开发者

PHP/HTML image button

问答 作者:

I have some image buttons (echo'd in a loop -based on mysql results, -not included in code below) -its abit like a de开发者_C百科lete button for a message system:

<form method="post">
<input type="image" src="delete.png" id="delete" name="delete" title="Delete Message" alt="Delete button" value="<? echo $row['MessageId'] ?> " >
<input name="do_insert2" type="hidden" value="<? echo $row['MessageId'] ?> " >    
</form>

Then I have a small script (just a test to see if it knew which messageid was clicked -which would later be deleted...

<?
if ($_POST['do_insert2'] != NULL) {
$deletemessage = $_POST['do_insert2'];
echo $deletemessage;
}
?>

However it would always come out with the last message (ID 269), no matter which image button you click.

Why is this and how can I fix it?

Based on this, it's not easy to see what you're doing wrong.

However: You really shouldn't be doing it this way anyway; it opens you up to various hacks, XSS attacks, and database insertion attacks.

Not really safe but it will work:

<input type="image" src="delete.png" onClick="location.href='test.php?delete=<?=$row['MessageId'] ?>'">

PHP

<?php
$id_delete = (isset($_GET['delete']) && $_GET['delete'] !='') ? (int) $_GET['delete'] : -1;
print $id_delete;
?>

Suggestions:

  • Use a separate form for each pair of html input fields (button and hidden field)

  • Try to have unique names for your hidden input fields.

A better way to do this is to add the message id to the button like so:

<input type="image" src="delete.png" name="delete;<?=$row['MessageId'];?>" />

This will give something like:

<input type="image" src="delete.png" name="delete;1" />
<input type="image" src="delete.png" name="delete;2" />

Now, the submitted data will only include the name of the used submit button. When you click the button with 'delete;1', print_r($_POST) gives:

Array
(
    [delete;1_x] => 25
    [delete;1_y] => 9
)

If you click the image with 'delete;2', only 'delete;2' gets posted. That way you know which image was clicked and what to delete.

The thing with using images as a submit button is that you also get the coordinates of where you clicked on this image. But that's no problem, you can easily extract the message id:


// when submitted, go through all the submitted values
foreach ($_POST as $key => $value) {
  // if a key starts with 'delete;', you know a delete image was clicked
  if (substr($key,0,7)=='delete') {
    // first remove the 'delete;' part
    $key = str_replace('delete;','',$key);

    // split the key on the '_' sign
    $key = explode('_',$key);

    /* now the $key variable is an array
    Array
    (
      [0] => 1
      [1] => x
    )
    */

    // and the first value is your message Id
    $deleteId = $key[0];

    // now validate that it's a number
    if (preg_match('/^[0-9]+$/',$deleteId,$matches) {
      // run your delete query
      $sql = "DELETE FROM messages WHERE id = $deleteId";
      mysql_query($sql);
    }

    // break the foreach loop, since you have what you need
    break;
  }
}

It's usually simpler when you don't use images, since you can simply split the posted value on e.g. ";" and you don't need to worry about the coordinates. But this is still a very simple way to retrieve the correct information and keep your HTML clean by only adding a simple id to the name of the image button.

You don't really need the do_insert2 element as the type="image" acts like a submit button and when you printed $_POST it would contain the value of the button that was pressed:

$_POST['delete'] = 15;

If you pressed the <image type="image" name="delete" value="15">

继续阅读:formsphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9