Mysql_fetch_array($var1))
{
$num++ ;
echo "<tr><td width=30><b>$num:</b></td><td width=180><center>$var2[id]</center></td><td width=50> <a href=edit.php?id=$var2[id]>$var2[username]</a></td></tr>";
}
echo "</table>";[/php]
"edit.php" should look something along the lines of this:
[php]
if (!$id){
//no id present
echo"there was no id to edit";
}else{
/*put all your edit script here editting via $id
for example the queries should run:
mysql_query("update `field` set 'feild'='$formvariable' where 'id'='$id' ");
*/
}
[/php]
Hope this helps you out.
•
•
Join Date: May 2005
Posts: 228
Reputation:
Rep Power: 4
Solved Threads: 0
Posting Whiz in Training
This is all really great, and I would just use a form, but that would get a little bit out of hand, seeing that I would have ot have so many different forms, because each name in the list would be a link to edit it's account. And I realize that using the link like the first person replied could be insecure, I will have to keep that in mind for future projects, whereas this one does not require a whole lot of security, as it's a small little church thing, and probably won't have more personal info than a phone number stored in it. But I could use cookies and sessions to verify it.
When I get back around to it, I'll try to remember to let you all know what I've decided.
Thanks!
When I get back around to it, I'll try to remember to let you all know what I've decided.
Thanks!
|
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
•
•
•
•
•
•
•
•
DaniWeb PHP Marketplace
Linear Mode
- Previous Thread: How to best rank items based on vote data
- Next Thread: PHP and scheduled tasks
