Page 2 of 2

Posted: Sat Aug 12, 2006 11:31 am
by Oren
scottayy wrote:

Code: Select all

$to_be_deleted[] = mysql_real_escape_string($delgig,ENT_QUOTES);
ENT_QUOTES :?: :?: :?:

Posted: Sat Aug 12, 2006 11:54 am
by s.dot
lol. just woke up
yes, ENT_QUOTES!
:lol:

I fixed that in the post. Hopefully the OP hasn't tried it already. :oops:

Posted: Sat Aug 12, 2006 12:42 pm
by richo
Cheers! With your help i managed to do this:

Code: Select all

$delerror = false;

if (isset($_POST['del'])) {
	
	if(!empty($_POST['check'])){
	
		foreach ($_POST['check'] as $delgig) {
			mysql_query("DELETE FROM gigdates WHERE pkey = '" . mysql_real_escape_string($delgig) . "'");
		}
		}else{
		
		$delerror = true;

	}
	
}
further down page:

Code: Select all

<?php 
	/* If no checkboxes ticked do error message */
	if ($delerror) = true{
		echo 'Select atleast one checkbox if you want to delete a gig';
	}
	?>

Posted: Sat Aug 12, 2006 1:50 pm
by santosj
For usability, why would you tell someone that they didn't check any boxes? I believe it would be quite obvious once they find that the row still existed. It also takes a conscious action to check a box, even with tab key and space. I believe a better action would be to confirm that they really want to delete the rows they selected.

No disrespect, but I sincerely would like to know. Actually, to be honest, I believe I made the same checks for my own admin user management page. Doesn't make sense now that I think of it.

Are you sanitizing text or checking for type?

Code: Select all

mysql_query("DELETE FROM gigdates WHERE pkey = '". (int) $delgig . "'");

Posted: Sat Aug 12, 2006 2:04 pm
by Yossarian
santosj wrote:For usability, why would you tell someone that they didn't check any boxes? I believe it would be quite obvious once they find that the row still existed. It also takes a conscious action to check a box, even with tab key and space. I believe a better action would be to confirm that they really want to delete the rows they selected.
On admin screens I tend to do that on the client, using JS, using a confirm / then form.submit.

Posted: Sat Aug 12, 2006 2:23 pm
by richo
The reason i'm doing this is because if it didn't have it in, if they pressed submit it would come up with a php error instead which would be quite bad for a user to see.

Try and keep them on the page...

Posted: Sun Aug 13, 2006 12:15 pm
by Yossarian
richo wrote:The reason i'm doing this is because if it didn't have it in, if they pressed submit it would come up with a php error instead which would be quite bad for a user to see.
If they didnt select an item the form wouldnt be allowed to submit anyway.

I prefer not to go through all the pain of sending the form and handling the errors if it contains empty data.

If your form allows users to do more than delete at least one from a list of items, then, yes your point is going to be valid for you. I was only making a suggestion based on something that works for me.

If they dont have JS turned on they arent allowed to even login, before someone asks.